Closed shteevy closed 7 years ago
Hi,
My guess would be that the authnContextClassRef that Skype ID using doesn't match the value matched by Shib-cas-authn3, so it doesn't choose it and just handles it itself.
On May 21, 2017, at 2:56 PM, shteevy notifications@github.com wrote:
Hello,
I have a problem with Skype for Business 2016 client. My configuration to connect to Office 365 is Office365 -> ADFS -> Shibboleth(3.3.1) with ShibCas (3.2.2) -> CAS portal (5.0.5). It works via the Office365 web portal. But not with Skype for Business (windows client)
The "modern authentication" for Skype for Business is activated. When connecting, the login screen of Shibboleth appear instead of my Cas portal.
Is it normal ? I don't understand why the CAS portal is not called.
Many thanks for your help, Steve.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
This email has been scanned for spam and viruses by Proofpoint Essentials. Click here to report this email as spam.
Hello,
Here is the content of my general-authn.xml :
Do you think the problem is related to " p:nonBrowserSupported="false" />" ?
Many thanks for your help,
Steve.
Look at
<property name="supportedPrincipals">
<list>
<bean parent="shibboleth.SAML2AuthnContextClassRef"
c:classRef=
"http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod
/password" />
</list>
</property>
That tell's Shib to use the Password flow to complete Microsoft's requested authn type. Try moving it up to shib-cas-authn3. You may need to explicitly add "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
to shib-cas-authn3 as well.
Hello, Many thanks, it's working following your advises.
I made this configuration :
`<bean id="authn/Shibcas" parent="shibboleth.AuthenticationFlow" p:passiveAuthenticationSupported="true" p:forcedAuthenticationSupported="true" p:nonBrowserSupported="false" >
</bean>`
and commented these lines :
`<bean id="authn/Password" parent="shibboleth.AuthenticationFlow"
p:passiveAuthenticationSupported="true"
p:forcedAuthenticationSupported="true" >
<!--
</property>**-->**`
Many thanks,
Steve.
Excellent.
Hello,
I have a problem with Skype for Business 2016 client. My configuration to connect to Office 365 is Office365 -> ADFS -> Shibboleth(3.3.1) with ShibCas (3.2.2) -> CAS portal (5.0.5). It works via the Office365 web portal. But not with Skype for Business (windows client)
The "modern authentication" for Skype for Business is activated. When connecting, the login screen of Shibboleth appear instead of my Cas portal.
Is it normal ? I don't understand why the CAS portal is not called.
Many thanks for your help, Steve.