off-topic help for Office 365
Matthew Slowe
M.Slowe at kent.ac.uk
Wed Feb 17 16:33:31 EST 2016
If you're doing ECP as well then the certificate you have on the HTTPS ECP endpoint needs to be trusted *and* has to match the certificate in your configured - therefore the certificate you use in the SAML assertion has to be a signed one (which then expires...)
I've written a few blog posts on the subject which may be of use:
http://blogs.kent.ac.uk/unseenit/office365-and-shibboleth/
http://blogs.kent.ac.uk/unseenit/simple-shibboleth-ecp-test/
http://blogs.kent.ac.uk/unseenit/how-we-do-office365-authentication/
And more recently when our signing certificate really did come up for renewal...
http://blogs.kent.ac.uk/unseenit/updating-trust-fabric-certificate-between-shibboleth-and-office365/
Hope they're useful!
Matthew
Sent from my mobile device.
On 17 Feb 2016, at 19:22, Paul Hethmon <paul.hethmon at clareitysecurity.com<mailto:paul.hethmon at clareitysecurity.com>> wrote:
So I found myself needing to set up Office 365 with my Shibboleth IdP. I had done this last fall and got it working but needed to move it to another domain/server.
Without commenting on how clueless MS support is, they are asking me to try a CA signed certificate for the SAML signing certificate (instead of the normal self-signed cert created at installation). So some questions in case someone else has had to bang their head against the O365 wall:
1. If I put in a CA signed certificate as my public key, is there a need to include intermediate certificates? At least as far as my published IdP metadata.
2. MS support keeps wanting to see a Shib log file that is usually in /var/log/shibboleth/shibd.log. Isn't that the default location for the Shib SP log file?
3. Any troubleshooting tips?
thanks,
Paul
-----
Paul Hethmon
Chief Software Architect
paul.hethmon at clareitysecurity.com<mailto:paul.hethmon at clareitysecurity.com>
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160217/14063720/attachment-0001.html>
More information about the users
mailing list