Hi Alistair, I think that it is unlikely that Azure AD will be a plausible replacement for Shibboleth in the near future, in the absence of capabilities such as the ability to consume metadata aggregates and so forth. If you are interested in a "single solution to federated access", I would point you to Jisc's forthcoming Liberate service. This will offer a solution supporting the UK Access Management Federation, Eduroam, Assent, and legacy IP address authentication. We have a number of organisations piloting this today; a beta service starts in July (offered at no cost), and a production service will follow in September (tariff applicable). https://www.jisc.ac.uk/rd/projects/managed-idp-service Josh. > -----Original Message----- > From: Discussion list for Shibboleth developments [mailto:JISC- > [log in to unmask]] On Behalf Of Alistair Young > Sent: 05 June 2017 12:16 > To: [log in to unmask] > Subject: Re: Shibboleth and the Azure IdP > > I’m curious whether Azure AD itself is a ‘better’ IdP than the actual > ‘Shibboleth’ IdP registered as a tenant app and therefore able to make use of > SSO, the ‘me’ endpoint and graph API (for attributes not being sent from > ‘me’, which is intentionally restricted I think). I would think the standard IdP > as tenant app would give more flexibility in how attributes are munged to > other attributes, as opposed to storing supplier specific attributes in Azure > AD. Something that comes up is the pricing for syncing local AD data with > Azure. The more you sync the more it costs. In that context would it make > sense to sync the basics and let the IdP take care of how suppliers see those > attributes? Or is it more attractive to absorb any extra cost in order to have a > single solution to federated access? > > Alistair > > -- > mov eax,1 > mov ebx,0 > int 80h > > > On 05/06/2017, 08:58, "Discussion list for Shibboleth developments on > behalf of Matthew Slowe" <[log in to unmask] on behalf of > [log in to unmask]> wrote: > > On Tue, May 30, 2017 at 09:33:45AM +0000, Andy Swiffin (Staff) wrote: > > In the cloud, (I'm not sure you could have something called Azure > > anywhere else?!) > > There is an Azure MFA server you host locally ... also seems to be > abandonware :-) > > -- > Matthew Slowe | Server Infrastructure Officer > IT Infrastructure, Information Services, University of Kent > Room S21, Cornwallis South > Canterbury, Kent, CT2 7NZ, UK > Tel: +44 (0)1227 824265 > > www.kent.ac.uk/is | @UnikentUnseenIT | @UKCLibraryIt > PGP: https://keybase.io/fooflington > Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.