Hi, I was integrated with o365 but on OPENID on version 5.2.x but this version has poor support for integration with o365. Try too use version 5.3.x or if You can 6.0.x. In version 5.2.x is problem that O365 don't support redirect url with parameter, and CAS generate url with parameter version 5.3.x fixed that.
wt., 9 lip 2019 o 21:30 'Robert Bond' via CAS Community <cas-user@apereo.org> napisał(a): > Have you switched office 365 over to use federated login via > the Set-MsolDomainAuthentication powershell command? > > On Monday, July 8, 2019 at 11:28:18 AM UTC-5, Alfonso Veraluz wrote: >> >> Hello. >> >> No. I made an advance adding values like to the inmutableId in the 365 >> users but after that: >> 1) I can login to Cas but it doesn't login on the >> login.microsoftonline.com >> 2) I can login in login.microsoftonline.com but doesn't sso with my >> Cas. >> >> It's just both systems are not connected after all. >> >> El lunes, 8 de julio de 2019, 15:28:10 (UTC+2), Robert Bond escribió: >>> >>> Were you able to complete the o365 setup with cas? >>> >>> On Wednesday, July 3, 2019 at 9:26:36 AM UTC-5, Robert Bond wrote: >>>> >>>> If you do not want to use Azure AD Connect you can create a process to >>>> sync via powershell. I have an example on my github: >>>> https://github.com/bondr007/office365UserSync it consumes a csv and >>>> does some querys to AD. It could be modified for openldap. >>>> >>>> The steps to actually enable SSO on office are hard to find, It has to >>>> be done via powershell. Here is what I used: >>>> >>>> http://malithiedirisinghe.blogspot.com/2015/12/office-365-saml-20-federation-with-wso2.html >>>> <http://www.google.com/url?q=http%3A%2F%2Fmalithiedirisinghe.blogspot.com%2F2015%2F12%2Foffice-365-saml-20-federation-with-wso2.html&sa=D&sntz=1&usg=AFQjCNHNwyabwzLWU09P3slgH4uSWF2xtQ> >>>> >>>> Here are the specific settings I used when configuring office 365 >>>> federation with cas. >>>> ActiveLogOnUri : >>>> DefaultInteractiveAuthenticationMethod : >>>> FederationBrandName : >>>> IssuerUri : >>>> https://logon.example.com/cas/idp >>>> LogOffUri : >>>> https://logon.example/cas/logout?service=http%3A%2F%2Fportal.office.com%2F >>>> MetadataExchangeUri : >>>> NextSigningCertificate : >>>> OpenIdConnectDiscoveryEndpoint : >>>> PassiveLogOnUri : >>>> https://logon.example.com/cas/idp/profile/SAML2/POST/SSO >>>> >>>> Let me know if that helps. >>>> >>>> >>>> On Wed, Jul 3, 2019 at 5:19 AM Alfonso Veraluz <avera...@gmail.com> >>>> wrote: >>>> >>>>> Hello Robert >>>>> >>>>> Users from the openLdap and from the O365 are not synced at all at the >>>>> moment. It's supossed to achive this with the Azure AD Connect but this >>>>> means a new server on Windows and seems the only option it may fit is with >>>>> the Passthrough option ( >>>>> https://docs.microsoft.com/es-es/azure/active-directory/hybrid/how-to-connect-pta) >>>>> . Not sure about it and i can test it but will require some time to build >>>>> and configure it. This can be achieved via powershell? >>>>> >>>>> As @casuser, the steps to be done in the O365 are not very clear in >>>>> the documentation >>>>> >>>>> Thanks >>>>> >>>>> El martes, 2 de julio de 2019, 23:41:11 (UTC+2), Robert Bond escribió: >>>>>> >>>>>> >>>>>> Were you able to complete the setup? >>>>>> >>>>>> Thanks! >>>>>> On Tuesday, July 2, 2019 at 9:38:53 AM UTC-5, Alfonso Veraluz wrote: >>>>>>> >>>>>>> Hello. >>>>>>> >>>>>>> I have a CAS 5.2.3 running fine with a Tomcat 8.0.32, Openjdk 1.8 >>>>>>> and connected to a OpenLdap so my users can login with the uid and the >>>>>>> mail. >>>>>>> This CAS is actually providing SSO between Alfresco and Liferay. >>>>>>> >>>>>>> I want to add the SSO with Office365 but only for a particular >>>>>>> public domain and there are some questions: >>>>>>> >>>>>>> 1.- What FederationMetadata.xml is needed to provide in CAS, the one >>>>>>> in >>>>>>> https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml >>>>>>> or the one with my EntityID provided from the Portal Azure Admin >>>>>>> section? >>>>>>> 2.- How to map the mail in the OpenLdap to be the same at O365 >>>>>>> account? It's suposed the idp will map in the >>>>>>> cas.samlSp.office365.attributes? >>>>>>> >>>>>>> adding this to my cas.properties should be enough? >>>>>>> >>>>>>> #/etc/cas/saml/frommsoft/federationmetadata.xml from >>>>>>> https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml >>>>>>> >>>>>>> >>>>>>> cas.samlSP.office365.metadata=/etc/cas/saml/frommsoft/federationmetadata.xml >>>>>>> cas.samlSp.office365.name=O365 >>>>>>> cas.samlSp.office365.description=Office365 Integration >>>>>>> cas.samlSp.office365.nameIdAttribute=scopedImmutableID >>>>>>> cas.samlSp.office365.attributes=IDPEmail,ImmutableID >>>>>>> >>>>>>> Thanks your comments. >>>>>>> >>>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to cas-...@apereo.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/49ba8f0f-fee3-4bcb-a154-d2345360178d%40apereo.org >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/49ba8f0f-fee3-4bcb-a154-d2345360178d%40apereo.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> >>>> >>>> -- >>>> Robert Bond >>>> Network Administrator >>>> (918) 444-5886 >>>> Northeastern State University >>>> >>> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/06795e7f-0940-4315-b8ca-c11fe9e0beca%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/06795e7f-0940-4315-b8ca-c11fe9e0beca%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD1CM_jo4r%3DuibO%2B66P5zhX5b%2BjR1ejoaa2CUbYxYs7UspYKkQ%40mail.gmail.com.
