0

Has anyone gotten ADFS 2.1 on Server 2012 working with o365 SSO?

I have it working up to a point, I tweaked the registry to allow the powershell commands to run, user accounts syncs fine. Even the remote connectivity analyzer shows no errors. But SSO itself does not seem to be passing the credentials correctly.

Microsoft claims that ADFS 2.1 is not supported to work with o365, but I'm just being stubborn and not giving up that easy.

Matt Bear
  • 874
  • 3
  • 12
  • 28
  • 1
    In the past when they say its not supported it really doesn't work. – Brent Pabst Nov 20 '12 at 20:28
  • 2
    `I'm just being stubborn and not giving up that easy.` You should really only do so when it comes with a fatty check for doing so. Because if/when you manage to hack it together and random updates make it implode, guess who gets to sort through that mess, and guess what MS will say when you call them for support? – HopelessN00b Nov 20 '12 at 20:34
  • I'm not asking if I should or if its a good idea. It's in a test enviroment, its for knowledge. Just to see if its possible. – Matt Bear Nov 20 '12 at 20:44
  • 2
    @MattBear ADFS is very iffy, the protocols used for web service authentication are changing a lot these days and often the ADFS and WIF team at MSFT are faster at rolling things out than the O365 team at supporting them. If O365 says they don't yet support ADFS 2.1 its most likely because they don't have the needed web service endpoints available yet. If you have any questions on that you should really be asking Microsoft and not here. – Brent Pabst Nov 20 '12 at 20:46
  • 1
    @MattBear There is a very strong culture of **Doing It** ***Right*** on Server Fault -- that means not doing things that your vendor says are unsupported (for the reasons [HopelessN00b](http://serverfault.com/questions/450627/server-2012-adfs-2-1-and-office-365#comment491354_450627) and [Brent Pabst](http://serverfault.com/questions/450627/server-2012-adfs-2-1-and-office-365#comment491361_450627) gave you). As part of your professional responsibility sometimes you have to tell your client/user they can't have what they want. If you tell us your end goal maybe we can help you with other options – voretaq7 Nov 20 '12 at 20:51
  • I actually completly agree, production side I'm running 2008 r2, and ADFS 2.0. I dont take risks in production. Which is why I have a virtual test enviroment, because we cant afford mistakes. – Matt Bear Nov 20 '12 at 21:10
  • April is the projected date for o365 to be updated to officially support ADFS 2.1, just FYI – Matt Bear Nov 20 '12 at 21:12

1 Answers1

1

To answer my own question, yes it is possible, but it requires modifing powershell. http://community.office365.com/en-us/forums/178/p/71760/267891.aspx#267891 And then a little experimenting with settings.

I have it running, and fully functional, so far...

Now that I know its possible, im shutting it down. For the reasons posted its not going into production, it was after all, just an experiment.

Matt Bear
  • 874
  • 3
  • 12
  • 28