ECP authentication for Office365 federation

Ryan Suarez ryan.suarez at sheridancollege.ca
Mon Nov 5 09:18:39 EST 2012 

On 12-11-03 3:43 PM, Mauro Minella wrote:
>
> However, on the client side it seems that the user is NOT 
> authenticated because the username/password dialog box keeps being 
> presented.
>
> 20:05:42.858 - INFO [Shibboleth-Audit:989] - 
> 20121103T190542Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_8c62ad9c-52bf-448c-bf97-2d60b9d51c8a|urn:federation:MicrosoftOnline|urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp|https://shibbidp.eduteamit.com/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_dd9639a0044b3825230446ed3501dd58|mark.twain||transientId,eduPersonScopedAffiliation,UserId,eduPersonTargetedID.old,ImmutableID,eduPersonTargetedID,|_1e62f11837be4ed0a01df02b68f521af|_74f97d433963aadfb9aa72e2400ee844,|
>

Check the attributes for mark.twain in O365 and confirm you're passing 
the right UserId and ImmutableID.  Based on your log above, his 
ImmutableID in O365 should be "_1e62f11837be4ed0a01df02b68f521af", ie:

---

PS>  Get-MsolUser-UserPrincipalName"${mark.twain's UPN}"|fl
ExtensionData               : System.Runtime.Serialization.ExtensionDataObject
AlternateEmailAddresses     :{}
BlockCredential             : False
City                        :
Country                     :
Department                  :
DisplayName                 : Mark Twain
Errors                      :
Fax                         :
FirstName                   : Mark
ImmutableId                 :_1e62f11837be4ed0a01df02b68f521af
IsBlackberryUser            : False
IsLicensed                  : True
LastDirSyncTime             :
LastName                    : Twain
LicenseReconciliationNeeded : False
Licenses                    :{somedomain:STANDARDWOFFPACK_STUDENT}
LiveId                      : 1003000082D67C07
MobilePhone                 :
ObjectId                    : 24c7fdfe-12b4-4bf9-b6ea-ee019cb99e6f
Office                      :
OverallProvisioningStatus   : Success
PasswordNeverExpires        : False
PhoneNumber                 :
PortalSettings              :
PostalCode                  :
PreferredLanguage           :
ProxyAddresses              :{smtp:mark.twain at somedomain.com,  SM
                               TP:mark.twain at somedomain.com}
SoftDeletionTimestamp       :
State                       :
StreetAddress               :
StrongPasswordRequired      : True
Title                       :
UsageLocation               : CA
UserPrincipalName           : ${mark.twain's UPN}
ValidationStatus            : Healthy

---
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121105/8b83657c/attachment-0001.html

More information about the users mailing list