70 likes | 235 Views
Micro BOF on Office365 & SAML. Talking points from lunch (internal conversation only). SAML & Microsoft. Scope: Office365 online service Related but not in scope only as it is ‘Microsoft’: sharepoint on premises Want:
E N D
Micro BOF on Office365 & SAML Talking points from lunch (internal conversation only)
SAML & Microsoft • Scope: Office365 online service • Related but not in scope only as it is ‘Microsoft’: sharepoint on premises • Want: • Implementation blueprint for our participants to make it easier to integrate via federation • Why: • MSFT product line contains the ‘killer’ productivity apps • Can set tone of client engagement • Should be straight forward right? • Here’s what we have…
Live@edu Federated Identity (circa Nov2010 coc202.pptx) Configure & Manage Federated Identity Windows Live Services (e.g. SkyDrive) Outlook Live Live@edu Service Management Portal Microsoft Federation Gateway (Windows Live ID) Windows Live ID Login to Windows Live ID Web Clients Web Clients & SAML 2.0 Enhanced Client/Proxy (ECP) SAML 2.0 WS-Federation/WS-Trust Fabrikam.edu Contoso.edu Email Rich Clients Email Rich Clients Active Directory Non-AD Directory ADFS 2.0 Shibboleth 2.x Email rich client support requires the Shibboleth IdP ECP Extension Other Rich Clients
Observations • This is SAML+ECP • MSFT chooses a gateway approach vs enhancing their apps (excel/word/sharepoint[online]…) • Ok, but is it the best way? • Today MSFT has entity record, not signed, and not in any fed metadata (right? live@edu) • Hidden topic, but is LARGE->Provisioning is crucial • Like it used to be pre-sharepoint2010
Mixed messages • SAML Federated MSFT ‘way’ moving target • Read this as: responding to the marketgood! • Started as ADFS through and through & sync all records AND passwords to O365 online • Went to SAML assertion gets minted into ADFS claims • Used for on premises MSFT products consuming SAML • Seems to be at live@EDU model now • Feels better, but doesn’t feel like the right end state.
Mixed Messages pt 2 • Vendor contact points have pricing and technical availability differences that materially impact us • Alignment on pricing • Alignment on technical availability. • Alignment on direction is hard to pin down, even geographically.