Discussion:
Session Logout link
Farzan Qureshi
2014-08-19 03:40:33 UTC
Permalink
Hi,

I have defined logout URL in Office 365 as


PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout



But I get following error when a user logs out, we get:

Not Found

The requested URL /logout was not found on this server.


And this is what I have in address bar:



https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D


How I can define what happens when a user sign out? What is the correct
link to sign out?
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
Nate Klingenstein
2014-08-19 13:54:51 UTC
Permalink
Farzan,

Please search the Wiki for logout. You may be able to find the answers to some of your questions more quickly than we can supply them.

https://wiki.shibboleth.net/confluence/dosearchsite.action?spaceSearch=true&queryString=logout

The second and third hits are relevant for you since you're running an IdP, not an SP.

Hope this helps,
Nate.

On Aug 18, 2014, at 9:40 PM, Farzan Qureshi <fqureshi-***@public.gmane.org<mailto:fqureshi-***@public.gmane.org>> wrote:

Hi,

I have defined logout URL in Office 365 as


PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout



But I get following error when a user logs out, we get:

Not Found

The requested URL /logout was not found on this server.


And this is what I have in address bar:



https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D


How I can define what happens when a user sign out? What is the correct link to sign out?

--
Farzan Qureshi | Network Administrator & Help-desk Support | Rosmini College | (09) 487 0 530

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager (admin-***@public.gmane.org<mailto:admin-***@public.gmane.org>). Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. Rosmini College accepts no liability for any damage caused by any virus transmitted by this email.--
To unsubscribe from this list send an email to users-***@shibboleth.net<mailto:users-unsubscribe-***@public.gmane.org>
Rob Gorrell
2014-08-19 14:44:09 UTC
Permalink
per Nate's link, you will need to configure and point this URL to your
logout.jsp template.
For me, the URL looks like: https://idp.uncg.edu/idp/logout.jsp

-Rob
Post by Farzan Qureshi
Hi,
I have defined logout URL in Office 365 as
PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout
Not Found
The requested URL /logout was not found on this server.
https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D
How I can define what happens when a user sign out? What is the correct
link to sign out?
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
presented in this email are solely those of the author and do not
necessarily represent those of the company. Finally, the recipient should
check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
Farzan Qureshi
2014-08-19 20:42:00 UTC
Permalink
Thanks Nate and Rob.

Rob, when you run this command on your server to get properties:
Get-MsolFederationProperty -DomainName UNCG.EDU

What you get against PassiveClientSignOutUrl?
Post by Rob Gorrell
per Nate's link, you will need to configure and point this URL to your
logout.jsp template.
For me, the URL looks like: https://idp.uncg.edu/idp/logout.jsp
-Rob
On Mon, Aug 18, 2014 at 11:40 PM, Farzan Qureshi <
Post by Farzan Qureshi
Hi,
I have defined logout URL in Office 365 as
PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout
Not Found
The requested URL /logout was not found on this server.
https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D
How I can define what happens when a user sign out? What is the correct
link to sign out?
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
opinions presented in this email are solely those of the author and do not
necessarily represent those of the company. Finally, the recipient should
check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
Rob Gorrell
2014-08-19 20:46:52 UTC
Permalink
I get a powershell error, because that cmdlet only works for an ADFS
federated domain, not an SAMLP one.
For SAML, you need to use the LogOffUri parameter from
Set-MsolDomainAuthentication cmdlet...

