Collaborate without boundaries
Options
Thread details
  • 6 Replies
  • 2 Subscribers
  • Posted9 months ago
Top contributors
mchv2.0
1770 Posts
Robert Edward
709 Posts
AppRiver_DPetree
385 Posts
Jesper Stahle
362 Posts
TheAperture
200 Posts
Connect with us
Office 365   Forums   Directory integration services   Something is wrong in my Office 365 SSO
  • Advanced

Something is wrong in my Office 365 SSO

Something is wrong in my Office 365 SSO

  • 2 Followers
  • 6 Replies |
  • This post has 0 verified answers |
Answered (Not Verified) This question has suggested answer(s)
Posted
on 8/20/2012 11:09 PM

Hi everyone,

 

I have deployed Office 365 Single Sign-on with Active Directory Federation Services 2.0 in conjunction with directory synchronization. The helpful reference I have used here: http://www.microsoft.com/en-us/download/details.aspx?id=28971. In this document, Microsoft states : Work computer on a corporate network: When users are at work and signed in to the corporate network, single sign-on enables them to access the services in Office 365 without signing in again. However, after doing some tasks, I still can achieve objective as the statement.

My environment has two servers: Federation server and Synchronization server. SSL self-signed certificate is used in Federation server. These severs have already joined to domain.

  • Domain name: thesoldier.net
  • Federation server: fed.thesoldier.net
  • Office 365 Team site: soldier.sharepoint.com
  • Domain thesoldier.net is verified in Office 365

I have found out some tips on the Internet and done the following:

  • Enable Windows Authentication in IIS in Federation server
  • Add the site http/https://soldier.sharepoint.com to Local intranet zone in Internet Explorer.
  • Add the site  https://fed.thesoldier.net to Trusted sites zone in Internet Explorer.
  • Export SSL self-signed certificate
  • Open Internet Explorer option, click Content tab > Certificates. In the Certificates windows, click Intermediate Certification Authorities and then import the SSL self-signed certificate. Repeat this step for Trusted Root Certification Authorities

However, at the first time I open my Office 365 team site, I get directed to https://login.microsoftonline.com/. The username thuan@thesoldier.net is available. I just need to "Sign in at fed.thesoldier.net", and then I get redirected to the Certification Error: Navigation Blocked page, here I have to click Continue to this website (not recommended) and then the Windows credential prompts. Here I type my credential and get directed to Office 365.

The key things I want:

  1. Is there any possibility to pass SSL Self-Signed Certificate in Internet Explorer ? This basically means end-users don't get this error page as well as to click Continue to this website (not recommended).
  2. As Microsoft says, when my computer has been logged to domain internally in corporate network, I don't have to type any credential even the first time. What I need to do is just open Office 365 team site in Internet Explorer and my credential will be automatically passed. 

Your recommendations are greatly appreciated.

 

Regards,

-T.s

All Replies
Page 1 of 1 (7 items)