Azure AD without ADFS

Peter Schober peter.schober at
Tue May 2 11:44:51 EDT 2017

* Admin IFMSA-Sweden <admin at> [2017-05-02 17:29]:
> We have a portal for Dynamics 365 using multiple external identities
> for sign-in, e.g. Shibboleth IdP and ADFS. [...]
> We have not found this portal to be capable to consume Shibboleth
> IdP Federation with IdP Discovery Service which requires signing of
> keys and certificates.

It's not evident to me what what part of the Shibboleth project or
software you're looking to find support for.

There's no such thing as "Shibboleth IdP Federation". There are
Shibboleth implementations of standard protocols (OASIS SAML 2.0 here,
most likely) available as Free/Libre/Open Source software.  Also
there's SAML 2.0 Metadata, which you can use to build "federations",
but which really just are text (well, XML) files that contain SAML
entities (a single one, or thousands).
With SAML Metadata being just text files of course you'd be
well-advised to only ever consume those over the Internet when its
signed with a trustworthy key, but neither Shibboleth not the SAML
specification mandate this.  (Also IDP Discovery Services have nothing
to do with "signing of keys and certificates".)

So you've already lost me here.

> Even though we are still trying to find ways to connect through
> Shibboleth IdP Discovery Service (i.e. Proxy IdP), we look at same
> time other ways to achieve almost the same result (can this be done
> with Azure AD). (For ADFS IdPs this can theoretically be achieved
> with Microsoft ACS/AccessControlService for WS-compatible STSs,
> however, ACS is to be replaced with Azure AD, I assume).

Sorry, I don't speak enough MS to understand any of that.
But a SAML IDP Discovery Service is not at all the same thing as

Maybe others will know what it is you're after.

More information about the users mailing list