Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Assistance with Integrating Shibboleth IDP with Azure AD

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Assistance with Integrating Shibboleth IDP with Azure AD


Chronological Thread 
  • From: "Cantor, Scott" <cantor.2 AT osu.edu>
  • To: Muhammad Farhan SJAUGI <farhan AT sifulan.my>, Andreas Theodorou <andreas.theodorou AT cynet.ac.cy>
  • Cc: "edugain-discuss AT lists.geant.org" <edugain-discuss AT lists.geant.org>
  • Subject: Re: [eduGAIN-discuss] Assistance with Integrating Shibboleth IDP with Azure AD
  • Date: Thu, 4 May 2023 12:22:17 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=osu.edu; dmarc=pass action=none header.from=osu.edu; dkim=pass header.d=osu.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oTa81ENVwRsGLFjd6tvwlstwxXi6GxKOeKuZ+n8JWF8=; b=Vvb0hKtHvYxFCRDpnjpLVVqXJS/mIvg736JwAQ+IyASr5EZkZ5YvpnIZoF/VCAO3HDrSuayOpre7j7NP1Le23iaWU1EKfLGHkqxKqwOrSG6RlgSQRGr7d3zfLZ82N+Qm19fh5BUFXi2cqpA/zD0kN2EnUHCkDxwOflzoZBuoT2mPk3yg89zNtwCISKXsObwfouGEs2LTG5k74j8PJ8SjkOQ8ldkx0CZ40YKSNZn9xVX1mjwfgdp8vgirW7FkX2OYcZ25LqO4pLYy1wSTiaG0OVneNqohvq6p2XpqZ8ZY54HitkIzvL1ZZTgkCoEkibsY2DrUZ2vxTsIpFg073aZogw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X+VJLAsV7XnQGWo9ZlL8GdByUnXhxoaEvMGzmaJx47IvshQ5F1JlLRrX8T8o9O3XUMShJMpRiRmFW4pY86BYQ9q9cHZ5g2OdpMEMDRKIF6djKvCHnvZvVLQK5SifkcbXCJCI1VytrWbGuVqxuO8iODLlPaLwnX8y2CSenxjOQc3epBnp1/PNn+AEY0YYWjcjGX/mfdS+pXIIbVo/eVVKU5oQChY/hn36EDVpr1lkMAJw88GIgKUSU/iUiGpXcL07W19cB9huz5XLXuKtabbTZT/lxVlJQxiIgtaS7Cshxfpmb5RBeyCcoZ2x/b63BphAhdo68eHafiQnnNXjZySbxw==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=osu.edu;

The documentaton for any use of proxying is
https://wiki.shibboleth.net/confluence/display/IDP4/SAMLAuthnConfiguration
and there is nothing particularly special about using Azure other than it's
lack of SAML compliance.

> Before I elaborate further, do you have any plan to authenticate windows
> machine to azure ad? If yes, then you may have a challenge to do so as
> shibboleth idp doesn’t support it.

Shibboleth supports SPNEGO and even if it didn’t, there couldn't possibly be
anything the proxying IdP prevents the other IdP from doing with the client
if it wants to.

-- Scott





Archive powered by MHonArc 2.6.24.

Top of Page