azure ad –o365 integration · 2020-05-20 · microsoft azure ad with pass-through-authentication...
TRANSCRIPT
© 2020 SWITCH | 2
Microsoft Azure AD with Pass-Through-Authentication (PTA)
Microsoft Cloud SWITCH edu-ID (production federation)
Organisation SWITCH(edu-ID adopted)
Admin
0. user provisioningwith scripts to AAD User
1. Access attempt(unauthenticated)
2. Home realmdiscovery(WAYF)
3. Authentication
4. Service access
(authenticated)
Azure AD
© 2020 SWITCH | 3
Limitations and workarounds
• Limitation: Bilateral non-standard configuration• Current solution: Special configuration on SWITCH edu-ID
IdP• Long-term solution: Proxy
• Limitation: One Microsoft Custom Domain per SAML-IdP only
• Shortly available solution: One proxy per domain
© 2020 SWITCH | 4
Multiple instances for multiple domains
Bundled together in Shibboleth IdP V4.0
Proxy architecture
SWITCH edu-ID IdP
ShibSP
ShibIdP
Azure AD / O365
ShibSP
ShibIdP
SWITCHaai federationMicrosoft