Second Office365 Domain requires different "Issuer URI"

Nate Klingenstein ndk at
Mon May 2 17:39:44 EDT 2016


> but it appears they will only allow you to configure one Office365 domain per shibboleth IdP [entityId].

Interesting.  It’s not necessarily wrong or right, but it’s interesting.  I’m mostly responding as a digest form for others.

You can configure your IdP to pull attributes from multiple sources, or to authenticate against multiple sources.  You can use a custom entityID with a specific relying party.  You can’t just arbitrarily configure two entityID’s; there’s just one field to use, and no basis for selection.

I don’t know if you can use the principal name for entityID selection.  I’d imagine there’s a way.  That’s the heart of your question, along with actually having and enforcing the mapping associating users with the right domain and the right entityID.  If someone can answer that one…

I won’t get into the WS-* stuff.  I would advise you to steer clear too, if you’ve got the choice.

Take care,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list