ECP authentication for Office365 federation
Cantor, Scott
cantor.2 at osu.edu
Sun Nov 4 11:46:09 EST 2012
On 11/3/12 3:43 PM, "Mauro Minella" <Mauro.Minella at microsoft.com> wrote:
>As a matter of facts, I¹m now able to get any federated users (like
>mark.twain at shibbdomain.eduteamit.com) authenticated on Outlook Online
>(https://outlook.com). As you know, this concerns
> PASSIVE authentication.
Passive in SAML != passive in Microsoft's world. You mean "browser-based",
I think. Passve in SAML means "no interaction with user".
>In fact, my users need to get authenticated even with ACTIVE clients
>(like Outlook 2010). I believe could setup ECP quite correctly, in fact
>when the users run the Outlook 2010 Wizard to create their profile, they
>enter
> username (mark.twain at shibbdomain.eduteamit.com) + password (abc123ABC)
>and my Shibboleth IDP seems correctly authenticating them (pls see my
>logs below).
Yes, that would indicate at least as far as the IdP is concerned, its work
is done.
> However, on the client side it seems that the user is NOT authenticated
>because the username/password dialog box keeps being presented.
That's an application issue, not a topic for this list. I don't know how
to debug the application side here, but that would be a Microsoft question.
My guess is that attributes released aren't lining up with what the SP in
question wants to get, so it's not able to log the client in, returns
failure, and so the client prompts again.
-- Scott
More information about the users
mailing list