Neat tip for anyone using cas with Office 365. You can have Microsoft automatically redirect to your cas login by using a link like the below: https://login.microsoftonline.com/?whr=example.com
A few other options mentioned here: https://www.enowsoftware.com/solutions-engine/using-smart-links-to-improve-the-login-process-to-office-365-applications On Monday, July 8, 2019 at 8:28:10 AM UTC-5, Robert Bond wrote: > > Were you able to complete the o365 setup with cas? > > On Wednesday, July 3, 2019 at 9:26:36 AM UTC-5, Robert Bond wrote: >> >> If you do not want to use Azure AD Connect you can create a process to >> sync via powershell. I have an example on my github: >> https://github.com/bondr007/office365UserSync it consumes a csv and does >> some querys to AD. It could be modified for openldap. >> >> The steps to actually enable SSO on office are hard to find, It has to be >> done via powershell. Here is what I used: >> >> http://malithiedirisinghe.blogspot.com/2015/12/office-365-saml-20-federation-with-wso2.html >> >> Here are the specific settings I used when configuring office 365 >> federation with cas. >> ActiveLogOnUri : >> DefaultInteractiveAuthenticationMethod : >> FederationBrandName : >> IssuerUri : >> https://logon.example.com/cas/idp >> LogOffUri : >> https://logon.example/cas/logout?service=http%3A%2F%2Fportal.office.com%2F >> MetadataExchangeUri : >> NextSigningCertificate : >> OpenIdConnectDiscoveryEndpoint : >> PassiveLogOnUri : >> https://logon.example.com/cas/idp/profile/SAML2/POST/SSO >> >> Let me know if that helps. >> >> >> On Wed, Jul 3, 2019 at 5:19 AM Alfonso Veraluz <[email protected]> >> wrote: >> >>> Hello Robert >>> >>> Users from the openLdap and from the O365 are not synced at all at the >>> moment. It's supossed to achive this with the Azure AD Connect but this >>> means a new server on Windows and seems the only option it may fit is with >>> the Passthrough option ( >>> https://docs.microsoft.com/es-es/azure/active-directory/hybrid/how-to-connect-pta) >>> >>> . Not sure about it and i can test it but will require some time to build >>> and configure it. This can be achieved via powershell? >>> >>> As @casuser, the steps to be done in the O365 are not very clear in the >>> documentation >>> >>> Thanks >>> >>> El martes, 2 de julio de 2019, 23:41:11 (UTC+2), Robert Bond escribió: >>>> >>>> >>>> Were you able to complete the setup? >>>> >>>> Thanks! >>>> On Tuesday, July 2, 2019 at 9:38:53 AM UTC-5, Alfonso Veraluz wrote: >>>>> >>>>> Hello. >>>>> >>>>> I have a CAS 5.2.3 running fine with a Tomcat 8.0.32, Openjdk 1.8 and >>>>> connected to a OpenLdap so my users can login with the uid and the mail. >>>>> This CAS is actually providing SSO between Alfresco and Liferay. >>>>> >>>>> I want to add the SSO with Office365 but only for a particular public >>>>> domain and there are some questions: >>>>> >>>>> 1.- What FederationMetadata.xml is needed to provide in CAS, the one >>>>> in >>>>> https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml >>>>> >>>>> or the one with my EntityID provided from the Portal Azure Admin section? >>>>> 2.- How to map the mail in the OpenLdap to be the same at O365 >>>>> account? It's suposed the idp will map in the >>>>> cas.samlSp.office365.attributes? >>>>> >>>>> adding this to my cas.properties should be enough? >>>>> >>>>> #/etc/cas/saml/frommsoft/federationmetadata.xml from >>>>> https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml >>>>> >>>>> >>>>> cas.samlSP.office365.metadata=/etc/cas/saml/frommsoft/federationmetadata.xml >>>>> cas.samlSp.office365.name=O365 >>>>> cas.samlSp.office365.description=Office365 Integration >>>>> cas.samlSp.office365.nameIdAttribute=scopedImmutableID >>>>> cas.samlSp.office365.attributes=IDPEmail,ImmutableID >>>>> >>>>> Thanks your comments. >>>>> >>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/49ba8f0f-fee3-4bcb-a154-d2345360178d%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/49ba8f0f-fee3-4bcb-a154-d2345360178d%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> Robert Bond >> Network Administrator >> (918) 444-5886 >> Northeastern State University >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9f9cbbb5-01f3-4cee-8203-16e56209f2cf%40apereo.org.
