Java and Shibboleth authentication with Azure REST API and ADFS.

Posted by Harri Jaakkonen Posted on 31/03/2017 0 Comments on Java and Shibboleth authentication with Azure REST API and ADFS.
Posted in ADFS, Azure, Java, Shibboleth

The last blog entry was about setting up Onpremise AD with Office 365 and ADFS.

So now to the instresting part. I’m going a little bit awol with this, as I’m not a coder.

First about Azure authentication.

https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-whats-changed#authentication

And specially this one.

So this one in mind, let’s proceed.

Java and Azure.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-webapp-java

I will explain a litle bit. Below You can see web.xml. This is the file that has everything that a .NET guy needs.

And to get these You need to register App Endpoint in Azure.

Java and ADFS:

You have two options. Use SAML or WS-Fed authentication.

https://blogs.technet.microsoft.com/maheshu/2015/05/26/json-web-token-jwt-support-in-adfs/

Add Claim Rules is needed. Most common is.

 

 

 

 

 

 

Shibboleth And Azure:
This doesn’t work. It just won’t.

You can use Shibboleth IDP as replament for ADFS though.

https://portal.nordu.net/display/SWAMID/How+to+use+Shibboleth+Identity+Provider+v3+with+Office+365

Shibboleth And ADFS:

This works nicely. You have to modify federationmetadata.xml to add Relaying Party Trust between Shibboleth and ADFS.

 

 

 

 

 

 

 

Technet instructions for ADFS 2.0, but it’s identical to ADFS 3.0 and also 3.1

https://technet.microsoft.com/en-us/library/gg317734(v=ws.10).aspx

Author: Harri Jaakkonen

Leave a Reply

Your email address will not be published. Required fields are marked *