Forum Discussion

raZorTT's avatar
raZorTT
Icon for Cirrostratus rankCirrostratus
Jul 23, 2018

Microsoft Dynamics 365 Portal SSO

Hi

Just wondering if anyone here has successfully setup SAML2.0 federation with Microsoft Dynamics 365 Portals?

This document doesn't specifically mention F5, but I dont' see why it wouldn't work.

https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/configure-saml2-settings

I have created the site settings similar to AzureAD and shibboleth

Authentication/SAML2/F5/AssertionConsumerServiceUrl - https://samltrialf5.microsoftcrmportals.com/signin-saml2
Authentication/SAML2/F5/AuthenticationType - https://sts.myidp.com.au/idp/portal
Authentication/SAML2/F5/Caption - MyIDP SSO
Authentication/SAML2/F5/MetadataAddress - https://sts.myidp.com.au/idp/f5
Authentication/SAML2/F5/ServiceProviderRealm - https://samltrialf5.microsoftcrmportals.com/

When I go to the portal site and click sign in, I can see an external account option of "MyIDP SSO". However when I click on the button I get a HTTP 500 error from Microsoft "We're sorry, but something went wrong"

The metadataAddress currently doesn't actually contain the federationMetadata file from the F5, so I plan on hosting that using an iFile and updating that site setting to see if that might be causing the issue.

I just wanted to see if anyone here had been successful in federating with D365 Portals?

Cheers,

Simon

  • So i've managed to get this working 🙂

    To get more information about why portal was seeing an error I had to remove the custom error page. After that I got the .net yellow screen of death (YSOD) which lead me to a certificate error, and a validation error which required me to make the F5 metadata xml file available to download.

    https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/view-portal-error-log

    Just in case anyone else tries this, these are the values for the site settings

    Authentication/SAML2/F5/AssertionConsumerServiceUrl - https://{yourportalURL}/signin-saml2
    Authentication/SAML2/F5/AuthenticationType - The Local IdP Service EntityID on the F5
    Authentication/SAML2/F5/Caption - A label that will be applied to a button on the signin page
    Authentication/SAML2/F5/MetadataAddress - The Local IdP Service metadata file in a downloadable location
    Authentication/SAML2/F5/ServiceProviderRealm - https://{yourportalURL}/
    

    Cheers, Simon