We have Shibboleth 3.4.4 as Idp for Azure, and it works perfectly by using SAML when it comes about logging into the portal. But when we try to enroll Windows 10 devices into AAD we have the problem that it only works if the Idp is able to speak ws-fed and ws-trust
We couldn't find the way to make those protocols work with shibboleth.
Is there any tutorial or example, or walkaround that someone has been able to use in any place?
If it is impossible to do with Shibboleth Idp, it would be nice if someone knows other free idp which speaks those protocols.
Thanks in advance!
Shibboleth doesn't support WS-Federation as an identity provider.
You can give Keycloak a shot, it supports WS-Fed passive profile (with some additional limitations) via an extension. This may or may not be enough to manage enrollment of W10 devices into AAD.