Hi All, Currently, I am working on the $subject. Please find the detailed description of the tasks below.
Step 01 - Configuring of WSO2 IS to handle Office 365 with single domain. Step 02 - Testing out how WSO2 IS can handle Office 365 Federation with multiple domains in multiple IS instances (a single IS instance dedicated to a single domain). Step 03 - Integrating IS to tackle the issue of Office 365 federation for dual domain in a single IS tenant instance. Step 01 and Step 02 has been completed. Please find [1] and [2] for the instructions on how to carry out Step 01. While carrying out Step 02, following limitations were identified. 1. Two domains in Office 365 use the same Service Provider entity id (SP issuer name). In IS two domains are represented as two service providers. Each service provider (in the same tenant instance) should have unique issuer name. 2. Office 365 requires to have a unique IDP entity ID for each domain. In IS the same IDP entity ID is utilized for all service providers available in a given tenant. Therefore by considering the aforementioned points, the current solution to tackle with $subject is to have a IS tenant configured per domain. However in a requirement where this needs to be done in a single IS instance, the current release of WSO2 IS doesn’t have support for this. As Step 03 we will be introducing two new attributes for SAML inbound authentication configurations when creating a Service Provider. - Service Provider Qualifier - The value defined here will be appended to the end of the “Issuer” value when registering the SAML SP in the Identity Server. This allows to configure multiple SAML SSO inbound authentication configurations for the same “Issuer” value. - IdP Entity ID Alias - “Identity Provider Entity ID” specified under SAML SSO Inbound Authentication configuration in “Resident IdP” can be overridden with this value. The PRs for this is available at [3] and [4]. I'll be working on resolving the merge conflicts. [1] https://medium.com/@dewni.matheesha/office365-configurations-with-wso2-identity-server-for-saml2-authentication-d234cb333293 [2] https://medium.com/@dewni.matheesha/user-provisioning-to-azure-ad-from-wso2-identity-server-bf7f89d30c5 [3] https://github.com/wso2-extensions/identity-inbound-auth-saml/pull/201 [4] https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/994 Thanks & Regards, Dewni -- Dewni Weeraman | Software Engineer | WSO2 Inc. (m) +94 077 2979049 | (e) [email protected] <[email protected]> <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