-Rob
Post by Farzan Qureshi
Thanks Nate and Rob.
Get-MsolFederationProperty -DomainName UNCG.EDU
What you get against PassiveClientSignOutUrl?
Post by Rob Gorrell
per Nate's link, you will need to configure and point this URL to your
logout.jsp template.
For me, the URL looks like: https://idp.uncg.edu/idp/logout.jsp
-Rob
On Mon, Aug 18, 2014 at 11:40 PM, Farzan Qureshi <
Post by Farzan Qureshi
Hi,
I have defined logout URL in Office 365 as
PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout
Not Found
The requested URL /logout was not found on this server.
https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D
How I can define what happens when a user sign out? What is the correct
link to sign out?
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
opinions presented in this email are solely those of the author and do not
necessarily represent those of the company. Finally, the recipient should
check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
presented in this email are solely those of the author and do not
necessarily represent those of the company. Finally, the recipient should
check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
Farzan Qureshi
2014-08-19 20:49:16 UTC
Permalink
Ok please wait let me check.
Post by Rob Gorrell
I get a powershell error, because that cmdlet only works for an ADFS
federated domain, not an SAMLP one.
For SAML, you need to use the LogOffUri parameter from
Set-MsolDomainAuthentication cmdlet...
-Rob
On Tue, Aug 19, 2014 at 4:42 PM, Farzan Qureshi <
Post by Farzan Qureshi
Thanks Nate and Rob.
Get-MsolFederationProperty -DomainName UNCG.EDU
What you get against PassiveClientSignOutUrl?
Post by Rob Gorrell
per Nate's link, you will need to configure and point this URL to your
logout.jsp template.
For me, the URL looks like: https://idp.uncg.edu/idp/logout.jsp
-Rob
On Mon, Aug 18, 2014 at 11:40 PM, Farzan Qureshi <
Post by Farzan Qureshi
Hi,
I have defined logout URL in Office 365 as
PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout
Not Found
The requested URL /logout was not found on this server.
https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D
How I can define what happens when a user sign out? What is the correct
link to sign out?
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
or opinions presented in this email are solely those of the author and do
not necessarily represent those of the company. Finally, the recipient
should check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
opinions presented in this email are solely those of the author and do not
necessarily represent those of the company. Finally, the recipient should
check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
Farzan Qureshi
2014-08-19 20:49:55 UTC
Permalink
Shall I set LogOffUri to https://idp.rosmini.school.nz/idp/logout.jsp?
Post by Farzan Qureshi
Ok please wait let me check.
Post by Rob Gorrell
I get a powershell error, because that cmdlet only works for an ADFS
federated domain, not an SAMLP one.
For SAML, you need to use the LogOffUri parameter from
Set-MsolDomainAuthentication cmdlet...
-Rob
On Tue, Aug 19, 2014 at 4:42 PM, Farzan Qureshi <
Post by Farzan Qureshi
Thanks Nate and Rob.
Get-MsolFederationProperty -DomainName UNCG.EDU
What you get against PassiveClientSignOutUrl?
Post by Rob Gorrell
per Nate's link, you will need to configure and point this URL to your
logout.jsp template.
For me, the URL looks like: https://idp.uncg.edu/idp/logout.jsp
-Rob
On Mon, Aug 18, 2014 at 11:40 PM, Farzan Qureshi <
Post by Farzan Qureshi
Hi,
I have defined logout URL in Office 365 as
PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout
Not Found
The requested URL /logout was not found on this server.
https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D
How I can define what happens when a user sign out? What is the
correct link to sign out?
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
or opinions presented in this email are solely those of the author and do
not necessarily represent those of the company. Finally, the recipient
should check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
opinions presented in this email are solely those of the author and do not
necessarily represent those of the company. Finally, the recipient should
check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
Farzan Qureshi
2014-08-19 20:53:44 UTC
Permalink
Hi Rob,

This is what I am doing:

Set-MsolDomainAuthentication -DomainName $dom -Authentication Federated
-LogOffUri $logouturl

But when I get properties it shows:

PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout


It is not changing it.
Post by Farzan Qureshi
Shall I set LogOffUri to https://idp.rosmini.school.nz/idp/logout.jsp?
Post by Farzan Qureshi
Ok please wait let me check.
Post by Rob Gorrell
I get a powershell error, because that cmdlet only works for an ADFS
federated domain, not an SAMLP one.
For SAML, you need to use the LogOffUri parameter from
Set-MsolDomainAuthentication cmdlet...
-Rob
On Tue, Aug 19, 2014 at 4:42 PM, Farzan Qureshi <
Post by Farzan Qureshi
Thanks Nate and Rob.
Get-MsolFederationProperty -DomainName UNCG.EDU
What you get against PassiveClientSignOutUrl?
Post by Rob Gorrell
per Nate's link, you will need to configure and point this URL to your
logout.jsp template.
For me, the URL looks like: https://idp.uncg.edu/idp/logout.jsp
-Rob
On Mon, Aug 18, 2014 at 11:40 PM, Farzan Qureshi <
Post by Farzan Qureshi
Hi,
I have defined logout URL in Office 365 as
https://idp.rosmini.school.nz/logout
Not Found
The requested URL /logout was not found on this server.
https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D
How I can define what happens when a user sign out? What is the
correct link to sign out?
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
or opinions presented in this email are solely those of the author and do
not necessarily represent those of the company. Finally, the recipient
should check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
or opinions presented in this email are solely those of the author and do
not necessarily represent those of the company. Finally, the recipient
should check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
Rob Gorrell
2014-08-19 20:57:43 UTC
Permalink
This is what I was saying in the other thread... it doesn't like
incremental changes here. You need to set your domain back to managed and
then toggle it back to saml federated with all the params correctly set at
once through this cmdlet

