Shibboleth and office 365 True SSO
School Helpdesk
icthelp at tuptonhall.derbyshire.sch.uk
Mon Jul 6 05:45:26 EDT 2015
Hi Rod,
Thanks for the response. That is indeed what we are after! I was looking for reassurance this this is actually possible before I go ahead and delve into further research.
Thanks
Brent
-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Rod Widdowson
Sent: 02 July 2015 11:32
To: 'Shib Users'
Subject: RE: Shibboleth and office 365 True SSO
Brent,
> My question is can Shibboleth provide our active directory environment
domain users with true seamless sign on to office 365 and in particular the outlook web app?
Do you mean:
1) User logs into computer on AD
2) User fires up IE
3) User approaches O365
4) User does *not* have to sign in to the School Shibboleth IdP
5) User is now logged in to O365
If so then you are (technically) asking for two things
A) "SPNEGO" authentication (this is what makes Stage 4 go away)
B) O365 SAML Integration
I have no personal experience of either of these but I know a lot of people on this list have made (B) work.
As for (A): For V2.X I know that Cal Racey at the university of Newcastle has done a lot of stuff (based on the SWITCH work) and has written this up.
I do not have the reference to hand, maybe someone else does, but searching for "Shibboleth SPNEGO site:ncl.ac.uk" throws up some useful hits.
https://crypt.ncl.ac.uk/login-gateway/docs/Shibboleth_SPNEGO_Setup.pdf looks hopeful.
For V3.X I believe that this is under development, just not by the Shibboleth developers.
If you go down this track I'd strongly suggest that you approach each problem separately.
/Rod
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
Tupton Hall School
A Specialist Sports College with ICT
________________________________
t: 01246 863 127 | f: 01246 250 068 | w: www.tuptonhall.derbyshire.sch.uk<http://www.tuptonhall.derbyshire.sch.uk/>
Like us: www.facebook.com/tuptonhallschool<http://www.facebook.com/tuptonhallschool> | Tweet us: www.twitter.com/tuptonhalls<http://www.twitter.com/tuptonhalls>
________________________________
This email (together with any files transmitted with it) is intended only for the use of the individual(s) to whom it is addressed. It may contain information which is confidential and/or legally privileged. If you have received this email in error, please notify the sender by return email (or telephone) and delete the original message. The sender has taken reasonable precautions to check for viruses but the recipient opens this message at his or her own risk. To report abuse email abuse at tuptonhall.derbyshire.sch.uk<mailto:abuse at tuptonhall.derbyshire.sch.uk>
More information about the users
mailing list