No,
There was no cost difference before we bought AAD Premium. We only got that in August last year.
Andy
-----Original Message-----
From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Alistair Young
Sent: 05 June 2017 15:08
To: [log in to unmask]
Subject: Re: Shibboleth and the Azure IdP
> That's one possibility and authenticate that against the LDAP from AAD Domain services. But then you'd lose SSO with all of the above
I was thinking along the lines of using Azure for authentication rather than LDAP. Jumping into the ouath2 flow instead of presenting a native IdP login page. When the browser arrives at the IdP in a SAML2 flow, it would be sent off to the AAD STS service for authentication and then sent back to the SP with the SAML attributes created from the AAD attributes obtained from the graph api. So the IdP no longer handles authentication. All it does is turn AD attributes into SAML attributes. You get SSO along with the rules in the IdP for turning AD attributes into SAML attributes.
If you’re on premium licensing that’s prolly why the cost doesn’t increase the more data that gets synced to the cloud. Interesting.
Cheers,
Alistair
The University of Dundee is a registered Scottish Charity, No: SC015096
|