Shibboleth IdP in AWS and Office 365 ECP issues

shibboleth655 at shibboleth655 at
Wed Oct 25 13:10:55 EDT 2017

We moved some of our Shibboleth 3.3.1 IdP traffic onto containers in 
AWS. For the most part this worked fine, but we do see intermittent 
problems with Office 365 on mobile devices and other clients that use ECP.

Looking at the IdP logs, we see no errors. In fact, according to our IdP 
process log, every authentication request gets a valid SAML response. 
However, users started (sometimes) seeing a "Password incorrect" on 
their iPhones and other mobile devices after we moved some of the 
traffic to AWS.

We have tried working with Microsoft, but they want client-side logs 
that are hard to come by when the client is a phone.

Has anyone else had issues with Office 365 ECP when running Shibboleth 
IdP in AWS? If so, how did you resolve them?

Thanks, Adam Lewenberg

More information about the users mailing list