Forum Discussion
Office 365 with APM as IdP (no ADFS), troubleshooting
hello,
I have starting a non-hybrid deployment of Office365 with DirSync (sync is working). My domain is a subdomain in a forest. I followed the F5 deployment guide (manual config, no iApp) and have the office365 portal redirection to my IdP (APM 11.6 HF5) and the IdP redirection with assertion (which seems correct) to the Office 365 portal. But signon doesn't work and I get an error 80043431.
Questions:
- cannot find Microsoft troubleshooting guides that do consider a deployment without ADFS. I would like to verify the SSO configuration of Office365 but the PS command
seem to work only with ADFS... get an errorGet-MsolFederationProperty -DomainName
Get-MsolFederationProperty : Failed to connect to Active Directory Federation Services 2.0 on the local machine. Please try running Set-MsolADFSContext before running this command again.
Does anyone knows a way to get the SSO configuration in a deployment without ADFS?
- has anyone gone through the same error and found the solution?
Thanks
Alex
- mikeshimkus_111Historic F5 Account
Hi Alex, we recommend using the iApp if at all possible. I have seen this error before when my entity ID didn't match the URL I'd configured in O365 federation settings (I had a trailing slash in my entity ID that wasn't there in the fed settings). First thing I'd do is compare those.
- amolariCirrostratus
Found that overwriting the settings with
was not working properly. I had to remove the federation with the commandSet-MsolDomainAuthentication
and start again. Also, by changes it seems that one has to wait some time for them to be really effective. Now I have a working SAML auth for the browser. Next step, have it work with ECP. Is Outlook the only Office app supporting ECP?Set-MsolDomainAuthentication -Authentication Managed –DomainName $dom
How is it with Skype for business?
Alex
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com