federated auth with Microsoft Office 365

Paul B. Henson henson at csupomona.edu
Thu Aug 16 22:47:13 EDT 2012

On Wed, Aug 15, 2012 at 01:54:05PM -0700, Cantor, Scott wrote:

> If you haven't already encountered such a case, you're fairly early in
> your federating efforts, or very strict.

Both :). So far the only service providers we've needed to interoperate
with were all part of the CSU. Sounds like I'm going to need to hold my
nose more often as we expand farther <sigh>.

> The metadata thing is not really that inconvenient for *you* to load
> theirs, but rather the fact that they can't load yours usefully. With the
> ADFS piece in the middle, you might be able to offload that mess to your
> ADFS team, since the only operational relationship you have is with it.

Our windows group owns office365 too, so even without ADFS they'll be in
charge of configuring it. It looks like you have to run some powershell
to set up the federation config on the office365 side, part of which is
loading the shibboleth certificate.

> I suppose if you have the luxury of punting the ADFS piece to some other
> group, that might be attractive.

Yup ;). The windows group claims if we use ADFS there will be more
clients supported than if we use shiboleth, which might be a factor.


Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  henson at csupomona.edu
California State Polytechnic University  |  Pomona CA 91768

More information about the users mailing list