Friday May 09, 2014

Integrating Office 365 with OIF/IdP

This is a continuation of my previous article where I will configure OIF (11.1.2.2.0 or later) as an IdP with Office 365 for Federation SSO using the SAML 2.0 protocol.

Be sure to have read the article about pre-requisites.

[Read More]

Monday May 05, 2014

Integrating Office 365 with OIF/IdP Pre-Requisites

In the next two articles, I will describe how to integrate OIF (11.1.2.2.0 or later) as an IdP with Office 365 for Federation SSO using the SAML 2.0 protocol.

The integration will cover:

  • Browser Federation SSO integration: this is the flow the user will exercise when accessing the www.office365.com resources via a browser:
    • The www.office365.com will prompt the user to enter its email address
    • The server will detect that Federation SSO should be used for that domain and will start a Federation SSO flow the OIF/IdP
    • OIF/IdP will challenge the user, create a SAML Assertion and redirect the user to www.office365.com
    • www.office365.com will grant access to the user
  • ActiveSync mail integration: in this flow, the user will use a mail application configured for Office 365
    • When the mail application is started, it will send the user’s credentials (email address and IdP password) to Office 365
    • www.office365.com will make a direct connection over SSL to the IdP and will use the SAML 2.0 ECP protocol to send a SAML AuthnRequest and the user’s credentials via HTTP Basic Authentication
    • The OIF/IdP will validate those credentials and return a SAML Assertion via the ECP protocol
    • Office 365 will grant access to the mail application

It is important to note that integration with Office 365 for non SAML 2.0 components will not work, such as:

  • Lync clients
  • OWA Mobile Apps
[Read More]

Friday Apr 11, 2014

Integrating ADFS 2.0/3.0 SP with OIF IdP

As a continuation of my previous articles, I will today describe how to integrate ADFS 2.0/3.0 as an SP and OIF as an IdP.

Be sure to have read my previous entry covering the pre-requisites.

The SAML 2.0 integration will be based on:

  • Email address will be used as the NameID format
  • The NameID value will contain the user’s email address
  • The HTTP POST binding will be used to send the SAML Assertion to the SP
  • Users will exist in both systems, with each user having the same email address so that it can be used as the common user attribute.

ADFS 2.0 is available in Windows 2008 R2, while ADFS 3.0 is available in Windows 2012 R2. The articles will showcase screenshots for ADFS 3.0, while the documented steps will apply to both versions.

[Read More]

Monday Apr 07, 2014

Integrating ADFS 2.0/3.0 IdP with OIF SP

As a continuation of my previous article, I will today describe how to integrate ADFS 2.0/3.0 as an IdP and OIF as an SP.

Be sure to have read my previous entry covering the pre-requisites.

The SAML 2.0 integration will be based on:

  • Email address will be used as the NameID format
  • The NameID value will contain the user’s email address
  • The HTTP POST binding will be used to send the SAML Assertion to the SP
  • Users will exist in both systems, with each user having the same email address so that it can be used as the common user attribute.

ADFS 2.0 is available in Windows 2008 R2, while ADFS 3.0 is available in Windows 2012 R2. The articles will showcase screenshots for ADFS 3.0, while the documented steps will apply to both versions.

[Read More]

Friday Apr 04, 2014

Integrating ADFS 2.0/3.0 with OIF: Pre-Requisites

In the next three articles, I will describe how to integrate OIF (11.1.2.2.0 or later) with ADFS 2.0/3.0 for Federation SSO using the SAML 2.0 protocol. The integration will cover:

  • Pre-requisites (this article)
  • ADFS 2.0/3.0 as the IdP and OIF as the SP (read article here)
  • ADFS 2.0/3.0 as the SP and OIF as the IdP (read article here)

The SAML 2.0 integration will be based on:

  • Email address will be used as the NameID format
  • The NameID value will contain the user’s email address
  • The HTTP POST binding will be used to send the SAML Assertion to the SP
  • Users will exist in both systems, with each user having the same email address so that it can be used as the common user attribute.

ADFS 2.0 is available in Windows 2008 R2, while ADFS 3.0 is available in Windows 2012 R2. The articles will showcase screenshots for ADFS 3.0, while the documented steps will apply to both versions.

In this first article, I will discuss the pre-requisites.[Read More]
About

Damien Carru is a member of the Oracle Identity Management organization, focusing on Federation and SSO. This blog will cover Federation use cases involving Oracle Access Manager, Oracle Identity Federation and Oracle Security Token Service

Search

Categories
Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today