Rob
Post by Farzan Qureshi
Hi Rob,
Set-MsolDomainAuthentication -DomainName $dom -Authentication Federated
-LogOffUri $logouturl
PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout
It is not changing it.
Post by Farzan Qureshi
Shall I set LogOffUri to https://idp.rosmini.school.nz/idp/logout.jsp?
Post by Farzan Qureshi
Ok please wait let me check.
Post by Rob Gorrell
I get a powershell error, because that cmdlet only works for an ADFS
federated domain, not an SAMLP one.
For SAML, you need to use the LogOffUri parameter from
Set-MsolDomainAuthentication cmdlet...
-Rob
On Tue, Aug 19, 2014 at 4:42 PM, Farzan Qureshi <
Post by Farzan Qureshi
Thanks Nate and Rob.
Get-MsolFederationProperty -DomainName UNCG.EDU
What you get against PassiveClientSignOutUrl?
Post by Rob Gorrell
per Nate's link, you will need to configure and point this URL to
your logout.jsp template.
For me, the URL looks like: https://idp.uncg.edu/idp/logout.jsp
-Rob
On Mon, Aug 18, 2014 at 11:40 PM, Farzan Qureshi <
Post by Farzan Qureshi
Hi,
I have defined logout URL in Office 365 as
https://idp.rosmini.school.nz/logout
Not Found
The requested URL /logout was not found on this server.
https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D
How I can define what happens when a user sign out? What is the
correct link to sign out?
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
views or opinions presented in this email are solely those of the author
and do not necessarily represent those of the company. Finally, the
recipient should check this email and any attachments for the presence of
viruses. Rosmini College accepts no liability for any damage caused
by any virus transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
or opinions presented in this email are solely those of the author and do
not necessarily represent those of the company. Finally, the recipient
should check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
presented in this email are solely those of the author and do not
necessarily represent those of the company. Finally, the recipient should
check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
Farzan Qureshi
2014-08-19 21:01:01 UTC
Permalink
Bugga!! :( That's not good :( I don't want to break anything.
Any how shall I set LogOffUri to
https://idp.rosmini.school.nz/idp/logout.jsp
?
Post by Rob Gorrell
This is what I was saying in the other thread... it doesn't like
incremental changes here. You need to set your domain back to managed and
then toggle it back to saml federated with all the params correctly set at
once through this cmdlet
Rob
Post by Farzan Qureshi
Hi Rob,
Set-MsolDomainAuthentication -DomainName $dom -Authentication Federated
-LogOffUri $logouturl
PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout
It is not changing it.
Post by Farzan Qureshi
Shall I set LogOffUri to https://idp.rosmini.school.nz/idp/logout.jsp?
Post by Farzan Qureshi
Ok please wait let me check.
Post by Rob Gorrell
I get a powershell error, because that cmdlet only works for an ADFS
federated domain, not an SAMLP one.
For SAML, you need to use the LogOffUri parameter from
Set-MsolDomainAuthentication cmdlet...
-Rob
On Tue, Aug 19, 2014 at 4:42 PM, Farzan Qureshi <
Post by Farzan Qureshi
Thanks Nate and Rob.
Get-MsolFederationProperty -DomainName UNCG.EDU
What you get against PassiveClientSignOutUrl?
Post by Rob Gorrell
per Nate's link, you will need to configure and point this URL to
your logout.jsp template.
For me, the URL looks like: https://idp.uncg.edu/idp/logout.jsp
-Rob
On Mon, Aug 18, 2014 at 11:40 PM, Farzan Qureshi <
Post by Farzan Qureshi
Hi,
I have defined logout URL in Office 365 as
https://idp.rosmini.school.nz/logout
Not Found
The requested URL /logout was not found on this server.
https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D
How I can define what happens when a user sign out? What is the
correct link to sign out?
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
views or opinions presented in this email are solely those of the author
and do not necessarily represent those of the company. Finally, the
recipient should check this email and any attachments for the presence of
viruses. Rosmini College accepts no liability for any damage
caused by any virus transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
or opinions presented in this email are solely those of the author and do
not necessarily represent those of the company. Finally, the recipient
should check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
opinions presented in this email are solely those of the author and do not
necessarily represent those of the company. Finally, the recipient should
check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
Farzan Qureshi
2014-08-19 22:43:14 UTC
Permalink
Hi Rob,

Have you ever had this issue that when you try to change
FederationMetadataUrl it doesn't change even if you change authentication
to Managed and then change back with federation parameters. I have changed
it to managed to change the logouturl and now when I am trying to federate
it with correct parameters in single command it is not changing
FederationMetadataUrl. It changes everything but not FederationMetadataUrl.

I have manually typed the command and also made sure that $variable holds
the correct link to SAML metadata.

Would you please help me? It's broken now which I didn't want to.

