off-topic help for Office 365

Brent Putman putmanb at georgetown.edu
Wed Feb 17 15:32:27 EST 2016



On 2/17/16 3:11 PM, Paul Hethmon wrote:
>>
>>
>> no metadata XML, you upload a 1. domain, 2. url (binding), 3. ecp
>> url (binding), 4. uri (entityID), 5. logout url, and 6. base64
>> encoded x509 cert. to my knowledge, O365 will only do signing, no
>> encryption of the assertion.
>>

Ok.  I think that answers the original question:  If there's no
metadata being sent to MS, then no, I don't think you'd have to do
anything re: metadata, since they're not using it.

>
> + Set-MsolDomainAuthentication <<<<  -DomainName $dom
> -FederationBrandName $dom -Authentication Federated  -PassiveLogOnUri
> $url -SigningCertificate $cert -IssuerUri $uri -ActiveLogOnUri
> $ecpUrl -LogOffUri $logouturl -PreferredAuthenticationProtocol SAMLP
>     + CategoryInfo          : OperationStopped: (:)
> [Set-MsolDomainAuthentication], MicrosoftOnlineException
>     + FullyQualifiedErrorId :
> Microsoft.Online.Administration.Automation.InternalServiceException,Microsoft.Online.Administration.Automation.SetDomainAuthentication
>
> At this point, you supply MS support with useless information as they
> are apparently unable or unwilling to look into their own systems to
> find a real cause.
>


Yeah, nothing useful there. You have no access to any logs on the
service side? Maybe they really do only support a CA-issued cert for
some reason, who knows.  Or is there some sort of mismatch between the
domain you are specifying in the call and the CN in the cert? 
Otherwise I have no suggestions. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160217/83be70c7/attachment.html>


More information about the users mailing list