IdP-Initiated with Office 365
ndk at sudonym.me
Fri Sep 7 23:39:03 EDT 2018
Excuse me, 3A, not 3B.
On Sat, Sep 8, 2018 at 2:51 AM, Nate Klingenstein <ndk at sudonym.me> wrote:
> I suspect that something like the below would work, but I don't have an
> account nor an IdP I can use to test it with.
> Federated identity in general means fewer logins(but as many or more
> sessions total) but the number of logins does not depend on whether the IdP
> or SP initiates the process. The number of logins depends on the IdP's
> session management and whether a current session exists for the user that
> satisfies a request issued by the SP.
> Unsolicited SSO may obviate the need to do IdP discovery, which would be
> the only reduction in required user interaction. That's a win, but
> unsolicited SSO comes with other trade-offs. You may need to end up
> supporting IdP discovery and SP-initiated SSO for Microsoft's native
> applications anyway. It's worth reading through this Wiki article.
> The only data transmitted in the assertion is the user's objectGUID and a
> mysterious identifier known as IDPEmail, and the SAML assertion itself
> would be considered the credential from the SP's point of view. Most of
> the heavy provisioning lifting is done by the descendant of DirSync.
> Hope this helps,
> On Fri, Sep 7, 2018 at 10:40 PM, Kevin <kevin at thenext.net> wrote:
>> How would one use IdP-Initiated SSO with Shibboleth and Office 365? In a
>> university settings would this not be fewer logins? Would their be a URL
>> nomenclature that one would use to pass the credentials to the SP?
>> Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f16
>> For Consortium Member technical support, see
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users