Second Office365 Domain requires different "Issuer URI"
ndk at sudonym.me
Mon May 2 17:39:44 EDT 2016
> but it appears they will only allow you to configure one Office365 domain per shibboleth IdP [entityId].
Interesting. It’s not necessarily wrong or right, but it’s interesting. I’m mostly responding as a digest form for others.
You can configure your IdP to pull attributes from multiple sources, or to authenticate against multiple sources. You can use a custom entityID with a specific relying party. You can’t just arbitrarily configure two entityID’s; there’s just one field to use, and no basis for selection.
I don’t know if you can use the principal name for entityID selection. I’d imagine there’s a way. That’s the heart of your question, along with actually having and enforcing the mapping associating users with the right domain and the right entityID. If someone can answer that one…
I won’t get into the WS-* stuff. I would advise you to steer clear too, if you’ve got the choice.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users