2012년 4월 16일 월요일 오후 5:34
This seems like it would be so obvious, but I can't seem to find an example.
This forum answer refers to dynamic realms and provides a good example on building the proper realm request to ACS.
However I get the following error
ACS50001: Requested relying party realm 'http://tenant.localhost.company.com/' is unknown
My question is simple, how do you specify wildcard names in the ACS management portal for a realm. I tried setting the Realm on my Reply Party to *.localhost.company.com and that did not work (see error)
|| Aaron Elder - Dynamics CRM MVP || http://xrm.ascentium.com/blog/crm
2012년 4월 16일 월요일 오후 7:48
You can't do that on the ACS side. You have to explicitly set up an RP for each realm.
You may be better off having a single realm, and when ACS returns the token to the root site, you have code that figures out which tenant should receive the token.
Developer Security MVP | www.syfuhs.net
2012년 4월 16일 월요일 오후 7:58
Thank you for the reply.
That is what I was afraid of. As I have read more, this seems like a possible way to go.
Is there a best practice here? Is there any easy way I can pass a querystring token to the ReturnUrl? The workflow is a user will go to orgname.company.com, I need them to sign in to app.company.com then redirect them back to orgname.company.com.
2012년 4월 17일 화요일 오전 6:38중재자
Yes, ReturnUrl can be edit but Realm not, it's not safety if ACS RP can be updated during the application running.
Try to follow:
Hope this helps.
2012년 4월 18일 수요일 오후 8:56It looks like the best way to pass this is via wctx (context), as it is the only parameter that is always passed and transparent to the various systems in the chain.