By: scl family user 05 Dec 2018 at 12:58 a.m. CST

3 Responses
scl family gravatar
I want to integrate single sign on(SSO) with Office 365. I have followed all steps defined in Gluu Doc and sync Adfs with with office365 admin pannel. When i entered email in office365 login then it is correctly redirected to gluu sign in page then I entered username and password. After Successfully authenticated from Gluu it lands back to Microsoft Login page. Please find SAML request and response:- **SAML request** ``` <samlp:AuthnRequest ID="_ebaf2835-b6af-4e0c-9733-d9b5517685e3" Version="2.0" IssueInstant="2018-12-05T06:21:43.750Z" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">urn:federation:MicrosoftOnline</Issuer> <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" /></samlp:AuthnRequest> ``` **SAML response** ``` <?xml version="1.0" encoding="UTF-8"?> <saml2p:Response Destination="https://login.microsoftonline.com/login.srf" ID="_e8363724111d43d30afc8d20550c470f" InResponseTo="_ebaf2835-b6af-4e0c-9733-d9b5517685e3" IssueInstant="2018-12-05T06:21:57.573Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cashnow.co.in/idp/shibboleth</saml2:Issuer> <saml2p:Status> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></saml2p:Status> <saml2:Assertion ID="_dbd51a3665f0cc46adcdc020d73396ba" IssueInstant="2018-12-05T06:21:57.573Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> <saml2:Issuer>https://cashnow.co.in/idp/shibboleth</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#_dbd51a3665f0cc46adcdc020d73396ba"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:DigestValue>x7Q/iwNCRO2NNTcQVqf+rZQQx8D7B44FJgKyxxyqAWg=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> laQUrZNsVuRld6LYUH0XFjg/kdkdkmkdkdkDKLDKDKKMCKDMCKDdkdkkdflkvmlkvkmdsffWgFimZfJihigzDcbae0iY4so7xEJwAKZPzdEfuQ65r/GQ1vjvJzNBHUfsAYOC1XOojaVqHgquIh 953v5iGP8ywAH/pB5UrLhiO/FV4dgiRN28KViAuZEq4SMHES078BQcENtNNWtJXuk9MiF1391Cfu D7lDZqEGEAB9kkOkEKOx97uVMbSERfWS+0Ha30OFUJSBQtlXBRw9CWpkb6lOi7f6fKET0MMTqbi6 C15LqxcyK+lkkkkmk15112KKKDKsmdlsdl== </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIDcjCCAloCCQCqGbYU3eBY6DANBgkqhkiG9w0BAQsFADB7MQswCQYDVQQGEwJpbjELMAkGA1UE CAwCdXAxDjAMBgNVBAcMBW5vaWRhMQ8wDQYDVQQKDAZpZGVtaWExFjAUBgNVBAMMDWNhc2hub3cu Y28uaW4xJjAkBgkqhkiG9w0BCQEWF3NjbGZhbWlseXVhcHBAZ21haWwuY29tMB4XDTE4MTEwMjA2 MTE1MFoXDTE5MTEwMjA2MTE1MFowezELMAkGA1UEBhMCaW4xCzAJBgNVBAgMAnVwMQ4wDAYDVQQH KMDKMDKDKDLLDMDLMDKhvcNAQkBFhdzY2xmYW1pbHl1YXBwQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALKD3qGWD/MFC/FcnfmNSu/rLbOSupR+te6gmg2W5KXQu/PiYF3awQYtpOnrOEFhbnds XkAW0bZRjxGnBOpqZfBwfpcbpxhzVJOLmsKEebA26SsF0O0Qbzc2N5lkgbxGBD4S3aN+2nrMTkat dAVAW1Q5XEoZ40iCMnURhrho0y5abAFZTLIb1fYxCi3jiZnnMVECEwJHCODCMvWEW1He+GMKDK5O 13PMIGa7yfpJxkw+ZpKuztHcUIh4N9EWfkta3nbjqlaTxeYzu4iIYutgVFJXmxBW8BnpY9gs5rUU 89H6fZEExalJrjXeF+w9NhbUZzXSm3NLfo0yj3kh8NjNVB8CAwEAATANBgkqhkiG9w0BAQsFAAOC AQEACbCzpBpDBmsne7gipyAIZxXOd/UrilIyksgpC1gMkYEZgAMxyTQY33rJJOsf30m/scuFyDB5 QU0hRFGGbA6sCOYMlyG72WTWJkY0cczAZZFTOnzYqJmSMuwFL5Xl37zD/KpDcG02RHkw7LvCO12qLDLDLLCSDLCVLlslsllsdlmldsmvd/VW6ptPAGXdkkdkdkdkdkdkkdskYpSHqycuIhkjv0Y FDr7tK6+97k6f0qeuUFjz6PBg+oQCOVv82IMEg2LA6uVZXOsqwVY8M5EOaccK+Du8PyKqD4g1wlg Idij7MdoDnWcsEVlyMdr40Ln2lNV5O5TO9wUohZhlw== </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="https://cashnow.co.in/idp/shibboleth" SPNameQualifier="urn:federation:MicrosoftOnline">********-7d52-****-95e4-******</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmationData Address="125.17.70.50" InResponseTo="_ebaf2835-b6af-4e0c-9733-d9b5517685e3" NotOnOrAfter="2018-12-05T06:26:57.592Z" Recipient="https://login.microsoftonline.com/login.srf" /></saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions NotBefore="2018-12-05T06:21:57.573Z" NotOnOrAfter="2018-12-05T06:26:57.573Z"> <saml2:AudienceRestriction> <saml2:Audience>urn:federation:MicrosoftOnline</saml2:Audience> </saml2:AudienceRestriction> </saml2:Conditions> <saml2:AuthnStatement AuthnInstant="2018-12-05T06:21:57.480Z" SessionIndex="_9dc5138e4a7ecfac05795ba3e962bcc4"> <saml2:SubjectLocality Address="125.17.70.50" /> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> <saml2:AttributeStatement> <saml2:Attribute FriendlyName="IDPEmail" Name="urn:oid:IDPEmail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml2:AttributeValue>Jom.do****@*****.co.in</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> </saml2:Assertion> </saml2p:Response> ```

By Michael Schwartz staff 05 Dec 2018 at 4:19 a.m. CST

Michael Schwartz gravatar
This is always tricky. O365 is looking for some specific attributes. Many users also point O365 at a local ADFS server, which then proxies to the Gluu Server. Alex can comment on this more.

By scl family user 06 Dec 2018 at 3:12 a.m. CST

scl family gravatar
Do you need any other information ? I am stuck on this issue from last 3 weeks and i am not able to find more tickets about office365 in gluu support forum.

By Aliaksandr Samuseu staff 06 Dec 2018 at 2:17 p.m. CST

Aliaksandr Samuseu gravatar
Hi, scl family. >Do you need any other information? Not for now, we'll ask for more info as needed. We have some setups which utilize O365, I'll compare your situation with those. Still please understand we can't offer any SLA within Community Support.