ADFS Shibboleth question

Aaron Howell aaron.howell at deakin.edu.au
Thu Apr 3 17:52:22 EDT 2014 

>> I thought I recently read that Microsoft was supporting SAML / Shibboleth
>> for O365. Maybe you can just do this and be done with it, without needing
>> ADFS at all?
Microsoft announced their intention to support Shibboleth fully in the future recently. However I don’t believe they have actually done it yet.

There are instruction here for authenticating ADFS (v3 on 2012r2) using Shibboleth IdP: https://wiki.shibboleth.net/confluence/display/SHIB2/MicrosoftInterop

I don’t think this would be affected if Shibboleth IdP is authenticating with CAS. However I haven’t tested it - but I am planning on making our CAS authenticate using Shibboleth IdP soon which would fundamentally achieve the same outcome of Single SSO: https://wiki.shibboleth.net/confluence/display/SHIB2/Shibbolize+a+CAS+server

Cheers
Aaron

On 4 Apr 2014, at 2:54 am, Qian, Yi <yqian at ku.edu> wrote:

> The people who love ADFS at the university must be very disappointed,
> Thanks Scott for the help
> 
> On 4/3/14 10:20 AM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
> 
>> On 4/3/14, 11:06 AM, "Qian, Yi" <yqian at ku.edu> wrote:
>> 
>>> After ADFS set up, we will have 2 IdPs, Shibboleth IdP and ADFS IdP,
>>> Shib IdP will use CAS authentication against sun/oracle LDAP, ADFS will
>>> authenticate against AD.
>>> 
>>> The requirement at the university is user can authenticate against either
>>> of the IdP and does not require login again
>> 
>> You cannot meet that requirement with the above choices.
>> 
>>> The puzzle here is after user login against ADFS, then access Shib-CAS
>>> protected resources, how Shib can intercept the SAML assertion issued by
>>> ADFS
>> 
>> It can't. You're being asked for the impossible, and your diagram will
>> have to change or the requirements will.
>> 
>> -- Scott
>> 
>> 
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>> 
> 
> 
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


Important Notice: The contents of this email are intended solely for the named addressee and are confidential; any unauthorised use, reproduction or storage of the contents is expressly prohibited. If you have received this email in error, please delete it and any attachments immediately and advise the sender by return email or telephone.

Deakin University does not warrant that this email and any attachments are error or virus free.

More information about the users mailing list