Forum Discussion

raZorTT's avatar
raZorTT
Icon for Cirrostratus rankCirrostratus
Jul 23, 2018

Microsoft Dynamics 365 Portal SSO

Hi

Just wondering if anyone here has successfully setup SAML2.0 federation with Microsoft Dynamics 365 Portals?

This document doesn't specifically mention F5, but I dont' see why it wouldn't work.

https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/configure-saml2-settings

I have created the site settings similar to AzureAD and shibboleth

Authentication/SAML2/F5/AssertionConsumerServiceUrl - https://samltrialf5.microsoftcrmportals.com/signin-saml2
Authentication/SAML2/F5/AuthenticationType - https://sts.myidp.com.au/idp/portal
Authentication/SAML2/F5/Caption - MyIDP SSO
Authentication/SAML2/F5/MetadataAddress - https://sts.myidp.com.au/idp/f5
Authentication/SAML2/F5/ServiceProviderRealm - https://samltrialf5.microsoftcrmportals.com/

When I go to the portal site and click sign in, I can see an external account option of "MyIDP SSO". However when I click on the button I get a HTTP 500 error from Microsoft "We're sorry, but something went wrong"

The metadataAddress currently doesn't actually contain the federationMetadata file from the F5, so I plan on hosting that using an iFile and updating that site setting to see if that might be causing the issue.

I just wanted to see if anyone here had been successful in federating with D365 Portals?

Cheers,

Simon

APM
application delivery
bigip as idp
cloud
cloud federation
d365
saml
SSO

1 Reply

Sort By
  • raZorTT's avatar
    raZorTT
    Icon for Cirrostratus rankCirrostratus
    Aug 02, 2018

    So i've managed to get this working 🙂

    To get more information about why portal was seeing an error I had to remove the custom error page. After that I got the .net yellow screen of death (YSOD) which lead me to a certificate error, and a validation error which required me to make the F5 metadata xml file available to download.

    https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/view-portal-error-log

    Just in case anyone else tries this, these are the values for the site settings

    Authentication/SAML2/F5/AssertionConsumerServiceUrl - https://{yourportalURL}/signin-saml2
Authentication/SAML2/F5/AuthenticationType - The Local IdP Service EntityID on the F5
Authentication/SAML2/F5/Caption - A label that will be applied to a button on the signin page
Authentication/SAML2/F5/MetadataAddress - The Local IdP Service metadata file in a downloadable location
Authentication/SAML2/F5/ServiceProviderRealm - https://{yourportalURL}/

    Cheers, Simon