Deploying ADFS/Office 365 in a Production Shibboleth Environment

Mike Wiseman mike.wiseman at
Mon Feb 25 15:22:05 EST 2013

Hi all,

My institution is currently designing the access services for a new Office 365 deployment. We currently have a mature Shibboleth IdP service used for internal webSSO, Canadian website federated access, and live at edu. The latter is supported with both web and rich client access using the two SAML 2.0 profiles and going forward with O365 we want to move to WS-* protocol support with our identity providers to get the most/best functionality with Microsoft clients.

We're looking at the use of on-prem ADFS for two functions: 1) WS-*/SAML protocol gateway between the Shibboleth IdP service and O365 for web client access and, 2) full on-prem ADFS/AD service to provide WS-* protocol support for O365 and rich clients (eg. Outlook, IMAP, Lync, ActiveSync, etc.) So we would move partially or completely away from using SAML for the rich client access.

I've seen this discussed many times on the list before in encouraging but hypothetical terms and was wondering if anyone has progressed in this area. There appears to be Microsoft support and documentation for 1) but I don't see anything regarding 1) and 2) together.



Mike Wiseman
Manager, Information Security
Information + Technology Services
University of Toronto

More information about the users mailing list