AzureAD/Office365 SSO w/ CAS 5.3

53 views

Skip to first unread message

Paul Spencer

unread,

Dec 4, 2019, 3:14:28 PM12/4/19

to CAS Community

Hello, looking for some guidance on implementing Azure AD SSO with CAS 5.3.

We've been working on implementing these guides

https://apereo.github.io/cas/5.3.x/integration/Configuring-SAML-SP-Integrations.html

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications

We hit a hitch on the cas.properties It's not clear to me how these values should be defined. For example

cas.samlSp.office365.metadata=/etc/cas/saml/azure-ad-metadata.xml

cas.samlSp.office365.name=O365

cas.samlSp.office365.description=O365 Integration

cas.samlSp.office365.nameIdAttribute=scopedImmutableID

cas.samlSp.office365.attributes=IDPEmail,ImmutableID

The last two are the items I struggle with. Also the naming convention that this is all labeled Office365.

cas.samlSp.office365.nameIdAttribute=scopedImmutableID -- What is the valid syntax for a scope? I need to define this correct?

cas.samlSp.office365.attributes=IDPEmail,ImmutableID -- Same thing, what's the valid syntax and where exactly is ImmutableID defined? Can I find that in my AzureAD? All the articles I've found have to deal with ImmutableID in an AD on Prem sync context, which isn't helpful.

Also, is Office365 the correct configuration approach for an AzureAD SP SSO Setup? It appears as if Office365 = AzureAD for all real world applications but I want to be sure.

Reply all

Reply to author

Forward

0 new messages