This line - "With it, the application, such as Office 365, shows the sign-in web form on behalf of the identity provider and the identity provider makes the authorization decision." - suggests to me that you need to be using the UsernamePassword and not the RemoteUser LoginHandler.
If I understand what MS are suggesting correctly, it should be possible to remove a local ADFS and replace it with shibboleth, rather than the previous workaround of having the ADFS authenticate against shibboleth?
> -----Original Message-----
> From: Discussion list for Shibboleth developments [mailto:JISC-
> [log in to unmask]] On Behalf Of Rhys Smith
> Sent: 29 May 2014 11:55
> To: [log in to unmask]
> Subject: Re: Office 365 authentication and Shibboleth.
> On 29 May 2014, at 11:29, Glenn Wearen <[log in to unmask]>
> > The big news from that blogpost is the support for this flow in Desktop
> apps like Lync and Skydrive Pro.
> That should be *future* support for things like Lync and so on, unless I'm
> My favourite line in that press release - "Shibboleth, which is a directory
> commonly used in academic organisations". No!
> Dr Rhys Smith
> Identity, Access, and Middleware Specialist
> Cardiff University & Janet, the UK's research and education network
> email: [log in to unmask] / [log in to unmask]
> GPG: 0x4638C985