I’m curious whether Azure AD itself is a ‘better’ IdP than the actual ‘Shibboleth’ IdP registered as a tenant app and therefore able to make use of SSO, the ‘me’ endpoint and graph API (for attributes not being sent from ‘me’, which is intentionally restricted I think). I would think the standard IdP as tenant app would give more flexibility in how attributes are munged to other attributes, as opposed to storing supplier specific attributes in Azure AD. Something that comes up is the pricing for syncing local AD data with Azure. The more you sync the more it costs. In that context would it make sense to sync the basics and let the IdP take care of how suppliers see those attributes? Or is it more attractive to absorb any extra cost in order to have a single solution to federated access?
Alistair
--
mov eax,1
mov ebx,0
int 80h
On 05/06/2017, 08:58, "Discussion list for Shibboleth developments on behalf of Matthew Slowe" <[log in to unmask] on behalf of [log in to unmask]> wrote:
On Tue, May 30, 2017 at 09:33:45AM +0000, Andy Swiffin (Staff) wrote:
> In the cloud, (I'm not sure you could have something called Azure
> anywhere else?!)
There is an Azure MFA server you host locally ... also seems to be
abandonware :-)
--
Matthew Slowe | Server Infrastructure Officer
IT Infrastructure, Information Services, University of Kent
Room S21, Cornwallis South
Canterbury, Kent, CT2 7NZ, UK
Tel: +44 (0)1227 824265
www.kent.ac.uk/is | @UnikentUnseenIT | @UKCLibraryIt
PGP: https://keybase.io/fooflington
|