j_lalith at hotmail.com
Tue Aug 4 03:28:08 EDT 2015
Where exactly it states that "Office365's implemention of ECP will take the "local
part" of the O365 UPN " you mean firstname.lastname considering below?
in our case the UPN is firstname.lastname at ourfederationtest.com.test.au
How about yours?
The reason I felt email is the only option as the username because, even if you try to create a outlook mail profile on your desktop, first thing it prompt is email address.
Our Web SSO (shibboleth + Office 365) works fine, just that for ECP, we want to figure it out the best way of testing,
How did you really test the ECP/Shibboleth with Office 365? Which non-web client you used? iPhone etc?
Also regarding Office 365 Web initiative, I still dont see any official announcements even thought there are many iPhone appls geared with Web SSO.
Still I believe ECP should be on considering other needs which have not been ruled out yet.
> Date: Mon, 3 Aug 2015 08:43:49 +0100
> From: m.slowe at kent.ac.uk
> To: users at shibboleth.net
> Subject: Re: Non-web Clients
> On Thu, Jul 30, 2015 at 05:18:30AM +0000, lalith jayaweera wrote:
> > When setting up Shibboleth with Basic Http authentication for ECP, to
> > check Office365, is it correct to state login 'username' will be email.
> > Hence in the apache block for the ECP, the AuthLDAPURL will be something
> > like below.
> > AuthLDAPURL ldap://ldap.example.org/ou=People,dc=example,dc=org?mail
> > because Looking at lot of non-web thick clients, e.g. Office365 clients,
> > outlook profiles, etc.
> > they all start with email address as the username during the set up
> > progress, because I did not get any hit to the IdP server at all.
> In my experience, Office365's implemention of ECP will take the "local
> part" of the O365 UPN to use as the username in the Basic Auth part of
> the ECP call (test at example.com -> "test").
> > Issue is our current Web SSO is, the username is 'UID' (staffId) not email
> > address. Is it possible to facilitate both?
> We use two different ports for the two authentication types -- the
> interactive "Web" traffic uses 443 and does an internal SSO type logon
> for seamless access to O365 while the ECP traffic uses 8443 and uses an
> LDAP config as you have mentioned. See "ActiveLogon" and "PassiveLogon"
> URIs in the Set-MSOLDomainFederationSettings cmdlet[*].
> I don't think you can have an AuthLDAPURL which allows you to match one
> username against two different attributes.
> [*] https://msdn.microsoft.com/en-us/library/azure/dn194088.aspx
> Matthew Slowe | Server Infrastructure Officer
> IT Infrastructure, Information Services, University of Kent
> Room S21, Cornwallis South
> Canterbury, Kent, CT2 7NZ, UK
> Tel: +44 (0)1227 824265
> www.kent.ac.uk/is | @UnikentUnseenIT | @UKCLibraryIt
> PGP: https://keybase.io/fooflington
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users