Skip to main content

Microsoft Dynamics customer portal accelerator integration with JASIG CAS authentication through .net CAS client

 

Microsoft Dynamics Customer Portal 2011 is packaged and targeted heavily at CRM online customers and the documentation encourages customers to use windows live as authentication provider. If you have an existing investment in an alternative authentication provider or an Open source Single Sign On framework, you may want to make use of your exiting Authentication framework.

Also for your local development you might like to use Active Directory or an SQL membership provider Database instead of completing the long and complicated windows live set up. You can go about this by following the blog of Shan McArthur on MS Dynamics Customer Portal changes.

In this blog I will attempt to describe the steps and the code changes to Customer Portal 2011 to integrate JASIG CAS SSO. The version of CAS being used as part of this demonstration is 3.4.7 and should work with any other version and the CAS server is deployed on a Tomcat 7 Server.

1. CAS Client Configuration

1. To get started, download .NET CAS Client into C:/tmp/dotnetcasclient. We will use the DotNetCasClien.dll in our customer portal project.

image

2. Download the customer portal 2011 from dynamics market place into c:/tmp/customerportal2011

image

3. Open the CustomerPortal solution in VS 2010 and and a reference to CAS client dlls from cas download directory - C:/tmp/dotnetcasclient

image 

4. Open web config file and make the following changes

- Add a new section for casClientConfig in configsections

 

image

- Add CasClientConfig details.

image

If you used to manage seperate config files for various environment you may like to add login and logout URIs to app settings and load the using the key. Replace the server name with your server name

<appSettings>
    <add key="SSOLogoutURI" value=https://yourcasserver/cas/logout />
    <add key="SSOLoginURI" value=https://yourcasserver/cas/login?service=http://localhost:54130/>
  </appSettings>

- Change the authentication mode to form as follows

image

- Add casclient http module

image

 

- Add casclient to webserver modules sections

image

- Follow the cas client download page to include the diagnostic section in case you want to trouble shoot issues.

image

In order for the cas server to trust the client you will have to download the server certificate in x509 format and import into the certificate store. Download the certificate from you cas server and save it with .cr extension

Once you have the certificate saved on your desktop with a .crt extension, proceed with the following instructions

PART 1: Add Snap-in

  1. Open the MMC Console
    1. Click Start
    2. Select Run
    3. Type MMC
    4. Click OK

clip_image001

  1. Click File and select Add/Remove Snap-in

clip_image002

  1. Select Add

clip_image003

  1. Select Certificates from the Add Standalone Snap-in box and click Add

clip_image004

  1. Select Computer Account

clip_image005

  1. Select Local Computer

clip_image006

  1. Close the Standalone Snap-in box, click Ok in the Add/Remove Snap-in and return to the MMC

Part 2: Install your Intermediate and Root Certificate

clip_image007

  1. Right-click the Intermediate Certification Authorities folder > All Tasks > Import

clip_image008

  1. When the Certificate Import Wizard appears, click Next

clip_image009

  1. Locate the Intermediate Certificate(s) you saved and click Next

This completes the cas client related configuration changes to force in cas client library to do the magic with the HTTP request and response pipeline.

 

2. Customer Portal changes

1. Open Login.aspx.cs file and change it to look like this to make sure if the user is not authenticated redirect them to CAS for authentication. Session timeout and CAS ticket expiry scenarios are covered though this code in conjunction with the changes we made to the web config file.

image

 

Now rebuild the customer portal solution and start it in debug mode when you click on the login link you will be redirected to your cas sso login page.

image

 

2. Open Default.master.cs and change the LogoutLink_Click method as follows. We want to cleanly log out the user from the portal and call cas logout to clean up the CAS authentication cookies and expire the authentication ticket.

image 

I have made the following assumptions

- You already have the Customer portal solution imported into your organisation and loaded the initial content via websitecopy.exe

- You have some test contacts in your CRM organisation and the same users exist in your CAS authentication repository ( Whatever repository your CAS server is binding to – AD/SQL Server/Oracle/My SQL/Sun Directory all supported)

- Recompiled xrm so all customisations to your crm organisation are pushed up to all layers.

Comments

Post a Comment

Popular posts from this blog

Microsoft Dynamics XRM proxies–Early bind in ASP.NET web service

  As a hands on Development Manager I often get to lead by example, in my latest attempt to fast track re-development of some of our Java based web services to ASP.NET web service, I went about this using XRM based early bind method. I also explored SDK and JavaScript to execute the Dynamics rest API. For a starter our web service methods roll up large datasets therefore JSON based service was obviously not suitable. Also the java based services made calls to multiple stored procedures through Hibernate frame work, the idea was to convert any calls to Dynamics CRM using XRM with LINQ and other bits and pieces using NHibernate framework. I am keen to learn alternative methods and very open for feedback on the approach I have taken here. Without further ado here are the steps.   1. Re-Compile XRM to include proxies for Dynamics CRM customisations. This was easily done by executing the following commands within the CrmSvcUtil.cmd file REM $0\..\..\Microsoft.Xrm\bin\CrmSvcUtil /code
Post a Comment
Read more

External Authentication providers for SharePoint 2010–(Oracle/Sun Directory as user stores)

External Authentication providers for SharePoint 2010: Thank you for continuing to read my blogs. It is a Sunday afternoon and the Roosters are leading Panthers 10 points to 6 in NRL, by the look of it, it has all the signs of turning into a one sided match in the second half. I thought I might write a blog about SharePoint and Single Sign On with Non-Microsoft Technologies. The Problem: Often Organisations would like to utilise their existing stack of technologies with SharePoint. This is due to the popularity of SharePoint as a platform to consolidate and provide a range of application services either to replace an existing set of tools or compliment an existing applications suite. We fall under the latter. I am working within a truly heterogeneous environment at the moment, the extranet applications are built on a mix of technologies such as OpenText Livelink for DMS, Java and JBPM for for workflow and front end portals, Sun Directory and Oracle for User data and other DB La
3 comments
Read more
LEARNING TO FLY WITH WITH LEARN TO FLY - MELBOURNE   SEPTEMBER 5, 2018   LTF student Balendran Thavarajah has just successfully completed his first solo flight. We thought it would be a great idea to share his flight story, to show you that it is possible to juggle a busy professional and family life with your dream of learning to fly. LTF: YOU’RE CURRENTLY COMPLETING YOUR RPC – WHAT’S YOUR END GOAL WITH FLYING? Balendran: In the short term, I would like to complete my RPC with passenger and cross-country endorsements. Ultimately, I want to obtain a Private Pilot Licence. WHAT MADE YOU WANT TO LEARN HOW TO FLY? I was fascinated by planes and the idea of an aircraft moving through the air. As a kid, I wanted to be a fighter jet pilot but, growing up in Northern Sri Lanka during a prolonged civil war provided no such opportunities. After arriving in Australia, I realised that private aviation was not for the privileged alone. Last year,
Post a Comment
Read more