Share via

Using Shibboleth as an Identity Provider for Office 365

  • Article

 

 

We have released documentation for Shibboleth support, marking the public availability for Shibboleth integration into Office 365!  You can find the reference here.  This provides a customer with the ability to provide their Active Directory users with single sign-on experience by using Shibboleth Identity Provider as their preferred Security Token Service (STS).

The scenarios covered for support include:

1. Web-based clients such as Outlook Web Access for Exchange and SharePoint Online.  

2. Rich client support including IMAP, POP, EAS, MAP, Outlook 2007, Thunderbird 8 and 9, iPhone, and Windows Phone (These options need to support basic authentication to Exchange for access method and we also need Enhanced Client Protocol (ECP) to be deployed).

All other clients are not support in this SSO scenario with Shibboleth as an iDP.

To setup this configuration you’ll need to setup the following:

 

  1. Configure Shibboleth for use with single sign-on.
  2. Install Windows PowerShell for single sign-on with Shibboleth
  3. Set up a trust between Shibboleth and Windows Azure AD
  4. Follow the detailed instructions in Directory synchronization roadmap to prepare for, activate, install a tool, and verify directory synchronization.
  5. Verify single sign-on with Shibboleth

 

Please contact your Microsoft account team on how to get a customer supported for Shibboleth.

Comments

  • Anonymous
    August 17, 2012
    Has anyone managed to get this to work? Is there something that MS needs to do on their end? i.e Please contact your Microsoft account team on how to get a customer supported for Shibboleth.

  • Anonymous
    September 05, 2012
    If my shibboleth was created on Linux, is that work?

  • Anonymous
    October 31, 2012
    Yes, a shib IdP on Linux will work with O365 SP.

  • Anonymous
    October 31, 2012
    Anon, MS doesn't need to do anything on their end.

  • Anonymous
    September 09, 2013
    Referring to this configuration , I just set up the environment. But the SP initiate sso does not work in my env.  I trace the http heards, I can not find any info about SAML request. I can only see some parameters "wa","wrtreaml", it looks like WS-Federation.  Is there any one having some experience or suggestion about this issue ?

  • Anonymous
    October 29, 2013
    Thanks for the article! I am currently supporting SSO with o365 using ADFS 2.0 but I have been requested to convert it to use Shibboleth.   I currently have all my accounts federated to o365.   I am hoping that I will be able to run in parallel so that I can write my new application to authenticate users using the Shibboleth STS. I hope that this will not be an issue.