IdPv3 authenticating against Office 365

Yan Juras yan.juras at
Fri May 20 18:57:16 EDT 2016

Thanks, Scott.

I'm trying to get LDAP access to the AD from which CUNY provisions the Office 365 accounts (or rather, what amounts to a mirror of it). If I can get this, my life will be oh so much easier.

If not, I guess I'll have to learn some Java or find someone who has already done this.


-----Original Message-----
From: Cantor, Scott [mailto:cantor.2 at] 
Sent: Wednesday, May 18, 2016 10:01 PM
To: Shib Users <users at>
Subject: Re: IdPv3 authenticating against Office 365

On 5/18/16, 5:04 PM, "users on behalf of Yan Juras" <users-bounces at on behalf of yan.juras at> wrote:
>I’ve been asked to explore using Office 365  as an authentication and 
>attribute source for  our IdP so that we can move away from needing to 
>provision and maintain accounts for our  students. Ideally, I’d like to 
>authenticate using the Office 365 username and password,  and be able 
>to pull a basic set of attributes from Office 365 (givenName, sn, 
> email/eppn) for use/release by the IdP.

That's a new one. I didn't realize they really had accounts there unless you provisioned them.

>Is anyone aware of a way to do this?

Not without writing code, and in that case there are probably a dozen ways, writing a JAAS module being probably the simplest.

-- Scott

More information about the users mailing list