How to setup shibboleth for saml azure ad

Question

Hey I have given a task to setup shibboleth to authenticate my web application ( .net core application (SP) ) using saml 2.0 with azure ad. My web application will act as SP and will manipulate the claims/attributes returned from IDP which is azure ad in my case. I have made a research but could not find any relevant documentation or implementation example of configuring shibboleth as a SP for saml authentication using azure ad as (IDP). Can we setup shibboleth to support saml 2.0 with azure ad? Also I am wondering after successful authentication how claims/attributes will pass from shibboleth to my application so that I can further use them for processing?

Answer 1

Please check if this blog> Azure AD SAML federation using Shibboleth SP | by Rohan Islam | Medium can be worked around in your case.

1. Configure the SAML SSO in azure ad portal for the application by selecting Single sign on and Copy the identities to use later.
2. Try to do Shibboleth SP configuration by updating shibboleth2.xml file under /etc/shibboleth directory.
3. Update the applications’s entity ID , session lifetime configuration .Also change sso entity ID with the azure AD generated entity ID.
4. Generate SP Metadata by accessing the metatdata url and by making the required changes .This SP metadata xml file is to be uploaded in sso page of azure ad under mange identity section.

All the mapped attributes will be stored in the session so that you can access them in your application. SP makes attribute and other session information available to applications is by "exporting" the data to a set of environment variables or HTTP request headers using HTTP_ PREFIX

References:

1. NativeSPAttributeAccess (atlassian.net)
2. How to read attributes? - Stack Overflow or NativeSPAddAttribute - Shibboleth 2 - Confluence (atlassian.net)
3. c# - asp.net MVC authentication with Shibboleth - Stack Overflow