Thanks.
Post by Farzan Qureshi
Bugga!! :( That's not good :( I don't want to break anything.
Any how shall I set LogOffUri to
https://idp.rosmini.school.nz/idp/logout.jsp
?
Post by Rob Gorrell
This is what I was saying in the other thread... it doesn't like
incremental changes here. You need to set your domain back to managed and
then toggle it back to saml federated with all the params correctly set at
once through this cmdlet
Rob
Post by Farzan Qureshi
Hi Rob,
Set-MsolDomainAuthentication -DomainName $dom -Authentication Federated
-LogOffUri $logouturl
PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout
It is not changing it.
Post by Farzan Qureshi
Shall I set LogOffUri to https://idp.rosmini.school.nz/idp/logout.jsp?
Post by Farzan Qureshi
Ok please wait let me check.
Post by Rob Gorrell
I get a powershell error, because that cmdlet only works for an ADFS
federated domain, not an SAMLP one.
For SAML, you need to use the LogOffUri parameter from
Set-MsolDomainAuthentication cmdlet...
-Rob
On Tue, Aug 19, 2014 at 4:42 PM, Farzan Qureshi <
Post by Farzan Qureshi
Thanks Nate and Rob.
Get-MsolFederationProperty -DomainName UNCG.EDU
What you get against PassiveClientSignOutUrl?
Post by Rob Gorrell
per Nate's link, you will need to configure and point this URL to
your logout.jsp template.
For me, the URL looks like: https://idp.uncg.edu/idp/logout.jsp
-Rob
On Mon, Aug 18, 2014 at 11:40 PM, Farzan Qureshi <
Post by Farzan Qureshi
Hi,
I have defined logout URL in Office 365 as
https://idp.rosmini.school.nz/logout
Not Found
The requested URL /logout was not found on this server.
https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D
How I can define what happens when a user sign out? What is the
correct link to sign out?
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
views or opinions presented in this email are solely those of the author
and do not necessarily represent those of the company. Finally, the
recipient should check this email and any attachments for the presence of
viruses. Rosmini College accepts no liability for any damage
caused by any virus transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
views or opinions presented in this email are solely those of the author
and do not necessarily represent those of the company. Finally, the
recipient should check this email and any attachments for the presence of
viruses. Rosmini College accepts no liability for any damage caused
by any virus transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
opinions presented in this email are solely those of the author and do not
necessarily represent those of the company. Finally, the recipient should
check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
Rob Gorrell
2014-08-20 01:47:05 UTC
Permalink
I'm not sure I can help you. Based on my understanding, what I've been
trying to convey is the FederationMetadataUrl parameter you speak of only
applies to an ADFS setup and is not relevant (or even accessible) to a SAML
setup, so I am confused as to why you are hung up on it or why you even
have a value there in the first place. In a SAML setup, the O365 metadata
is stored in a static file on your IdP and your IdP's metadata (ie signing
certificate) is uploaded directly to you O365 by using the
-SigningCertificate param of the Set-MsolDomainAuthentication cmdlet...
there is no url involved for metadata retrieval, on either side.

The Get-MsolFederationProperty cmdlet that shows the FederationMetadataUrl
property you speak of only applies to ADFS Federated domains and is far as
I can tell is useless for SAML... in fact if I run it, it will error
telling me my domain isn't federated with ADFS (though its working and
federated with SAML). Remember, Microsoft speak for "federating" is
referring a specific product, ie WSFed/ADFS... using Shibb/SAML is not
federating with O365, but just a special kind of authentication
configuration somewhere between a Managed and Federated domain... so expect
most of the cmdlets with "Federating/Federation" in them to not apply to a
SAML setup.

