Which SAML version to use to interop custom STS/ IdP and Azure AD for Office365 authentication?


  • Trying to do interop our custom STS/ IdP (supports SAML2.0 protocol) and Azure AD for Office 365 authentication using WS-Fed Passive Requester UsernameToken Profile.

    Referred blog, where it says, "Office 365 supports SAML2.0 protocol".

    But from the 'STS Integration Paper using WS Protocols' document (under section 2.2 Token Contents), it says "The token is structured based on a SAML 1.1 token..." and sample response in the doc has SAML1.1 specific assertion only.

    Which version of SAML protocol (1.1 or 2.0) to use, so that Azure AD accept and process the SAML assertion/ token sent by our custom STS/ IdP? or Is that integration doc is outdated?

    Your answers help me whether I should implement SAML1.1 in our custom STS/ IdP or not.

    PS: Somehow, I'm not able to embed the links for Office blog and STS Integration Paper doc in this message. So pasting SO link here,

    • Edited by Zeitgiest Wednesday, May 3, 2017 6:07 PM
    Wednesday, May 3, 2017 4:29 AM