This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Configuring Azure Active Directory to Trust WSO2 Identity Server
This section provides instructions on how to configure the Azure Active Directory to trust the on-premise IdP (the WSO2 Identity Server) as the first part of the process of configuring WS-Federation with Office 365.
Prerequisites
Office 365 Business Account with access to the Admin Portal
An internet-resolvable domain name (Office 365 SSO requires each user's username to have an Internet-resolvable domain name as the suffix. You cannot federate the default domain that is provided by Microsoft that ends with "onmicrosoft.com")
A Windows Platform with Windows Azure Active Directory Powershell installed
Configuring Azure AD
Start the Windows Azure Active Directory Powershell.
The following commands connect with Windows Azure AD Powershell.
This command prompts user credentials.
Run $cred=Get-CredentialThis command connects with the stored credentials. Provided that the credentials are accurate, the connection will be successful.
Connect-MsolService -Credential $credThis command verifies the availability of the validated domain. This will return the Status and Authentication. The ‘Status’ of our domain should be ‘Verified’, and ‘Authentication’ should be ‘Managed’.
Get-MsolDomain
Configure the domain as a federated domain, providing respective federation settings that match the IdP. Store the following federation settings in parameters. Replace the values below with your own.
Store your domain
$dom = "wso2test.com" $brandname = "wso2"Set the Issuer Id of the IdP. This value should be the same as the Identity Provider Entity Id in the Resident IDP of WSO2 Identity server.
$issuerUri = "https://wso2test.com"Set the Passive STS Endpoint URL of the IdP. This should be the Passive STS endpoint of the WSO2 Identity server.
$passiveLogonUri = "https://wso2test.com/passivests"Set the MetaData Exchange endpoint URL of the IdP.
$mex = "https://wso2test.com/services/mex-ut"Store the IdP Certificate. Base64 encoded signing certificate of WSO2 IS should be given here. For default keystore configured in WSO2 IS certificate is as below.
$cert = "MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo="
Run the following command to establish the trust.
Set-MsolDomainAuthentication -DomainName $dom -Authentication Federated -ActiveLogOnUri $activeLogonUri -IssuerUri $issuerUri -SigningCertificate $cert -LogOffUri $passiveLogonUri -FederationBrandName $brandname -MetadataExchangeUri $mex -PassiveLogOnUri $passiveLogonUri -PreferredAuthenticationProtocol WsFedRun the following command to verify the federation settings
Get-MsolDomainFederationSettings -Domain $domain
You have now successfully configured the Azure Active Directory to trust our on-premises IdP (WSO2 Identity Server). For the next part of the process of configuring WS-Federation with Office 365, see Configuring Office 365 WS-Federation with Identity Server.