We are just about to go live with our O365/Shibboleth/CAS setup... We're not using ADFS (yet) but hope to go that route in the future. Using Shibboleth is fine for Web-based applications plus things like Outlook and mobile devices. As I understand it, it's not going to work for Lync or some of the other things O365 offers.
As far as using O365 with Shibboleth, check out this set of pages from MS: http://technet.microsoft.com/en-us/library/jj205456.aspx There is also a white paper that takes you through the whole process (O365 + Shibboleth), here: http://www.microsoft.com/en-us/download/details.aspx?id=35464 As for Shibboleth using CAS, take a look here (mentioned below, just included here for completeness): https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration :) Tim On 2013/06/18 10:05 AM, "Whittaker, Geoffrey" <geoff.whitta...@unf.edu> wrote: >42. Got it... ;) > >I appreciate the help. I'm about to start trying to stand up the shib >box this afternoon. I'll follow the stuff in the two links and see where >that gets me. > >Do you use two separate servers in production? I'm toying with the idea >of hosting two separate Tomcat instances on one box. > >If you would, give me one last sanity check... > >1. Client goes to O365 and gets directed to SHIB >2. SHIB gets credentials and passes them to CAS for Authentication >(presume success) >3. SHIB goes to ADFS to get the attributes and sends them via SAML 2.0 to >O365 > >Is that how this is supposed to work? I hope so... :) > > >Geoff > >-----Original Message----- >From: Joel Goguen [mailto:joel.gog...@unb.ca] >Sent: Tuesday, June 18, 2013 11:41 AM >To: cas-user@lists.jasig.org >Subject: Re: [cas-user] Office 365, SAML2.0 and CAS > >I think it would be easier to go with what you have right now and fill in >the gaps. Beyond the links I included, the only way to get more specific >would be (I think) to start posting my configuration files, which may end >up being more confusing if you've gotten used to your current layout and >it's markedly different. > >What do you mean by 'how I have secured it"? Who is allowed to use it? >All users with a valid account in good standing. What services use CAS or >Shib? We prefer CAS where possible, Shibboleth for services that don't >support CAS. Something else? 42 is the answer to life, the universe, and >everything. :) > >On 2013 Jun 18, at 11:55 AM, "Whittaker, Geoffrey" ><geoff.whitta...@unf.edu> wrote: > >> Thank you for replying. >> >> I'm having to take a crash course on Shib, CAS, ADFS, and O365. Can >>you explain in a little more detail how you configured this to work, and >>how you secured it? I have to try to get something running here in the >>next few days. >> >> Thanks again for your help. >> >> Geoff >> >> -----Original Message----- >> From: Joel Goguen [mailto:joel.gog...@unb.ca] >> Sent: Monday, June 17, 2013 11:07 AM >> To: cas-user@lists.jasig.org >> Subject: Re: [cas-user] Office 365, SAML2.0 and CAS >> >> On 2013 Jun 17, at 11:57 AM, Marvin S. Addison >><marvin.addi...@gmail.com> wrote: >> >>>> Is there any documentation about the configuration you described? >>>> I've never worked with Shibolith, ADFS, or O365. >>> >>> I'm not aware of any, but I honestly haven't looked very hard. We >>>abandoned the integration effort I mentioned before we got to the point >>>of developing a detailed implementation plan. I am aware that there are >>>folks in the CAS community that have done this (USF), so maybe they can >>>speak up. >>> >>> M >> We're in the process of setting up CAS <-> ADFS <-> O365 right now. >>I've not yet tested the full chain, but the fact that the CAS <-> ADFS >>link works perfectly and the ADFS <-> O365 link works perfectly suggests >>to me that the whole thing should be a smooth transition. We also have >>Shibboleth in the mix, but for us Shibboleth delegates to CAS so a user >>accessing a Shibboleth service currently follows a Shib <-> CAS link, >>and after the switch will follow Shib <-> CAS <-> ADFS. >> >> I used https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration >>to set up the Shib/CAS link, and >>http://sites.ewu.edu/jgasper/ws-federation-cas-user-manual/ to set up >>the CAS/ADFS link. >> >> -- >> Joel Goguen >> Developer / System Administrator >> Enterprise Solutions >> Information Technology Services >> University of New Brunswick >> E-mail: joel.gog...@unb.ca >> Phone: (506) 453-4872 >> Fax: (506) 453-3590 >> >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> geoff.whitta...@unf.edu To unsubscribe, change settings or access >> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> joel.gog...@unb.ca To unsubscribe, change settings or access archives, >> see http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > >-- >Joel Goguen >Developer / System Administrator >Enterprise Solutions >Information Technology Services >University of New Brunswick >E-mail: joel.gog...@unb.ca >Phone: (506) 453-4872 >Fax: (506) 453-3590 > > >-- >You are currently subscribed to cas-user@lists.jasig.org as: >geoff.whitta...@unf.edu >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > > >-- >You are currently subscribed to cas-user@lists.jasig.org as: >tim.mclaugh...@wwu.edu >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
