IdPv3 authenticating against Office 365

Yan Juras yan.juras at
Tue May 24 17:23:56 EDT 2016

I may be reading into what you have written below, but we have no plans to collect student credentials with this system (though I acknowledge that it could be used for this purpose). To clarify, we are only looking for a way to verify the credentials without storing them or otherwise having them at all.


-----Original Message-----
From: Cantor, Scott [mailto:cantor.2 at] 
Sent: Friday, May 20, 2016 7:14 PM
To: Shib Users <users at>
Subject: RE: IdPv3 authenticating against Office 365

> I'm trying to get LDAP access to the AD from which CUNY provisions the 
> Office 365 accounts (or rather, what amounts to a mirror of it). If I 
> can get this, my life will be oh so much easier.

Well, yes, that's obviously the sensible option here. If you're operating on behalf of that organization, it would be a total failure of common sense to subvert POP authentication and collect credentials without the support and backing of the organization. It would most likely be a violation of your local policy if it's anything like most organizations.

-- Scott

More information about the users mailing list