Currently Ben Boven is based on Windows Server R2, and it comes with a version of AD FS that is 2.2 and other versions are not supported.
The first thing to do is to turn on forms-based validation on the AD FS server for your intranet, as my previous post has already said.
1. Log on to the AD FS server as an administrator.
2. Open the AD FS management interface.
3. Click on the authentication policy on the left to see the global settings in the middle of the primary authentication section and click on the edit link.
4. Check the forms authentication below the intranet.
The post-processing interface is as follows.
650) this.width=650; "style=" margin:0px 10px 0px 0px; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "src=" http://img0.ph.12 6.net/zrii_hsskiaop_77cbeqlq==/2579155211617792191.png "/>
Then just open PowerShell on the AD FS server and execute the following command:
Add-pssnapin Microsoft.Crm.PowerShell
$fedurl = Get-crmsetting-settingtype claimssettings
$fedurl. Federationprovidertype = 1
Set-crmsetting $fedurl
650) this.width=650; "style=" margin:0px 10px 0px 0px; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "src=" http://img2.ph.12 6.net/4coosvjufdjn1ul5ok8tkg==/1989746610467927525.png "/>
It is worth mentioning that although the Federationprovidertype set to 1, but even restart the server, this value has not changed, this is a bug it, embarrassed.
650) this.width=650; "style=" margin:0px 10px 0px 0px; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "src=" http://img0.ph.12 6.net/hi7xbc_b6v5bsbzlpeua2q==/1849572072066024681.png "/>
The next step is to add the AD FS client:
The official sample code is:
Add-adfsclient-clientid ce9f9f18-dd0c-473e-b9b2-47812435e20d-name "Dynamics CRM Mobile Companion"-redirecturi Ms-app ://s-1-15-2-2572088110-3042588940-2540752943-3284303419-1153817965-2476348055-1136196650/, ms-app:// s-1-15-2-1485522525-4007745683-1678507804-3543888355-3439506781-4236676907-2823480090/, Urn:ietf:wg:oauth:2.0:o Ob
I add a random one to prepare for later development of the Web application.
Add-adfsclient-clientid "Ba106265-fb3b-49e0-a0e8-6840b3d71ac2"-name "Luoyong ' s dynamics CRM ADFS Client"-redirecturi "Http://www.luoyong.me"
650) this.width=650; "style=" margin:0px 10px 0px 0px; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "src=" http://img1.ph.12 6.net/sovkp3mu00rudnal2_3kjg==/2559170488271347972.png "/>
Below I describe how to prepare to run Sdk\samplecode\cs\modernandmobileapps\modernodataapp This program, I am here as an administrator to run visual Studio 2012来 to open it.
To open it first, you need to install a NuGet package, click Tools > Library Packages Manager > Package Manager Console.
650) this.width=650; "style=" margin:0px 10px 0px 0px; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "src=" http://img0.ph.12 6.net/hj33pb07habvp4p5xrb-eg==/2965057404770275323.png "/>
Then use the following command to install:
Install-package Microsoft.Preview.WindowsAzure.ActiveDirectory.Authentication
You can see that the installation was successful.
650) this.width=650; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "style=" margin:0px 10px 0px 0px; "src=" http://img1.ph.12 6.net/eip2faswduqbzyfqtln0iq==/6597189613426211242.png "/>
Of course, the NuGet packages for Tools > Library Package Manager > Management solutions are also visible to the installed.
650) this.width=650; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "style=" margin:0px 10px 0px 0px; "src=" http://img0.ph.12 6.net/32_xrpngdipxuzev1cfbgq==/6599299576238091462.png "/>
When you add an ADFS client, you need to assign a value to the Redirecturi parameter, how is this value obtained? Can be passed Webauthenticationbroker.getcurrentapplicationcallbackuri (). ToString () to get. Modify the CurrentEnvironment.cs file in the program by adding a line of string x = RedirectURL; , set a breakpoint in this line, and then debug the program, you can get to it.
650) this.width=650; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "style=" margin:0px 10px 0px 0px; "src=" http://img0.ph.12 6.net/y03uknd69e2vhohubz1uca==/1396678834538375007.png "/>
So we can add a adfsclient, open PowerShell on the ADFS server and run the following command:
Add-adfsclient-clientid 73893d88-63e6-485e-9953-9cf50330748e-name "Luoyong ' s Win8 desk app ADFS client"-redirecturi MS -app://s-1-15-2-2546649515-4026661643-3605107077-273277970-2480924813-1788835805-1056465539
Of course the value of the ClientID parameter can be arbitrary, the only sign of the client can. The official recommendation is to use a GUID, and here I have generated a GUID with Visual Studio. then I use get-adfsclient to check and make sure the add is successful.
650) this.width=650; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "style=" margin:0px 10px 0px 0px; "src=" http://img0.ph.12 6.net/crteqbszpmjbx1wrcmgriw==/3262013505200120241.png "/>
Then the configuration is modified, mainly to modify the values of the three constants I have shown. The value of the _clientid constant is set to the value of the ClientID parameter of the adfsclient we added above, and the remaining two are set according to your CRM deployment.
650) this.width=650; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "style=" margin:0px 10px 0px 0px; "src=" http://img2.ph.12 6.net/edatmukzbpkdcgj9j4e1na==/722546265316566617.png "/>
Then I debug to see the following landing page.
650) this.width=650; "style=" margin:0px 10px 0px 0px; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "src=" http://img0.ph.12 6.net/mblly4n1dhdoyflosdh-4a==/1816639499790844077.png "/>
The credentials I entered here are as follows:
650) this.width=650; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "style=" margin:0px 10px 0px 0px; "src=" http://img2.ph.12 6.net/eezsexrglb24_srtzxvagq==/6599294078679952610.png "/>
After clicking on the login, you can see the following interface:
650) this.width=650; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "style=" margin:0px 10px 0px 0px; "src=" http://img0.ph.12 6.net/jftdl66ximnre66iakckuw==/6597318256286172231.png "/>
I'm here to open the accounts function for everyone to see.
650) this.width=650; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "style=" margin:0px 10px 0px 0px; "src=" http://img1.ph.12 6.net/tvhw6rdyr5kfqjt9hsyz8a==/2619124658310724219.png "/>
You will also find that the second debug time does not need to log in, the password must be stored, should be stored in the Credential Manager, open the Control Panel, click Credential Manager.
650) this.width=650; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "style=" margin:0px 10px 0px 0px; "src=" http://img1.ph.12 6.net/utjpjhvogwufftg9ufhtrg==/2508504992463429487.png "/>
You will find more Web credentials as follows.
650) this.width=650; "alt=" Dynamics CRM 2013 Configuration OAuth-Rayong-Rayong Blog "style=" margin:0px 10px 0px 0px; "src=" http://img1.ph.12 6.net/aildaama2v9tzocfykfxwa==/6598063725169911871.png "/>
CRM 2013 Configuring OAuth 2.0