ECP authentication for Office365 federation
Ryan Suarez
ryan.suarez at sheridancollege.ca
Mon Nov 5 08:57:58 EST 2012
On 12-11-05 5:18 AM, Alex Mihičinac wrote:
> On 5. nov. 2012, at 08:50, THIA Jean-Marie<jean-marie.thia at upmc.fr> wrote:
>
>> Microsoft just released a guide on "Office 365 Single Sign-On with
>> Shibboleth 2"http://www.microsoft.com/en-us/download/details.aspx?id=35464
> Should this work also with LDAP as a back-end (w/o AD)?
>
I haven't tried (because we use AD) but I don't see why not. You assign
2 key identifiers when provisioning users in O365, ImmutableID and
UserPrincipalName, ie:
---
PS> New-MsolUser -UserPrincipalName someuser at mydomain.ca -DisplayName
'Some User' -FirstName 'Some' -LastName 'User' -UsageLocation CA
-LicenseAssignment sheridancqa:STANDARDWOFFPACK_STUDENT -LicenseOptions
$options -ImmutableId w+REBJ5v3E6daasdC+xkqQ==
---
Provided the IdP passes to O365 the same value for ImmutableID and
UserPrincipalName for a given user, then it shouldn't matter what the
backend is.
---
08:47:48.370 - INFO [Shibboleth-Audit:989] -
20121105T134748Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_5e2605ad9f8673eb452246ee0de833d2|urn:federation:MicrosoftOnline|urn:mace:shibboleth:2.0:profiles:saml2:sso|http://idp.mydomain.ca|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_1d45abafad23ef68419384b6658c9870|someuser|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|UserId,ImmutableID|w+REBJ5v3E6daasdC+xkqQ==|_915397c09e85c0acbd144d17e2b0cbb9,|
---
More information about the users
mailing list