Shibboleth EDS and Azure

Cantor, Scott cantor.2 at
Fri Aug 14 18:27:54 UTC 2020

On 8/14/20, 2:09 PM, "users on behalf of Jason Cormie" <users-bounces at on behalf of jason.cormie at> wrote:
>    the first is more for microsoft than this arena, does anyone know how to get Microsoft to release more useful SAML
> metadata?

You either control the metadata, in which case this answers itself, or the answer is pretty much "when the sun dies".

>    My second question, is there a way to inject something into the metadata in the shibboleth2.xml that will be picked up
> by EDS?

Not without moving to something that's completely separate like the MDA software that can munge metadata completely (we even came up with a set of rules for it that will produce the JSON directly so the SP doesn't need aggregates). There are no filters to add this sort of thing in the SP itself.

The general answer would be that remotely relying on Azure's metadata is probably pointless anyway since I doubt it's signed, managed correctly, appropriately expiring, divorced from the configuration to allow for key changes, etc. And a local copy can of course be modified.

-- Scott

More information about the users mailing list