Implement SSO between a custom app and Microsoft 365 with custom identity provider

Eduard Paul Lakida

11/11/23, 9:37 PM

I’m trying to implement SSO between a custom app and Microsoft 365 so that when the users hit any link to Teams o SharePoint Online in the Liferay app, ADFS doesn't ask for credentials. Context:

ADFS is owned by corp global IT team and changing its IdP role for AAD/M365 environment is not feasible… Also “Custom SSO provider” cannot replace ADFS as it doesn’t have windows credentials SSO (not all app users have corp devices).
On user’s initial access to the “Custom App” it should be presented with a selection of the two company’s already available IdP’s (distribution screen to sms / certificate). These are not connected to the ADFS nor AAD.

Omitting the fact that the IdP situation is far from ideal and that SSO requires a single IdP:

Is It possible to create a trust between ADFS and a “Custom SSO provider” so that if the SAML request is initiated in Liferay, ADFS redirects the user to “Custom SSO provider” distribution page? This should not change the AAD/M365 SAML flow which should end in the LDAP credentials screen.
is there any way/trick to propagate user sign-in action from the “Custom SSO provider” to the company ADFS?

129

0 + 0

single-sign-on

azure

adfs

saml

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Implement SSO between a custom app and Microsoft 365 with custom identity provider

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.