I am currently for a client configuring BizTalk 2010 as middleware between Dynamics CRM 2011 on premises with ADFS.
Receiving messages from CRM 2011 to BizTalk is no problem at all.
However the other way around I configured a custom binding as SendPort and can't seem to find the right settings for enforcing HTTPS and authenticating on the ADFS service.
I would imagine that I need settings in the sendport to first authenticate on ADFS and followed on that authenticate against CRM 2011.
Any additional information in regards to this setup and configuration is much appreciated.
Latest sendport information and error:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<client>
<remove contract="BizTalk" name="WcfSendPort_Crm" />
<endpoint address="https://crmurl/XRMServices/2011/Organization.svc" behaviorConfiguration="EndpointBehavior" binding="ws2007FederationHttpBinding" bindingConfiguration="ws2007FederationHttpBinding" contract="BizTalk" name="WcfSendPort_Crm" />
</client>
<behaviors>
<endpointBehaviors>
<remove name="EndpointBehavior" />
<behavior name="EndpointBehavior">
<soapProcessing processMessages="false" />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<ws2007FederationHttpBinding>
<clear />
<binding name="ws2007FederationHttpBinding">
<reliableSession enabled="true" />
<security mode="TransportWithMessageCredential">
<message issuedTokenType="http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-pr-SAMLTokenProfile-01.html">
<issuer address="https://adfsurl/STS/Active/STS.svc" binding="ws2007HttpBinding" bindingConfiguration="stsBinding">
<identity>
<dns value="STS" />
</identity>
</issuer>
<issuerMetadata address="https://adfsurl/HRGSTS/Active/HRGSTS/mex%22" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
Error:
A message sent to adapter "WCF-Custom" on send port "WcfSendPort_Crm" with URI "https://crmurl/XRMServices/2011/Organization.svc" is suspended.
Error details: System.InvalidOperationException: The channel is configured to use interactive initializer 'System.ServiceModel.Security.InfocardInteractiveChannelInitializer', but the channel was Opened without calling DisplayInitializationUI. Call DisplayInitializationUI before calling Open or other methods on this channel.
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfInitializationUINotCalled()
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.ICommunicationObject.Open()
at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.GetChannel[TChannel](IBaseMessage bizTalkMessage, ChannelFactory`1& cachedFactory)
at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.SendMessage(IBaseMessage bizTalkMessage)
MessageId: {337CB1AF-1C4A-484A-9CA6-7E0FD3396138}
InstanceID: {FBCDEE5C-8CA2-4C37-87A5-906448C14479}
===
<ws2007HttpBinding>
<clear />
<binding name="ws2007HttpBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"/>
<message clientCredentialType="UserName"
establishSecurityContext="false"/>
</security>
</binding>
</ws2007HttpBinding>
Assuming that the last snippet you've added is the binding to use when calling the STS and that this is the bit you've added to the machine.config as I have at the time - the binding name should be
stsBindingand notws2007HttpBindingas this should match the name used in the bindingConfiguration attribute of the issuer element in your send port configuration.