Shibboleth for Office 365 (Authentication decision) - Pls read

solution79 solution79 at live.com
Mon Jun 3 21:58:13 EDT 2013


Hello All,

 

Looking for valuable advice for the below scenario in order to implement
Shibboleth for Office 365.

It's important to understand our current architecture as we already have
Shibboleth placed for other applications to authenticate.


Our current User login procedure - 

 

*         Students provides the credentials at Student Portal, which is
authenticated by IIdS (Inhouse Identity System) 

 

*         Student portal  >>(redirect using http:302) >> CAS (Central
Authentication System) >> (redirect using http:302) >> Shibboleth
>>(redirect using http:302) >> IIdS (Inhouse Identity System).

 

*         IIdS (Inhouse Identity System) talks to the LDAP running Sun
Enterprise Directory 5.2

 

*         Once user is authenticated, Cookie session is created and passed
in reverse order:

IIdS (Inhouse Identity System) >> Shibboleth >> CAS >> Student portal

 

*         Post successful login, user clicks on "My Email" which in turn
uses SSO toolkit (Version: 4.5) to contact MS Live at Edu

 

*         Cookie session contains the Email address.

 

My reason to bring the current authentication mechanism on surface:



a)      Our Shibboleth is getting authenticated by LDAP - SUN Enterprise
Directory 5.2. Therefore from Shibboleth Federation with Office 365
perspective, can it use the same LDAP to authenticate users rather than AD?



b)      If yes, then the attribute for authentication can be the user login
id rather email address, as we are using it currently. 
However I understand for SSO to Office 365 you need to provide email
address. Is it possible to have the email address in the background provided
by Shibboleth to Office 365?

 

c)       Once replaced with Shibboleth for Email access. Now user logs to
Student portal using their Student Login id, post authentication while
clicking on "My Email" will Shibboleth pick the email address from the
cookie session and provide the same to Office 365 thus allowing user a SSO
experience to access emails?

 

Team, any pointer will be of great help!

 

Regards,

 

Dematri

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130604/2b0c58ee/attachment-0001.html 


More information about the users mailing list