M.Abulsoud M.Abulsoud - 2 months ago 39
PHP Question

Access Microsoft Dynamics CRM 2016 REST WEB API

I need to access CRM odata REST API for Integration. I have a php cron job for syncing data from CRM. When I hit the endpoint of CRM WEB API https://internal.crm.org.com:5443/appname/api/data/v8.0/ from browser I redirect to the following link :
and a window is shown to authenticate using username, and password.

So my question is how to authenticate with the resources server?
Microsoft point me to this page
and this guy explain how to authenticate using oauth2

Microsoft said dynamics 365 is using three different security models (claims, active dirctory, and auth2 authentications)


I have successfully integrated with CRM web api 2016 using the ws-trust protocol.

This lib are do the heavy work for you and implment the ws-trust protocol messages. Steps To authenticate with CRM that is protoected by ADFS 3.0 1- Get the samel security token (the endpoint for ws-trust for active authenticate need to be configured on adfs server) 2- Include that token per http request within the header as earer token Code:


include_once dirname(dirname(__FILE__)) . '/http.php';
include_once dirname(dirname(__FILE__)) . '/wstrust.php';

// username/password of a user in the LDAP directory
// LDAP as configured in the PingFederate Username Token WS-Trust connection settings for Salesforce
$username = 'username';
$password = 'password';

// RST appliesTo
$appliesTo = 'crmservice/api/data/v8.0/';

//STS service
$IPSTS = 'org/adfs/services/trust/13/UsernameMixed';

// special token type (needs to be enabled in run.properties)

// call to IP-STS, authenticate with uname/pwd, retrieve RSTR with generated token
//get security token
$result = HTTP::doSOAP(
                WSTRUST::getUserNameToken($username, $password),
                WSTRUST::getTimestampHeader(), $IPSTS),
        WSTRUST::getRST($tokenType, $appliesTo)

// parse the RSTR that is returned
list($dom, $xpath, $token, $proofKey) = WSTRUST::parseRSTR($result);

$xpath->registerNamespace('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
$token =  $xpath->query('saml:EncryptedAssertion', $token);
$token = $token->item(0);

// now pass the encrypted assertion to the RP
$ts = WSTRUST::getTimestampHeader('_0');
$token = $dom->saveXML($token);

//include the token with the http header per request  like this Authorization: Bearer $token