ECP authentication for Office365 federation

Ryan Suarez ryan.suarez at
Mon Nov 5 08:57:58 EST 2012

On 12-11-05 5:18 AM, Alex Mihičinac wrote:
> On 5. nov. 2012, at 08:50, THIA Jean-Marie<jean-marie.thia at>  wrote:
>> Microsoft just released a guide on "Office 365 Single Sign-On with
>> Shibboleth 2"
> Should this work also with LDAP as a back-end (w/o AD)?

I haven't tried (because we use AD) but I don't see why not. You assign 
2 key identifiers when provisioning users in O365, ImmutableID and 
UserPrincipalName, ie:

PS> New-MsolUser -UserPrincipalName someuser at -DisplayName 
'Some User' -FirstName 'Some' -LastName 'User' -UsageLocation CA 
-LicenseAssignment sheridancqa:STANDARDWOFFPACK_STUDENT -LicenseOptions 
$options -ImmutableId w+REBJ5v3E6daasdC+xkqQ==

Provided the IdP passes to O365 the same value for ImmutableID and 
UserPrincipalName for a given user, then it shouldn't matter what the 
backend is.

08:47:48.370 - INFO [Shibboleth-Audit:989] - 

More information about the users mailing list