You need to have an immutableId that is shared with Office365 through your
import process. This can be almost anything just cannot be changed on the
o365 side. Typically people use the account guid from their directory
server.
You can use the integration like how you are currently or below is my
service for office 365.
Do you have the attributes 'scopedImmutableID,IDPEmail,ImmutableID' being
imported into the cas attribute repository from your openldap?
Service for office365:
{
"id" : 23,
"@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService",
"evaluationOrder" : 23,
"metadataLocation" :
"https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml";
,
"metadataExpirationDuration" : "PT60M",
"signAssertions" : false,
"skipGeneratingAssertionNameId" : false,
"skipGeneratingSubjectConfirmationInResponseTo" : false,
"skipGeneratingSubjectConfirmationNotOnOrAfter" : false,
"skipGeneratingSubjectConfirmationRecipient" : false,
"skipGeneratingSubjectConfirmationNotBefore" : true,
"signResponses" : true,
"encryptAssertions" : false,
"metadataCriteriaRoles" : "SPSSODescriptor",
"metadataCriteriaRemoveEmptyEntitiesDescriptors" : true,
"metadataCriteriaRemoveRolelessEntityDescriptors" : true,
"signingCredentialType" : "BASIC",
"serviceId" : "urn:federation:MicrosoftOnline",
"name" : "office365",
"description" : "Office 365",
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider"
,
"usernameAttribute" : "ImmutableId",
"canonicalizationMode" : "NONE",
"encryptUsername" : false
},
"logoutType" : "BACK_CHANNEL",
"logoutUrl" : "https://login.microsoftonline.com/login.srf";,
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
}
}
sadf
On Tuesday, July 2, 2019 at 9:38:53 AM UTC-5, Alfonso Veraluz wrote:
>
> Hello.
>
> I have a CAS 5.2.3 running fine with a Tomcat 8.0.32, Openjdk 1.8 and
> connected to a OpenLdap so my users can login with the uid and the mail.
> This CAS is actually providing SSO between Alfresco and Liferay.
>
> I want to add the SSO with Office365 but only for a particular public
> domain and there are some questions:
>
> 1.- What FederationMetadata.xml is needed to provide in CAS, the one in
> https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml
>
> or the one with my EntityID provided from the Portal Azure Admin section?
> 2.- How to map the mail in the OpenLdap to be the same at O365 account?
> It's suposed the idp will map in the cas.samlSp.office365.attributes?
>
> adding this to my cas.properties should be enough?
>
> #/etc/cas/saml/frommsoft/federationmetadata.xml from
> https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml
>
> cas.samlSP.office365.metadata=/etc/cas/saml/frommsoft/federationmetadata.xml
> cas.samlSp.office365.name=O365
> cas.samlSp.office365.description=Office365 Integration
> cas.samlSp.office365.nameIdAttribute=scopedImmutableID
> cas.samlSp.office365.attributes=IDPEmail,ImmutableID
>
> Thanks your comments.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/52da3327-d9fd-4056-a7f7-a61499b03eba%40apereo.org.
