Shibboleth SP and Azure AD IdP

Peter Schober peter.schober at
Wed May 24 10:36:11 EDT 2017

* Andy Swiffin (Staff) <a.l.swiffin at> [2017-05-24 15:01]:
> I've seen recent discussion on here about using a Shibboleth IdP
> against the Azure SP.   I was wondering if anyone else here has been
> investigating doing this the other way around, we'd be interested to
> correspond.

The SP can receive SAML 2.0 protocol messages also from MS
implementations, yes.

> We've recently done some experimentation with a test Shibboleth SP
> against Azure AD with some success, it's authenticating and
> receiving attributes OK ("It's SAML Jim, nearly as we know it").

Only "Some success"? Anything that didn't work or was overly
difficult? I'm not aware of any issues here, the only thing you'll
need to to is mapping of weird attribute names to internal IDs, no?

> Has anyone here done this, any experience in customising attribute
> release?

Attribut release is the IDP's job. Since the IDP in this case is not
Shibboleth this is not a topic for this list.

Best regards,

More information about the users mailing list