Apparent inconsistencies in the Shibboleth wiki concerning persistent NameIDs for federating a Shibboleth IDP with Microsoft Azure
Cantor, Scott
cantor.2 at osu.edu
Wed Apr 6 11:02:28 EDT 2016
On 4/6/16, 10:58 AM, "users on behalf of Florian Lengyel" <users-bounces at shibboleth.net on behalf of Florian.Lengyel at cuny.edu> wrote:
>While I agree with the sentiment, it is silent on the technical question whether an explicit override of the default signing configuration is necessary in the relying party configuration for Microsoft O365.
I thought you were saying they didn't require SHA-1, that's all.
>The answer is no: the O365 metadata at
>https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml
>includes digest and signing method extensions to specify SHA1:
That's interesting. I wasn't aware they had looked into that at all, that in fact may be the first non-Shibboleth use of that extension I've ever seen.
-- Scott
More information about the users
mailing list