For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MiLK_MaN's avatar
MiLK_MaN
Icon for Nimbostratus rankNimbostratus
Dec 15, 2016

Sharepoint Online persistent SSO with APM SAML

Hi all,   We have an APM configuration working successfully with SAML SSO to Office365.   What we'd like to do now is work out whether we can manipulate the timeout settings for users hitting S...
BIG-IP Access Policy Manager (APM)
security
Michael_Koyfma1's avatar
Michael_Koyfma1
Icon for Cirrus rankCirrus
Dec 16, 2016

So, I looked at the article and further PSSO definition, and I don't quite fully understand exactly how it works yet - but I am guessing that if ADFS sets PSSO cookie and sends that claim to Azure AD, then Azure AD will be sending persistent cookies for Sharepoint Online to the browser. Do you know if that is the case?

 

Michael_Koyfma1's avatar
Michael_Koyfma1
Icon for Cirrus rankCirrus
Dec 19, 2016

Yes, the problem is that it's from WS-Trust format. Normally, AzureAD is consuming a SAML 1.1 payload wrapped in WS-Trust wrapper, ultimately this is called WS-Fed. :)

 

So, I've tried to send similar attributes to them via SAML 2.0, and they are getting ignored and persistent SSO does not seem to happen. We need to find out from Microsoft whether they are capable of ingesting any SAML attributes when federating using logon using SAML instead of WS-Fed.