Apparent inconsistencies in the Shibboleth wiki concerning persistent NameIDs for federating a Shibboleth IDP with Microsoft Azure

Cantor, Scott cantor.2 at
Wed Apr 6 11:02:28 EDT 2016

On 4/6/16, 10:58 AM, "users on behalf of Florian Lengyel" <users-bounces at on behalf of Florian.Lengyel at> wrote:

>While I agree with the sentiment,  it is silent on the technical question whether an explicit override of the default signing configuration is necessary in the relying party configuration for Microsoft O365.

I thought you were saying they didn't require SHA-1, that's all.

>The answer is no: the O365 metadata at
>includes digest and signing method  extensions to specify SHA1:

That's interesting. I wasn't aware they had looked into that at all, that in fact may be the first non-Shibboleth use of that extension I've ever seen.

-- Scott

More information about the users mailing list