web-sso-with-cloud-ad-Office365-users

1
votes

What is the best solution to implement web-sso-with-cloud-ad-o365-users on in a .net application? I have goggled and found few solutions but I am not very convinced with those solutions.

I'm building an ASP.NET web application on windows Azure.Application Username and password are same as office 365 with Windows Identity Foundation.

Can I establish single sign on between the my app and the Office365 environment? So the user will have to log into Office365 once he is logged into the my app.

I have try below link and made MVC3 Web Application.

https://www.windowsazure.com/en-us/develop/net/how-to-guides/web-sso/

http://veerendracloudblogs.blogspot.in/2012/07/web-sso-with-cloud-ad-o365-users.html

when i run application and provide login credential Error Occur:-

Server Error in '/' Application.

ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris. Audience: 'spn:b6933382-49c5-4430-81cc-36dd50a3c971'

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException: ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris. Audience: 'spn:b6933382-49c5-4430-81cc-36dd50a3c971'

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[AudienceUriValidationFailedException: ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris. Audience: 'spn:b6933382-49c5-4430-81cc-36dd50a3c971'] Microsoft.IdentityModel.Tokens.SamlSecurityTokenRequirement.ValidateAudienceRestriction(IList1 allowedAudienceUris, IList1 tokenAudiences) +1287 Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateConditions(Saml2Conditions conditions, Boolean enforceAudienceRestriction) +2309 Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ValidateToken(SecurityToken token) +786 Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token) +297 Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri) +279 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) +822 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +363 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69

1
azuresingle-sign-onoffice365

1 Answers

1
votes

It seems you do have correct information above however when you said you "did not get success" what does it mean. What actually happen when you try to configure it and what actually happen when connection did not work. You need to add some error information to get accurate help.

Most of the problem I have seen are related with getting/setting proper smart link which is used in web application to transfer users to O365 servers to get positive authentication claim. So if you have passed that point there should not be problem as once you have the claim, you are authenticated user. So what you really need is to use Smart Links correction and the problem is described below in details so verify that you do have it setup correctly:

Using smart links or IdP initiated authentication with Office 365

Office 365 Single Sign-On configuration is done in conjunction with corporate ADFS supported through WS-Federation (WS-Fed) and WS-Trust protocols and a white paper "Office 365 Single Sign-On with AD FS 2.0 whitepaper" is here to explain the process.

You can also take a look at SAML 2.0 protocol based Internet2 Shibboleth 2, claims-based (Web) single sign-on with Office 365 offering here.