O365 auth bypass
rgraves at carleton.edu
Wed Apr 27 13:34:52 EDT 2016
> all this agonizing over their misuse of persistent ID appears to be even worse than it appeared: they apparently require it be present but don't *use* it...
Is it even required to be present? Google's recent directions for making the general-purpose SAML IdP recently launched in Google Apps (by the way, that happened) don't even mention it. https://support.google.com/a/answer/6363817?hl=en
More information about the users