Microsoft Azure + AD FS 3 + Shibboleth IdP v3

David Sanchez Herrero david.krusty at gmail.com
Tue Feb 23 07:29:09 EST 2016 

Hello all,

We are working on a scenario to federate our Microsoft Domain with the
Microsoft Cloud using AD FS 3, but making AD FS to delegate passive
authentication (web) to the Shiboleth IdP v3. The authentication flow
should be:

1) Open portal.office.com (Office365) in a web browser and type an email
address from our domain.
2) The Microsoft cloud redirects us to our AD FS server, which redirects us
again to the Shibboleth IdP v3 login page.
3) When IdP v3 authenticates the user, it returns the control to AD FS,
which sends the user validation to Office365.

We are stuck between points 2 and 3. The IdP succesfully authenticates the
users from our Domain Controller (LDAP Connector), but something is wrong
(we suppose) when sending the validation information back to AD FS. We have
activated various DEBUG flags in Shibboleth, but it didn't help us so much
to identify the problem.

We have searched A LOT for documentation about this deploying scenario, but
no success. All the usefull information is for AD FS 2 and IdP v2, but no
updated documentation for AD FS 3 and IdP v3. Do you know if this deploying
scenario using both v3 is possible? Any updated documentation source to
check?

Attached to this mail are the IdP log, and some relevant configuration
files. Could you please check if something is wrong? If you need any
additional files, please, let me know.

Thanks in advance, David.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160223/170a5b4e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: idp3-config.zip
Type: application/zip
Size: 12726 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20160223/170a5b4e/attachment-0002.zip>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: idp3-logs.zip
Type: application/zip
Size: 24308 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20160223/170a5b4e/attachment-0003.zip>

More information about the users mailing list