Have you switched office 365 over to use federated login via the Set-MsolDomainAuthentication powershell command?
On Monday, July 8, 2019 at 11:28:18 AM UTC-5, Alfonso Veraluz wrote: > > Hello. > > No. I made an advance adding values like to the inmutableId in the 365 > users but after that: > 1) I can login to Cas but it doesn't login on the > login.microsoftonline.com > 2) I can login in login.microsoftonline.com but doesn't sso with my Cas. > > It's just both systems are not connected after all. > > El lunes, 8 de julio de 2019, 15:28:10 (UTC+2), Robert Bond escribió: >> >> Were you able to complete the o365 setup with cas? >> >> On Wednesday, July 3, 2019 at 9:26:36 AM UTC-5, Robert Bond wrote: >>> >>> If you do not want to use Azure AD Connect you can create a process to >>> sync via powershell. I have an example on my github: >>> https://github.com/bondr007/office365UserSync it consumes a csv and >>> does some querys to AD. It could be modified for openldap. >>> >>> The steps to actually enable SSO on office are hard to find, It has to >>> be done via powershell. Here is what I used: >>> >>> http://malithiedirisinghe.blogspot.com/2015/12/office-365-saml-20-federation-with-wso2.html >>> >>> <http://www.google.com/url?q=http%3A%2F%2Fmalithiedirisinghe.blogspot.com%2F2015%2F12%2Foffice-365-saml-20-federation-with-wso2.html&sa=D&sntz=1&usg=AFQjCNHNwyabwzLWU09P3slgH4uSWF2xtQ> >>> >>> Here are the specific settings I used when configuring office 365 >>> federation with cas. >>> ActiveLogOnUri : >>> DefaultInteractiveAuthenticationMethod : >>> FederationBrandName : >>> IssuerUri : >>> https://logon.example.com/cas/idp >>> LogOffUri : >>> https://logon.example/cas/logout?service=http%3A%2F%2Fportal.office.com%2F >>> MetadataExchangeUri : >>> NextSigningCertificate : >>> OpenIdConnectDiscoveryEndpoint : >>> PassiveLogOnUri : >>> https://logon.example.com/cas/idp/profile/SAML2/POST/SSO >>> >>> Let me know if that helps. >>> >>> >>> On Wed, Jul 3, 2019 at 5:19 AM Alfonso Veraluz <[email protected]> >>> wrote: >>> >>>> Hello Robert >>>> >>>> Users from the openLdap and from the O365 are not synced at all at the >>>> moment. It's supossed to achive this with the Azure AD Connect but this >>>> means a new server on Windows and seems the only option it may fit is with >>>> the Passthrough option ( >>>> https://docs.microsoft.com/es-es/azure/active-directory/hybrid/how-to-connect-pta) >>>> >>>> . Not sure about it and i can test it but will require some time to build >>>> and configure it. This can be achieved via powershell? >>>> >>>> As @casuser, the steps to be done in the O365 are not very clear in the >>>> documentation >>>> >>>> Thanks >>>> >>>> El martes, 2 de julio de 2019, 23:41:11 (UTC+2), Robert Bond escribió: >>>>> >>>>> >>>>> Were you able to complete the setup? >>>>> >>>>> Thanks! >>>>> On Tuesday, July 2, 2019 at 9:38:53 AM UTC-5, Alfonso Veraluz wrote: >>>>>> >>>>>> Hello. >>>>>> >>>>>> I have a CAS 5.2.3 running fine with a Tomcat 8.0.32, Openjdk 1.8 and >>>>>> connected to a OpenLdap so my users can login with the uid and the mail. >>>>>> This CAS is actually providing SSO between Alfresco and Liferay. >>>>>> >>>>>> I want to add the SSO with Office365 but only for a particular public >>>>>> domain and there are some questions: >>>>>> >>>>>> 1.- What FederationMetadata.xml is needed to provide in CAS, the one >>>>>> in >>>>>> https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml >>>>>> >>>>>> or the one with my EntityID provided from the Portal Azure Admin section? >>>>>> 2.- How to map the mail in the OpenLdap to be the same at O365 >>>>>> account? It's suposed the idp will map in the >>>>>> cas.samlSp.office365.attributes? >>>>>> >>>>>> adding this to my cas.properties should be enough? >>>>>> >>>>>> #/etc/cas/saml/frommsoft/federationmetadata.xml from >>>>>> https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml >>>>>> >>>>>> >>>>>> cas.samlSP.office365.metadata=/etc/cas/saml/frommsoft/federationmetadata.xml >>>>>> cas.samlSp.office365.name=O365 >>>>>> cas.samlSp.office365.description=Office365 Integration >>>>>> cas.samlSp.office365.nameIdAttribute=scopedImmutableID >>>>>> cas.samlSp.office365.attributes=IDPEmail,ImmutableID >>>>>> >>>>>> Thanks your comments. >>>>>> >>>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/49ba8f0f-fee3-4bcb-a154-d2345360178d%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/49ba8f0f-fee3-4bcb-a154-d2345360178d%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> Robert Bond >>> Network Administrator >>> (918) 444-5886 >>> Northeastern State University >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/06795e7f-0940-4315-b8ca-c11fe9e0beca%40apereo.org.
