Shibboleth IDP v3 authenticating users on Azure AD instance

[Corey Scholefield]

Greetings....

I am embarking on something that might be a crazy idea for a number of reasons, but thought I would share with you all anyways....

An organization I am working with is very small, and has no on-premise Active Directory domain-controller, or an enterprise LDAP directory.  They have an Office 365 tenant that authenticates users against the Azure AD identity store.

I am planning to deploy the Shibboleth IDP v3 server on a local CentOS virtual-server (in Canada), and point the LDAP backend at Azure AD to authenticate the users.  Azure AD offers an LDAPS endpoint in their "Domain Services" package, that Microsoft offers as an extra bundle of goodies that they license.

The LDAPS endpoint on Azure AD Domain Services offers simple-bind, and returns ldapsearch results.  I can see all Azure AD entry attributes that I should be able to see.

I'm just wondering whether any other Shibboleth deployers are confronting this situation, as I see a few more threads now dealing with Azure integration questions.

Thanks for any waves from the field....

Corey S.

Corey Scholefield | coreys at uvic.ca<mailto:coreys at uvic.ca>
Sr. Identity Systems Analyst
University of Victoria | Victoria, B.C. Canada

University Systems
[Description: cid:503A0399-005C-4190-8638-3C32C44A5C8B]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170526/9f11c6f0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4292 bytes
Desc: image001.jpg
URL: <http://shibboleth.net/pipermail/users/attachments/20170526/9f11c6f0/attachment.jpg>