[mitreid-connect] Delegated Login
Luiz Omori
luiz.omori at duke.edu
Thu Nov 10 10:36:48 EST 2016
Hello Dominik,
Yes, that’s why we had to extend MitreID and implement this flow with an overlay.
Regards,
Luiz
From: Dominik Schmich <icemanno1 at gmail.com>
Date: Thursday, November 10, 2016 at 10:30 AM
To: Luiz Omori <luiz.omori at duke.edu>, "mitreid-connect at mit.edu" <mitreid-connect at mit.edu>
Subject: Re: [mitreid-connect] Delegated Login
Hi Luiz,
Thanks for the answer.
Before I wrote this article I was checking in GitHub and MitreId supports the mentioned RFC. As far as I could find in the code, only for client application authentication and not end user authentication, even though the RFC is talking supporting both.
Greets,
Dominik
Luiz Omori <luiz.omori at duke.edu<mailto:luiz.omori at duke.edu>> schrieb am Do., 10. Nov. 2016, 15:30:
We had a similar use case and used this: https://tools.ietf.org/html/rfc7523<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc7523&d=CwMFaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=R6m41WT3w_KtulQAsSIxc_C2mwuKoWSycEMpss0QQJA&m=vruon4vvHaIY0qCLPbRVvXrRuYSg5ceWZYi-ZEapWnA&s=80AFDYW97aqmD1dDHRKzDTWwwycE0nv8QfhogeL8Kk0&e=>
Implemented this flow through a simple overlay to MitreID.
Regards,
Luiz
From: <mitreid-connect-bounces at mit.edu<mailto:mitreid-connect-bounces at mit.edu>> on behalf of Dominik Schmich <icemanno1 at gmail.com<mailto:icemanno1 at gmail.com>>
Date: Thursday, November 10, 2016 at 5:08 AM
To: "mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>" <mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>>
Subject: [mitreid-connect] Delegated Login
Hi team,
is it possible to login a resource owner/end-user authenticated by a different identiy provider?
Here's our use case: Partner Portal (which we trust has secure user authentication) needs a token issued by our MitreId Instance to access our resource server. Therefore can we transfer the authenticated user ID and use it to provide an access token (if required provide consent if not done yet) and avoid the user login screen?
Thanks,
Dominik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20161110/3f1e1f8a/attachment.html
More information about the mitreid-connect
mailing list