Forum Discussion

That_guy_122842's avatar
That_guy_122842
Icon for Nimbostratus rankNimbostratus
Oct 30, 2013

Does APM and SAML support WS-*. protocol for Office365

So while I am aware that F5 does have an iRule for office 365 to support saml. I get a different feeling from Microsoft.

 

So based on Microsoft that the IDP has to WS protocol, has this been updated in the F5?

 

Microsoft - Use third-party identity providers to implement single sign-on http://technet.microsoft.com/en-us/library/jj679342.aspx

 

7 Replies

  • APM works with office 365 without an iRule - it leverages SAML 2.0 capabilities that do exist within Office 365. It mirrors the implementation and support that Microsoft has for leveraging Shibboleth SAML 2.0 IDP:

     

    http://technet.microsoft.com/en-us/library/jj205456

     

    Adding WS-Fed support to APM is something that will hopefully be added to the product in 2014.

     

  • From the document:

     

    These third-party identity providers were tested for interoperability with Microsoft cloud services using WS-Federation and WS-Trust protocols only. Testing did not include using the SAML protocol

     

    That doesn't imply that WS-Fed is required, but that they didn't document any SAML providers. Both ADFS and Azure ACS support SAML 2.0.

     

  • Hi guys,

     

    We're dealing with this issue now. We've deployed SAML 2.0 auth with APM v 11.4.1, and now we're stuck without Lync, OneDrive and the ability to do Office subscriptions.

     

    Microsoft are telling us they are adding SAML support for this apps this year (2014), and I've heard the same thing about WS-* protocols being supported in F5 in a similar timeframe, but I'm really starting to need some better time-frames so I can plan out our implementation schedule.

     

    I'm engaging our MS Account manager today, so if I get anything out of them I'll post it here.

     

    http://technet.microsoft.com/en-us/library/jj679342.aspxBKMK_11

     

    Cheers,

     

    Gavin

     

  • Gavin,

     

    Since Microsoft decided to embrace SAML 2.0 fully for Office 365 subscriptions, F5's direction is to support all Office 365 functions when Microsoft releases updates to their Office suite of applications later this year. Of course, Microsoft is not giving an exact date for it, so I would suggest planning on using 12/31/14 as your earliest implementation date. :)

     

  • Hi Michael,

     

    Thanks for confirming, this would be my preferred approach too. I just hope MS don't take the entire year to fully 'embrace' SAML ;)

     

    Here are some updates from my MS support contact:

     

    "For this update, we have not received the exact releasing date yet, however, I will try to double confirm this with the Office365 Identity management product design team. Since the product manager who posted below blog is currently on leave, so, I will try to find out alternate resources to confirm this point. Will keep you posted. "

     

    "As per my last reply, I will try to contact O365 Identity Product Design team to find out more information on this and update you. Thanks. "

     

    If I hear anything more definite from my account manager I'll post it here.

     

    All the best,

     

    Gavin

     

  • Hi Gavin

     

    With this released now, how have you found it?

     

    I'm looking at what my options maybe using office 365, ADFS, behind an F5 APM.

     

    I'm keen to know if any of the APM features are supported (ie can I check for a machine certificate), or can I prompt for 2 factors of authentication.

     

    Cheers David