{"id":55,"date":"2015-03-17T15:28:03","date_gmt":"2015-03-17T15:28:03","guid":{"rendered":"http:\/\/172.23.1.43\/?p=55"},"modified":"2022-06-07T22:26:30","modified_gmt":"2022-06-07T22:26:30","slug":"adfs-authentication-with-office-365","status":"publish","type":"post","link":"https:\/\/blog.n-dol.org\/2015\/03\/17\/adfs-authentication-with-office-365\/","title":{"rendered":"ADFS Authentication with Office 365"},"content":{"rendered":"
    \n
  1. User go to an Office 365 url<\/li>\n
  2. User is redirected to Microsoft Federation Gateway (login.microsoftonline.com)<\/li>\n
  3. User enter his UPN<\/li>\n
  4. UPN is recognized by the MFG as a federated domain<\/li>\n
  5. User is redirected to the ADFS Server<\/li>\n
  6. User use his Kerberos TGT (Ticket Granted Ticket) ticket to authenticate<\/li>\n
  7. ADFS send the TGT ticket to the domain controller<\/li>\n
  8. ADFS receive a Service Ticket telling who is the user<\/li>\n
  9. ADFS use the Service Ticket to query Active Directory for user attribute (UPN, First Name, Last Name, etc.)<\/li>\n
  10. \u00a0ADFS build a SAML token with user attribute<\/li>\n
  11. ADFS server post this SAML token via User browser to MFG<\/li>\n
  12. MFG verifies the SAML token signature to validate that is the right ADFS server<\/li>\n
  13. MFG create his own SAML token (UPN is inside)<\/li>\n
  14. The MFG SMLA token is post back to Office 365 platform using the user browser<\/li>\n
  15. Office 365 look for an account with the user UPN<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

    User go to an Office 365 url User is redirected to Microsoft Federation Gateway (login.microsoftonline.com) User enter his UPN UPN…<\/p>\n","protected":false},"author":5614970,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2478882,44496998],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/posts\/55"}],"collection":[{"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/users\/5614970"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/comments?post=55"}],"version-history":[{"count":1,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/posts\/55\/revisions"}],"predecessor-version":[{"id":56,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/posts\/55\/revisions\/56"}],"wp:attachment":[{"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/media?parent=55"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/categories?post=55"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.n-dol.org\/wp-json\/wp\/v2\/tags?post=55"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}