Office 365 Shibboleth SAML 2.0 SSO with LDAP backend
phohberg at it.ucla.edu
Thu Mar 22 17:41:08 EDT 2018
Many thanks to all for your responses. All of these docs have helped to complete the picture. The Shibboleth wiki integration guide looks like an excellent resource.
From: users <users-bounces at shibboleth.net> on behalf of Greg Haverkamp <gahaverkamp at lbl.gov>
Sent: Thursday, March 22, 2018 11:19:22 AM
To: Shib Users
Subject: Re: Office 365 Shibboleth SAML 2.0 SSO with LDAP backend
On Thu, Mar 22, 2018 at 8:54 AM, Hohberg, Paul <phohberg at it.ucla.edu<mailto:phohberg at it.ucla.edu>> wrote:
Has anyone successfully implemented Office 365 Shibboleth SSO using SAML 2.0 (not just ECP) with an LDAP (not AD) authentication backend? Would you be willing to share how it was done, even if at a high level or point me to any related documentation?
It seems that Office 365 requires an immutableID attribute that is mapped to GUID when AD is used for authentication. We're considering if this can be mapped to an attribute in LDAP that Office 365 would accept.
Yes. They don't care.
We basically followed this: https://wiki.shibboleth.net/confluence/x/BoFKAQ
And used a different local, unique attribute. We also followed the MS documentation that Carl linked to. (Our Office365 admin was apparently incapable of doing so, despite our repeated requests that he stop contacting MS support and just do what we were telling him to do.)
Microsoft documentation provides this attribute-resolver example for immutableID and GUID with AD.
<!-- Use AD objectGUID for ImmutableID -->
<resolver:AttributeDefinition id="ImmutableID" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
<resolver:Dependency ref="myLDAP" />
Thanks in advance,
UCLA Information Management Services
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users