[mitreid-connect] Delegated Login

[Luiz Omori]

Hello William,

We used the LDAP overlay and extended as necessary to integrate this flow. It has some local sensitive configurations that I will remove and send to you. It may not compile and/or run properly but should give you an idea.

Obviously as this is not provided directly by MitreID so be careful and be aware of the risks involved. All the bla, bla legal claims, etc apply :)

Regards,
Luiz

From: William Hadden1 <WilHadden at uk.ibm.com>
Date: Thursday, November 10, 2016 at 10:45 AM
To: Luiz Omori <luiz.omori at duke.edu>
Cc: "icemanno1 at gmail.com" <icemanno1 at gmail.com>, "mitreid-connect at mit.edu" <mitreid-connect at mit.edu>
Subject: Re: [mitreid-connect] Delegated Login

Hi Luiz,

I have been doing something which I think is very similar recently. Are you able to share your overlay or is it proprietary?

Wil


----- Original message -----
From: Luiz Omori <luiz.omori at duke.edu>
Sent by: mitreid-connect-bounces at mit.edu
To: Dominik Schmich <icemanno1 at gmail.com>, "mitreid-connect at mit.edu" <mitreid-connect at mit.edu>
Cc:
Subject: Re: [mitreid-connect] Delegated Login
Date: Thu, Nov 10, 2016 3:38 PM



Hello Dominik,



Yes, that’s why we had to extend MitreID and implement this flow with an overlay.



Regards,

Luiz



From: Dominik Schmich <icemanno1 at gmail.com>
Date: Thursday, November 10, 2016 at 10:30 AM
To: Luiz Omori <luiz.omori at duke.edu>, "mitreid-connect at mit.edu" <mitreid-connect at mit.edu>
Subject: Re: [mitreid-connect] Delegated Login



Hi Luiz,

Thanks for the answer.

Before I wrote this article I was checking in GitHub and MitreId supports the mentioned RFC. As far as I could find in the code, only for client application authentication and not end user authentication, even though the RFC is talking supporting both.

Greets,

Dominik

Luiz Omori <luiz.omori at duke.edu<mailto:luiz.omori at duke.edu>> schrieb am Do., 10. Nov. 2016, 15:30:

We had a similar use case and used this: https://tools.ietf.org/html/rfc7523<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc7523&d=CwMFaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=R6m41WT3w_KtulQAsSIxc_C2mwuKoWSycEMpss0QQJA&m=vruon4vvHaIY0qCLPbRVvXrRuYSg5ceWZYi-ZEapWnA&s=80AFDYW97aqmD1dDHRKzDTWwwycE0nv8QfhogeL8Kk0&e=>



Implemented this flow through a simple overlay to MitreID.



Regards,

Luiz



From: <mitreid-connect-bounces at mit.edu<mailto:mitreid-connect-bounces at mit.edu>> on behalf of Dominik Schmich <icemanno1 at gmail.com<mailto:icemanno1 at gmail.com>>
Date: Thursday, November 10, 2016 at 5:08 AM
To: "mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>" <mitreid-connect at mit.edu<mailto:mitreid-connect at mit.edu>>
Subject: [mitreid-connect] Delegated Login



Hi team,

is it possible to login a resource owner/end-user authenticated by a different identiy provider?

Here's our use case: Partner Portal (which we trust has secure user authentication) needs a token issued by our MitreId Instance to access our resource server. Therefore can we transfer the authenticated user ID and use it to provide an access token (if required provide consent if not done yet) and avoid the user login screen?

Thanks,

Dominik
_______________________________________________
mitreid-connect mailing list
mitreid-connect at mit.edu
http://mailman.mit.edu/mailman/listinfo/mitreid-connect<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.mit.edu_mailman_listinfo_mitreid-2Dconnect&d=CwMFaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=R6m41WT3w_KtulQAsSIxc_C2mwuKoWSycEMpss0QQJA&m=ZLkhUkbS7ugSptjqGiODAjgVpMazZCt0Pm1ZQpM6--M&s=rBMCfylXcbBRoxV0UnwDwY8w0xX78WTJlvw6o7xLMjk&e=>

Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20161110/cbcf8aec/attachment-0001.html