How To
Summary
Microsoft Dynamics 365 changed its authentication mechanism from WS-Trust based Authentication to OAuth2.0 Authentication on April 2022.
Due to this change, IBM ACP is not able to connect to MS Dynamics 365 as IBM ACP is still using WS-Trust based authentication.
Currently, following error is received in IBM ACP connecting to MS Dynamics 365
-----
An error occurred processing the security tokens in the message: You are using Ws-Trust authentication, which has been deprecated and no longer supported in your environment. Use OAuth2.0 authentication and refer https://aka.ms/dvwsdep.
Objective
Customer needs to migrate or upgrade to latest ACP version and interim fix
ACP v7.5.5 CUMIFIX 012 where a new APAR is included to solve the issue:
- LI82623 :- WS-TRUST DEPRECATION CHANGES FOR MSDYNAMICS AND IMPLEMENTATION OF OAUTH2.0
Environment
Customers of ACP connection to MS Dynamics
Steps
Download latest interim fix – ACP v7.5.5 CUMIFIX 012 from Fix Central:
https://www.ibm.com/support/pages/app-connect-professional-builds-and-ifix-details
MS Dynamics certificate needs to be imported into Studio's 'cacert' keystore.
Location:- <Studio installation folder -> security
How to download the certificate:
1. Log in to MSDynamics CRM Instance. Click the lock symbol in URL bar
2. Click "Connection is secure"
3. Go to "Certificate valid"
4. Go to “Certificate path” tab and select root certificate
5. Double-click the DigiCert Global Root G2 -> On the pop window, check the General tab, and verify whether the details like
1. Issued to: - DigiCert Global Root G2
2. Issued by: - DigiCert Global Root G2
1. Issued to: - DigiCert Global Root G2
2. Issued by: - DigiCert Global Root G2
6. Go to Details tab
7. Click 'Copy to File' and save with “Base-64 encoded X.509 (.CER)”
8. Save to wanted location
9. Once downloaded, import the certificate into your cacert of the Studio.
To do so:
Go to <Studio install dir>\jre\jre\bin and open ikeyman.exe
Open a Key database file
Navigate to <Studio install dir>\security and open cacert DB.
Password is
changeit
Change from default 'Personal certificates' to 'Signer certificates'
Click 'Add certificate' and select the certificate downloaded from MSD saved previously.
Add the label (alias) and you see it included in the list of Signed certificates for cacerts.
Once completed, you can open Studio (perform the tasks described with Studio closed) and open the project that uses MSD connectors.
Go to the MSD Endpoint and click ‘Discovery Organization’ and ‘Test Connection’.
Once completed, test to run the orchestrations.
Additional Information
The same certificate needs to be added to the appliance by using WMC once tested in Studio and the project is deployed.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3LC4","label":"App Connect Professional"},"ARM Category":[{"code":"a8m50000000CknvAAC","label":"ACP-\u003EConnectors-\u003EMicrosoft Dynamics CRM"}],"ARM Case Number":"TS008816538","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
02 June 2022
UID
ibm16591427