Office 365 + Shibboleth ?

PHILIP SCOTT SWANZY pss127 at psu.edu
Wed Oct 11 17:16:52 EDT 2017 

We had worked through some of the shibboleth integration and are only now expanding our o365 offering. We only use Azure AD basic with an on site Active Directory and Shibboleth implementation. The best documentation i found was 

Shibboleth configuration: 
https://msdn.microsoft.com/en-us/library/azure/jj205463.aspx 

o365 Configuration: Set up a trust between Shibboleth and Azure AD 
https://msdn.microsoft.com/en-us/library/azure/jj205457.aspx 

We have found that on the the trust side in Azure required us to only set each setting 1 at a time as for some reason we cannot get the powershell command to take all of the settings. For some reason it just fails silently but adding one at a time worked. Also, if you have a test tenant, the $uri must be unique name, which means you cannot have a test and production tenant that uses your production shib uri name as it will error out on you. One other gotcha we have not verified is, currently when we run these commands, it still required us to initially set the adfs context when enabling federation. We had to do that first then switch to shibboleth. 

We are in the middle of testing our ECP configurations with o365 as well as office installations. So far though, authentication to our single sign on has worked cross platform on all current versions of windows and MAC including iOS to leverage the office online capabilities. Since we do not use Azure AD premium, we have no idea about the issues with joins or anything associated with credentials held in the Azure AD as all our passwords are on prem. 


-- 
Philip Swanzy 
Identity and Access Management 
The Pennsylvania State University 
Technology Support Building 
State College PA 16803 
pss127 at psu.edu 
814-867-1533 


Calendar Free/busy: https://ucs.psu.edu/home/pss127@psu.edu?fmt=freebusy 



From: "Robert Rust" <robert.j.rust at uwrf.edu> 
To: users at shibboleth.net 
Sent: Wednesday, October 11, 2017 4:58:02 PM 
Subject: Office 365 + Shibboleth ? 



A couple of questions around Office 365 with Shibboleth authentication. I’m looking at options for our setup as we need to implement multi-factor authentication and I at the very least need to replace our ADFS 2.0 installation. I’ve found information on upgrading ADFS, but given we’re focusing on Shib for our other apps, I’d prefer to switch to Shibboleth since setting up the same level of availability with ADFS that we already have for Shib would be more of a challenge I think. 

    1. For those of you using Shib + Office 365, have you found any setups that routinely don’t work or other gotchas? I saw traffic a while back suggesting that activation of desktop installations of Office software on Macs didn’t work. I also recall reading somewhere that the Shib signing certificate would need to be a commercially issued one in order to work with Office 365. 
    2. Were there any guides that you used to set it up in the first place? The closest I’ve found is a guide for Dynamics 365 ( [ https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/configure-saml2-settings) | https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/configure-saml2-settings) ] 




I do have a test environment I can break things in to try this out, but I’d prefer not to fly blind. 



Robert 



-- 


~~~~~~~~~~~~~~~~~~~~~~~~~ 


Robert J. Rust 


Systems Administrator 


Division of Technology Services 


Univ. of Wisc. - River Falls 


~~~~~~~~~~~~~~~~~~~~~~~~~ 




-- 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20171011/d7d7384f/attachment-0001.html>

More information about the users mailing list