We have released documentation for Shibboleth support, marking the public availability for Shibboleth integration into Office 365! You can find the reference here. This provides a customer with the ability to provide their Active Directory users with single sign-on experience by using Shibboleth Identity Provider as their preferred Security Token Service (STS).
The scenarios covered for support include:
1. Web-based clients such as Outlook Web Access for Exchange and SharePoint Online.
2. Rich client support including IMAP, POP, EAS, MAP, Outlook 2007, Thunderbird 8 and 9, iPhone, and Windows Phone (These options need to support basic authentication to Exchange for access method and we also need Enhanced Client Protocol (ECP) to be deployed).
All other clients are not support in this SSO scenario with Shibboleth as an iDP.
To setup this configuration you’ll need to setup the following:
Please contact your Microsoft account team on how to get a customer supported for Shibboleth.
Has anyone managed to get this to work?
Is there something that MS needs to do on their end? i.e Please contact your Microsoft account team on how to get a customer supported for Shibboleth.
If my shibboleth was created on Linux, is that work?
Yes, a shib IdP on Linux will work with O365 SP.
Anon, MS doesn't need to do anything on their end.
Referring to this configuration , I just set up the environment. But the SP initiate sso does not work in my env. I trace the http heards, I can not find any info about SAML request. I can only see some parameters "wa","wrtreaml", it looks like WS-Federation. Is there any one having some experience or suggestion about this issue ?
Thanks for the article!
I am currently supporting SSO with o365 using ADFS 2.0 but I have been requested to convert it to use Shibboleth. I currently have all my accounts federated to o365. I am hoping that I will be able to run in parallel so that I can write my new application to authenticate users using the Shibboleth STS.
I hope that this will not be an issue.