从Java向在线联合Dynamics CRM 2013进行Web服务身份验证 [英] Web Service Authentication to Online Federated Dynamics CRM 2013 from Java

查看:141
本文介绍了从Java向在线联合Dynamics CRM 2013进行Web服务身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在研究Java程序,以通过Web服务与Microsoft Dynamics CRM 2013在线版本集成。身份验证与本地IDP联合,而不是通过Windows Live。我在查找有关如何完成此操作的文档时遇到问题。我所见的所有非.NET环境文档如何在联合设置中完成集成。

I am working on a Java program to integrate via web services with a Microsoft Dynamics CRM 2013 online version. Authentication is federated with a local IDP, not through Windows Live. I am having problems finding documentation on how to complete this. All of the non-.NET environment documentation I have seen does not show how to complete the integration in a Federated set-up.

是否可以在Java的此身份验证配置中使用Dynamics CRM Web服务?如果是这样,任何文档/代码示例都将受到赞赏。

Is it possible to consume Dynamics CRM web services in this authentication configuration from Java? If so, any documentation/code samples are appreciated.

推荐答案

根据我的研究,似乎无法与Dynamics集成使用联合(本地ADFS)ID的Web服务。我们使用的IDP无法响应WS-Trust RequestSecurityToken,因此我无法检索SAML。即使我是本文建议,不可能检索Dynamics SAML:

Based on my research, it does not seem possible to integrate with Dynamics web services using a federated (local ADFS) ID. The IDP we are using does not respond to WS-Trust RequestSecurityToken and so I was unable to retrieve the SAML. Even if I was, though, this article suggests that it would not be possible to retrieve the Dynamics SAML:


问题是访问控制的XML SOAP消息服务接受必须签名,并且有关如何执行此操作的详细信息位于CRM SDK /身份模型的内部。

The issue is that the XML SOAP message that access control service accepts has to be signed and the detail on how to do that is internal to the CRM SDK/Identity Model.

由于您无法签名XML消息以发送给访问控制服务,无法与CRM 2011集成。

Since you can’t sign the XML message to send to the access control service, integration with CRM 2011 cannot work.

本文继续指出,解决方法是创建一个Microsoft Online ID。就我而言,这是Office 365中的云用户。将该用户添加到我的Dynamics实例后,便能够使用问题中链接的文档中描述的方法。

The article goes on to state that the workaround is to have a Microsoft Online ID created. In my case, this is a cloud user within Office 365. Once this user was added to my Dynamics instance, I was able to use the method described in the documentation linked to in the question.

出于完整性考虑,以下是对 https://login.microsoftonline.com发出的SOAP请求的示例/RST2.srf

For completeness sake, below is an example of the SOAP request made to https://login.microsoftonline.com/RST2.srf

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
    <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
    <a:MessageID>urn:uuid:{GENERATE-GUID-HERE}</a:MessageID>
    <a:ReplyTo>
        <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo4TBVw9fIMZFmc7ZFxBXIcYAAAAAbd1LF/fnfUOzaja8sGev0GKsBdINtR5Jt13WPsZ9dPgACQAA</VsDebuggerCausalityData>
    <a:To s:mustUnderstand="1">https://login.microsoftonline.com/RST2.srf </a:To>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <u:Timestamp u:Id="_0">
            <u:Created>{UTC-TIMESTAMP}</u:Created>
            <u:Expires>{UTC-TIMESTAMP}</u:Expires>
        </u:Timestamp>
        <o:UsernameToken u:Id="uuid-14bed392-2320-44ae-859d-fa4ec83df57a-1">
            <o:Username>{CLOUD-USERNAME}</o:Username>
            <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">{CLOUD-PASSWORD}</o:Password>
        </o:UsernameToken>
    </o:Security>
</s:Header>
<s:Body>
    <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
        <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
            <a:EndpointReference>
                <a:Address>urn:crmna:dynamics.com</a:Address>
            </a:EndpointReference>
        </wsp:AppliesTo>
        <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
    </t:RequestSecurityToken>
</s:Body>
</s:Envelope>

替换以下字段:


  • MessageID :随机GUID

  • 时间戳/已创建 ISO-8601格式:YYYY-MM-DDThh:mm:ss.sssZ

  • 时间戳/到期时间:到期时间为 ISO-8601格式:YYYY-MM-DDThh: mm:ss.sssZ

  • 用户名:您的云用户名

  • 密码:您的云密码

  • MessageID: random GUID
  • Timestamp/Created: current time in ISO-8601 Format: YYYY-MM-DDThh:mm:ss.sssZ
  • Timestamp/Expires: expires time in ISO-8601 Format: YYYY-MM-DDThh:mm:ss.sssZ
  • Username: your cloud username
  • Password: your cloud password

响应将包含一个KeyIdentifier和2个CypherValue元素。使用这些来构造对CRM的请求的SOAP Header。完整的代码可以在问题中引用的链接中找到。

The response will contain a KeyIdentifier and 2 CypherValue elements. Use these to construct the SOAP Header for requests to the CRM. Full code can be found in the link referenced in the question.

这篇关于从Java向在线联合Dynamics CRM 2013进行Web服务身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