Use Office365 Username for populating IdP login form
Peter Schober
peter.schober at univie.ac.at
Mon Apr 1 06:06:39 EDT 2019
* Martin Haase <Martin.Haase at DAASI.de> [2019-04-01 11:30]:
> > Given these factors (leaking data to the SP that may be private to the
> > IDP;
>
> hmmm. After AuthN, the O365 SP gets the IDPEmail / Username anyway, no?
What a subject enters at login time at the IDP (or on their desktop,
if using SPNEGO/Kerberos) and what is released to a given SP have no
direct relationship.
My IDP may not even support logging in with the identifier a given SP
expects in the SAML response (and that's none of the SP's business),
so clearly what I enter and what they get can (and sometimes have to)
be different.
> How exactly would this work with MS Office Products that fire up an
> embedded browser, even without a URL field?
I was commenting on the integration strategy in general, not the
(in)ability of specific M$ products.
If M$ don't allow use WAYFless URLs and forces use of their discovery
service on every login things are even more broken than I could have
guessed.
But I have never used that service myself nor do I intend to do so.
-peter
More information about the users
mailing list