-Rob
Post by Farzan Qureshi
Hi Rob,
Have you ever had this issue that when you try to change
FederationMetadataUrl it doesn't change even if you change authentication
to Managed and then change back with federation parameters. I have changed
it to managed to change the logouturl and now when I am trying to federate
it with correct parameters in single command it is not changing
FederationMetadataUrl. It changes everything but not FederationMetadataUrl.
I have manually typed the command and also made sure that $variable holds
the correct link to SAML metadata.
Would you please help me? It's broken now which I didn't want to.
Thanks.
Post by Farzan Qureshi
Bugga!! :( That's not good :( I don't want to break anything.
Any how shall I set LogOffUri to
https://idp.rosmini.school.nz/idp/logout.jsp
?
Post by Rob Gorrell
This is what I was saying in the other thread... it doesn't like
incremental changes here. You need to set your domain back to managed and
then toggle it back to saml federated with all the params correctly set at
once through this cmdlet
Rob
Post by Farzan Qureshi
Hi Rob,
Set-MsolDomainAuthentication -DomainName $dom -Authentication Federated
-LogOffUri $logouturl
PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout
It is not changing it.
Post by Farzan Qureshi
Shall I set LogOffUri to https://idp.rosmini.school.nz/idp/logout.jsp?
Post by Farzan Qureshi
Ok please wait let me check.
Post by Rob Gorrell
I get a powershell error, because that cmdlet only works for an ADFS
federated domain, not an SAMLP one.
For SAML, you need to use the LogOffUri parameter from
Set-MsolDomainAuthentication cmdlet...
-Rob
On Tue, Aug 19, 2014 at 4:42 PM, Farzan Qureshi <
Post by Farzan Qureshi
Thanks Nate and Rob.
Get-MsolFederationProperty -DomainName UNCG.EDU
What you get against PassiveClientSignOutUrl?
Post by Rob Gorrell
per Nate's link, you will need to configure and point this URL to
your logout.jsp template.
For me, the URL looks like: https://idp.uncg.edu/idp/logout.jsp
-Rob
On Mon, Aug 18, 2014 at 11:40 PM, Farzan Qureshi <
Post by Farzan Qureshi
Hi,
I have defined logout URL in Office 365 as
https://idp.rosmini.school.nz/logout
Not Found
The requested URL /logout was not found on this server.
https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D
How I can define what happens when a user sign out? What is the
correct link to sign out?
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
views or opinions presented in this email are solely those of the author
and do not necessarily represent those of the company. Finally, the
recipient should check this email and any attachments for the presence of
viruses. Rosmini College accepts no liability for any damage
caused by any virus transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
views or opinions presented in this email are solely those of the author
and do not necessarily represent those of the company. Finally, the
recipient should check this email and any attachments for the presence of
viruses. Rosmini College accepts no liability for any damage
caused by any virus transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
or opinions presented in this email are solely those of the author and do
not necessarily represent those of the company. Finally, the recipient
should check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
presented in this email are solely those of the author and do not
necessarily represent those of the company. Finally, the recipient should
check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
Farzan Qureshi
2014-08-20 02:14:01 UTC
Permalink
Hi Rob,

Thanks for youre detailed reply.

Ok first thing first. I was working with ADFS to federate our domain with
office365. However there were several issues related to it. We planned to
move from it to Shibboleth. We have completely remove ADFS role from the
system. We have also uninstalled Microsoft ADFS update - installed under
Programs and features (in control panel). So now ADFS is completely gone!

Now the issue about metadata file. I have following in our relying-party.xml

<metadata:MetadataProvider id="URLMD"
xsi:type="metadata:FileBackedHTTPMetadataProvider"
metadataURL="
https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml
"

backingFile="/opt/shibboleth-idp/metadata/azure-metadata.xml">
</metadata:MetadataProvider>

That is the reason I am talking about SAML i.e. FederationMetaDataUrl.
My understanding is that having FederationMetadataUrl defines which
metadata to read and then follow the links mentioned in it, isn't it? But
as you said it is only for ADFS, now I wonder when I logout from office
365, i get an error that "you are not logged from following services"

office 365
idp.rosmini.school.nz

and get an error page from Microsoft.

I have made federation changes couple of times from Managed to federated as
you have suggested but that FederationMetadataUrl comes back each time I
federate and supply federation commands in one go. It comes automatically.

I have also restarted the system to start again after removing ADFS role
and dependencies (updates).

May be when you have a moment I can do it with you on a remote session,
just to see if I am still doing something wrong?

