Hi Timothy, Chen,
It is hard to believe that integrating with a player like Microsoft makes us face some IBM bureaucraty.
I didn't know the same issue existed on the SaaS version.
On this purpose, I filled a RFE for a proper ISV/Azure federation integration beacause i face a similar issue (WS-Federation needed by Azure) with the virtual appliance version.
https://ibmsecurity.ideas.ibm.com/ideas/ISAM-I-1021Hope this will be considered as an issue and will be fixed very fast for a smooth integration.
Best regards
------------------------------
Nicolas Karageuzian
------------------------------
Original Message:
Sent: Fri August 27, 2021 07:50 AM
From: Yongming Chen
Subject: Enabling SSO on Outlook Web Access via IBM Security Verify WS-Federation
Hi Timothy,
The WS-Federation SSO in ISV currently is supported for Microsoft 365 application, it's not yet available for custom application like OWA, probably you'll need to submit RFE if you need custom application support of WS-Federation SSO.
Best Regards
Chen Yongming
------------------------------
Yongming Chen
Original Message:
Sent: Tue August 24, 2021 02:06 PM
From: Timothy Dilbert
Subject: Enabling SSO on Outlook Web Access via IBM Security Verify WS-Federation
Hi Everyone,
We're using Verify SaaS. We're trying to configure WS-Federation SSO to Outlook Web Access **on-premise** using the Microsoft 365 app with the following settings:
* In ISV, create a new Microsoft 365 application.
* Set Sign-on method to: WS-Federation
* Set Provider ID to: https://mail.domain.com/owa/
* Set the WS-Federation end point of the application to: https://mail.domain.com/owa
* Set Signature Options > Signature algorithm to: SHA1
* Set Signature Options > Signature Certificate to: Default personal certificate
* Set SAML subject > Name identifier to: upn
* Set Attribute Mapping > Attribute > UPN to: upn
* Set Attribute Mapping > Attribute > ImmutableID: {custom AD attribute}
We're getting a redirect loop between ISV and OWA. Responses from OWA is 302 Found form POST with wct, wctx and wresult form fields.
Has anyone been able to get OWA connected with ISV?
------------------------------
Timothy Dilbert
------------------------------