Second Office365 Domain requires different "Issuer URI"

[Nate Klingenstein]

Vincent,

> but it appears they will only allow you to configure one Office365 domain per shibboleth IdP [entityId].

Interesting.  It’s not necessarily wrong or right, but it’s interesting.  I’m mostly responding as a digest form for others.

You can configure your IdP to pull attributes from multiple sources, or to authenticate against multiple sources.  You can use a custom entityID with a specific relying party.  You can’t just arbitrarily configure two entityID’s; there’s just one field to use, and no basis for selection.

I don’t know if you can use the principal name for entityID selection.  I’d imagine there’s a way.  That’s the heart of your question, along with actually having and enforcing the mapping associating users with the right domain and the right entityID.  If someone can answer that one…

I won’t get into the WS-* stuff.  I would advise you to steer clear too, if you’ve got the choice.

Take care,
Nate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160502/848f35ce/attachment-0001.html>