Thanks for your help.
Post by Rob Gorrell
I'm not sure I can help you. Based on my understanding, what I've been
trying to convey is the FederationMetadataUrl parameter you speak of only
applies to an ADFS setup and is not relevant (or even accessible) to a SAML
setup, so I am confused as to why you are hung up on it or why you even
have a value there in the first place. In a SAML setup, the O365 metadata
is stored in a static file on your IdP and your IdP's metadata (ie signing
certificate) is uploaded directly to you O365 by using the
-SigningCertificate param of the Set-MsolDomainAuthentication cmdlet...
there is no url involved for metadata retrieval, on either side.
The Get-MsolFederationProperty cmdlet that shows the FederationMetadataUrl
property you speak of only applies to ADFS Federated domains and is far as
I can tell is useless for SAML... in fact if I run it, it will error
telling me my domain isn't federated with ADFS (though its working and
federated with SAML). Remember, Microsoft speak for "federating" is
referring a specific product, ie WSFed/ADFS... using Shibb/SAML is not
federating with O365, but just a special kind of authentication
configuration somewhere between a Managed and Federated domain... so expect
most of the cmdlets with "Federating/Federation" in them to not apply to a
SAML setup.
-Rob
On Tue, Aug 19, 2014 at 3:43 PM, Farzan Qureshi <
Post by Farzan Qureshi
Hi Rob,
Have you ever had this issue that when you try to change
FederationMetadataUrl it doesn't change even if you change authentication
to Managed and then change back with federation parameters. I have changed
it to managed to change the logouturl and now when I am trying to federate
it with correct parameters in single command it is not changing
FederationMetadataUrl. It changes everything but not FederationMetadataUrl.
I have manually typed the command and also made sure that $variable holds
the correct link to SAML metadata.
Would you please help me? It's broken now which I didn't want to.
Thanks.
Post by Farzan Qureshi
Bugga!! :( That's not good :( I don't want to break anything.
Any how shall I set LogOffUri to
https://idp.rosmini.school.nz/idp/logout.jsp
?
Post by Rob Gorrell
This is what I was saying in the other thread... it doesn't like
incremental changes here. You need to set your domain back to managed and
then toggle it back to saml federated with all the params correctly set at
once through this cmdlet
Rob
Post by Farzan Qureshi
Hi Rob,
Set-MsolDomainAuthentication -DomainName $dom -Authentication
Federated -LogOffUri $logouturl
PassiveClientSignOutUrl : https://idp.rosmini.school.nz/logout
It is not changing it.
Post by Farzan Qureshi
Shall I set LogOffUri to https://idp.rosmini.school.nz/idp/logout.jsp
?
Post by Farzan Qureshi
Ok please wait let me check.
Post by Rob Gorrell
I get a powershell error, because that cmdlet only works for an
ADFS federated domain, not an SAMLP one.
For SAML, you need to use the LogOffUri parameter from
Set-MsolDomainAuthentication cmdlet...
-Rob
On Tue, Aug 19, 2014 at 4:42 PM, Farzan Qureshi <
Post by Farzan Qureshi
Thanks Nate and Rob.
Get-MsolFederationProperty -DomainName UNCG.EDU
What you get against PassiveClientSignOutUrl?
Post by Rob Gorrell
per Nate's link, you will need to configure and point this URL to
your logout.jsp template.
For me, the URL looks like: https://idp.uncg.edu/idp/logout.jsp
-Rob
On Mon, Aug 18, 2014 at 11:40 PM, Farzan Qureshi <
Post by Farzan Qureshi
Hi,
I have defined logout URL in Office 365 as
https://idp.rosmini.school.nz/logout
Not Found
The requested URL /logout was not found on this server.
https://idp.rosmini.school.nz/logout?SAMLRequest=nZHLasMwEEV/xWgvP2InsURscAkBQx7QNKVkUxRFbkRtydWMofTra7tetJtSupyZO/fOkVYgmppv7Yvt8F69dQrQe29qA3wYZKRzhlsBGrgRjQKOkh%2BL3ZbP/JC3zqKVtibeul/TRqC2JiM3xBZ4EOhr6zsLjTbaB3mztvbNR1CPUcQr1xl5TpcXlqRyQdlyIWgiLgm9sIjRSIm5YnMZL6Uk3qNyMDr3of0iQKdKAygM9q0wSmiY0og9hDGPZzyJz8TLVyPWKHV/5hEAyg0MJB9klboqNzLxnZY9ia3wYGpt1Cr4Zj9l7Xu7cv2PLG9jXSPwd/nQ0VdajVLeDg8CqAySvMTF3W3ztD%2B/Ho6b9HQ8bVXBiiybbvw6K5%2BqH/%2BcfwIOPK35&RelayState=A5gGBk4RnOLcU156TZ*rehh95QXq&SigAlg=http://www.w3.org/2000/09/xmldsig%23rsa-sha1&Signature=lKOQ/zwElEh01I1liHa5woG27K%2B/UrlFYsF/Gt5VHMoyaDhpvEQ5%2BXLjkuA31F4AdD%2B5eELvAMe8%0D%0APNQaMi3Jocn5f00CRjTMX%2BeOVNYr/aXhS5FaTv1OyEJ0AbJkpb/mTXHmmotDcQUc%2ByHCA65YYqut%0D%0A3HT0mP1T6222tmqszbsAZClaZjvuOwBN1eFxdve7d7Iw1frKlrJqIHuVkTN%2BPomHzUyJrZu5nYOy%0D%0Ay%2B/xxM%2B70VBfy2NRWTqL1PEBLr7NH%2B/4bdl%2BIwANf4dG2xXg3msBpqiyegFuJxvxOgEkgFlGuTfV%0D%0AWy5Kxal1AkD5wVJCx4LN9Rfah5GsYC7AyH3AKQ%3D%3D
How I can define what happens when a user sign out? What is the
correct link to sign out?
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify the
views or opinions presented in this email are solely those of the author
and do not necessarily represent those of the company. Finally, the
recipient should check this email and any attachments for the presence of
viruses. Rosmini College accepts no liability for any damage
caused by any virus transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
views or opinions presented in this email are solely those of the author
and do not necessarily represent those of the company. Finally, the
recipient should check this email and any attachments for the presence of
viruses. Rosmini College accepts no liability for any damage
caused by any virus transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support |
Rosmini College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
or opinions presented in this email are solely those of the author and do
not necessarily represent those of the company. Finally, the recipient
should check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
opinions presented in this email are solely those of the author and do not
necessarily represent those of the company. Finally, the recipient should
check this email and any attachments for the presence of viruses. Rosmini
College accepts no liability for any damage caused by any virus
transmitted by this email.
--
To unsubscribe from this list send an email to
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
Cantor, Scott
2014-08-20 02:48:01 UTC
Permalink
Post by Farzan Qureshi
Ok first thing first. I was working with ADFS to federate our domain with
office365. However there were several issues related to it. We planned to
move from it to Shibboleth. We have completely remove ADFS role from the
system. We have also uninstalled Microsoft
ADFS update - installed under Programs and features (in control panel).
So now ADFS is completely gone!
What does that have to do with Office 365? How would it know anything
about what you did or didn't do on your own server? If it's been told to
use ADFS and the only way to fix that is by doing what he has told you to
do, then I guess that's what you have to do.
Post by Farzan Qureshi
Now the issue about metadata file. I have following in our
relying-party.xml
That is the reason I am talking about SAML i.e. FederationMetaDataUrl.
What does Shibboleth's own configuration have to do with a setting inside
Office 365? The answer is nothing.
Post by Farzan Qureshi
My understanding is that having FederationMetadataUrl defines which
metadata to read and then follow the links mentioned in it, isn't it?
Apparently that isn't how Office 365 works. If it doesn't support metadata
for SAML, then that's the reality. It sounds to me like the very fact that
it's asking for a URL for metadata is apparently a sign that your service
is not set up to use SAML, but WS-Federation.
Post by Farzan Qureshi
I have made federation changes couple of times from Managed to federated
as you have suggested but that FederationMetadataUrl comes back each time
I federate and supply federation commands in one go. It comes
automatically.
He told you that "federated" in their speak does not mean SAML. So you're
essentially repeating the same error over and over again. He didn't tell
you, ever, to change from managed to federated. Seemed like he said the
opposite to me.
Post by Farzan Qureshi
I have also restarted the system to start again after removing ADFS role
and dependencies (updates).
How does restarting your system impact theirs? It can't.

