Second Office365 Domain requires different "Issuer URI"

adam.crump at amkor.com adam.crump at amkor.com
Thu Oct 12 18:51:07 EDT 2017 

I have just stumbled upon this issue myself.  I would like to offer this
alternative responderStrategy that can be managed completely in the
relying-party.xml using an inline script.  The uri for 0365 can be pretty
much anything you want as long as it is a properly formatted uri, it does
not have to be internet reachable.  The idea is to use a url parameter to
get Shib to changed the issuerid to the same value that is configured for
uri for the domain in o365

Office 356 setup
Domain 1 mail.contoso.com
$dom = "mail.contoso.com”
$url = "https://idp.contoso.com/idp/profile/SAML2/POST/SSO?morid=constoso"
$ecpUrl = "https://idp.contoso.com/idp/profile/SAML2/SOAP/ECP?morid=contoso"
$uri = "https://idp.contoso.com/idp/shibboleth/contoso"

Domain 2 mail.contoso.co.de
$dom = "mail.contoso.co.de”
$url =
"https://idp.contoso.com/idp/profile/SAML2/POST/SSO?morid=constoso.de"
$ecpUrl =
"https://idp.contoso.com/idp/profile/SAML2/SOAP/ECP?morid=contoso.de"
$uri = "https://idp.contoso.com/idp/shibboleth/contoso.de"

Shibboleth IDP responderIdLookupStrategy and dependent beans
    <util:map id="microsoftOnlineRespondersIdMap">
        <entry key="default"
value="https://idp.contoso.com/idp/shibboleth/contoso />
        <entry key="contoso" value="
https://idp.contoso.com/idp/shibboleth/contoso" />
<entry key="contoso.de" value="
https://idp.contoso.com/idp/shibboleth/contoso.de" />
    </util:map>

    <util:map id="customObjectsMicrosoftOnlineResponderIdScript">
        <entry key="httpServletRequest"
value-ref="shibboleth.HttpServletRequest" />
        <entry key="microsoftOnlineRespondersIdMap"
value-ref="microsoftOnlineRespondersIdMap" />
    </util:map>

    <bean id="microsoftOnlineResponderIdScript"
parent="shibboleth.ContextFunctions.Scripted" factory-method="inlineScript"
        p:customObject-ref="customObjectsMicrosoftOnlineResponderIdScript">
        <constructor-arg>
            <value>
                        
            </value>
        </constructor-arg>
    </bean>



--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html

More information about the users mailing list