-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Farzan Qureshi
2014-08-20 03:00:00 UTC
Permalink
Hi Scott,

Sorry for the confusions.
He told me in other thread that to apply Federated settings, I first have
to make Authentication "Managed" and then apply Federation settings again.
This worked.

Secondly, about the link FederationMetaDataUrl. I understand that it has
nothing to do (for this scenario at least) after the discussion had with
Rob. May be my understanding was wrong. I thought that SP needs a metadata
to process the flow and vice versa. But here, only our IdP needs metadata
file.

You are right that restarting the computer has to do nothing because
Office365 is a separate entity and uncontrolled. I removed the ADFS role
because after applying federation changes, it was overwriting the settings
I was supplying. That is why I mentioned that I restarted the system. I was
just trying to scope down the issue :-)

Sorry again for all the confusion.
Post by Cantor, Scott
Post by Farzan Qureshi
Ok first thing first. I was working with ADFS to federate our domain with
office365. However there were several issues related to it. We planned to
move from it to Shibboleth. We have completely remove ADFS role from the
system. We have also uninstalled Microsoft
ADFS update - installed under Programs and features (in control panel).
So now ADFS is completely gone!
What does that have to do with Office 365? How would it know anything
about what you did or didn't do on your own server? If it's been told to
use ADFS and the only way to fix that is by doing what he has told you to
do, then I guess that's what you have to do.
Post by Farzan Qureshi
Now the issue about metadata file. I have following in our
relying-party.xml
That is the reason I am talking about SAML i.e. FederationMetaDataUrl.
What does Shibboleth's own configuration have to do with a setting inside
Office 365? The answer is nothing.
Post by Farzan Qureshi
My understanding is that having FederationMetadataUrl defines which
metadata to read and then follow the links mentioned in it, isn't it?
Apparently that isn't how Office 365 works. If it doesn't support metadata
for SAML, then that's the reality. It sounds to me like the very fact that
it's asking for a URL for metadata is apparently a sign that your service
is not set up to use SAML, but WS-Federation.
Post by Farzan Qureshi
I have made federation changes couple of times from Managed to federated
as you have suggested but that FederationMetadataUrl comes back each time
I federate and supply federation commands in one go. It comes
automatically.
He told you that "federated" in their speak does not mean SAML. So you're
essentially repeating the same error over and over again. He didn't tell
you, ever, to change from managed to federated. Seemed like he said the
opposite to me.
Post by Farzan Qureshi
I have also restarted the system to start again after removing ADFS role
and dependencies (updates).
How does restarting your system impact theirs? It can't.
-- Scott
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
Cantor, Scott
2014-08-20 03:04:40 UTC
Permalink
Post by Farzan Qureshi
Sorry for the confusions.
He told me in other thread that to apply Federated settings, I first have
to make Authentication "Managed" and then apply Federation settings
again. This worked.
And I read him say that "federated" doesn't mean SAML to them and that it
won't work that way. I have no idea if that's true or not.

-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Farzan Qureshi
2014-08-20 03:08:33 UTC
Permalink
Federation in terms of Office365 is to establish trust between Azure AD and
STS. But yes the Protocol is SAML. Microsoft is referring it as Federation
throughout the tech articles.
Post by Cantor, Scott
Post by Farzan Qureshi
Sorry for the confusions.
He told me in other thread that to apply Federated settings, I first have
to make Authentication "Managed" and then apply Federation settings
again. This worked.
And I read him say that "federated" doesn't mean SAML to them and that it
won't work that way. I have no idea if that's true or not.
-- Scott
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
Rob Gorrell
2014-08-20 18:07:28 UTC
Permalink
Post by Farzan Qureshi
Secondly, about the link FederationMetaDataUrl. I understand that it has
nothing to do (for this scenario at least) after the discussion had with
Rob. May be my understanding was wrong. I thought that SP needs a metadata
to process the flow and vice versa. But here, only our IdP needs metadata
file.
To be correct, the SP (O365) does need metadata, it just doesn't get it
from a file or URL... but rather by you 'uploading' it using Powershell
(Set-MsolDomainAuthentication cmdlet to be exact... the params you're
supplying with this are in fact telling the SP about the IdPs metadata).


And yes, I agree with Scott's sentiments... I was struggling as well to
understand how anything you did to the ADFS server mattered. If you
configured the SP to use ADFS, those settings were likely still plugged
into the domain, irregardless of you uninstalling/rebooting/doing whatever
to the ADFS server. IdP and SP configurations happen separately, and my
guess is you still had ADFS settings implanted into your O365 domain that
was causing problems.

And just to be clear about what I mean and I'm no expert on the matter, but
despite being both ways of "federating" with O365, there is little to no
parity in how you configure ADFS vs SAML... and you will find many of the
configuration options and powershell cmdlets that do this work aren't
shared between the two approaches. This is what I meant when I cautioned
you that unless otherwise specifically stated, Microsoft is assuming ADFS
when talking about federating and that has no crossover to the SAML world.

-Rob
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
Farzan Qureshi
2014-08-20 20:31:34 UTC
Permalink
Hi Rob,

Thanks for the information. You are right somewhere on o365 our old
settings are stuck and thus I had issues at first instance which created
all confusion.

I am now able to authenticate at o365 and now the issue is signingout of
the services. Thanks for the information you have provided.

Kind regards,

Farzan
Post by Farzan Qureshi
Secondly, about the link FederationMetaDataUrl. I understand that it has
Post by Farzan Qureshi
nothing to do (for this scenario at least) after the discussion had with
Rob. May be my understanding was wrong. I thought that SP needs a metadata
to process the flow and vice versa. But here, only our IdP needs metadata
file.
To be correct, the SP (O365) does need metadata, it just doesn't get it
from a file or URL... but rather by you 'uploading' it using Powershell
(Set-MsolDomainAuthentication cmdlet to be exact... the params you're
supplying with this are in fact telling the SP about the IdPs metadata).
And yes, I agree with Scott's sentiments... I was struggling as well to
understand how anything you did to the ADFS server mattered. If you
configured the SP to use ADFS, those settings were likely still plugged
into the domain, irregardless of you uninstalling/rebooting/doing whatever
to the ADFS server. IdP and SP configurations happen separately, and my
guess is you still had ADFS settings implanted into your O365 domain that
was causing problems.
And just to be clear about what I mean and I'm no expert on the matter,
but despite being both ways of "federating" with O365, there is little to
no parity in how you configure ADFS vs SAML... and you will find many of
the configuration options and powershell cmdlets that do this work aren't
shared between the two approaches. This is what I meant when I cautioned
you that unless otherwise specifically stated, Microsoft is assuming ADFS
when talking about federating and that has no crossover to the SAML world.
-Rob
--
Robert W. Gorrell
Systems Architect, Identity and Access Management
University of NC at Greensboro
336-334-5954
PGP Key ID B36DB0CA
--
To unsubscribe from this list send an email to
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
Loading...