<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">As it says in the paragraph of documentation that you quoted below, it’s protected the same way that the rest of the UI is protected. This is handled in the main <security:http> block in user-context.xml. <div class=""><br class=""></div><div class=""> — Justin</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Aug 20, 2015, at 9:45 AM, Zhanna Tsitkov <<a href="mailto:tsitkova@mit.edu" class="">tsitkova@mit.edu</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<font color="#232323" class="">Hi,</font>
<div class=""><font color="#232323" class="">According to the documentation for <span style="background-color: rgb(255, 255, 255); line-height: 18px; white-space: pre;" class="">configure method of
</span> <span class="pl-en" style="line-height: 18px; white-space: pre; background-color: rgb(255, 255, 255); box-sizing: border-box;">AuthorizationServerConfigurer
</span><span class="pl-k" style="line-height: 18px; white-space: pre; background-color: rgb(255, 255, 255); box-sizing: border-box;">interface</span><span style="line-height: 18px; white-space: pre; background-color: rgb(255, 255, 255);" class="">
</span></font></div>
<div class=""><span style="color: rgb(51, 51, 51); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; line-height: 18px; white-space: pre; background-color: rgb(255, 255, 255);" class="">"</span></div>
<br class=""><table class="tab-size js-file-line-container highlight" data-tab-size="8" style="box-sizing: border-box; border-collapse: collapse; border-spacing: 0px; tab-size: 8; color: rgb(51, 51, 51); font-family: Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 13px; line-height: 18px; background-color: rgb(255, 255, 255); position: static; z-index: auto;">
<tbody style="box-sizing: border-box;" class="">
<tr style="box-sizing: border-box;" class="">
<td id="LC32" class="js-file-line blob-code-inner blob-code" style="box-sizing: border-box; padding: 0px 10px; position: relative; vertical-align: top; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; white-space: pre; overflow: visible; word-wrap: normal;">
<br class="">
</td>
</tr>
<tr style="box-sizing: border-box;" class="">
<td id="L33" class="blob-num js-line-number" data-line-number="33" style="box-sizing: border-box; padding: 0px 10px; width: 50px; min-width: 50px; white-space: nowrap; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; vertical-align: top; text-align: right; border-style: solid; border-color: rgb(238, 238, 238); border-width: 0px 1px 0px 0px; cursor: pointer; -webkit-user-select: none;">
</td>
<td id="LC33" class="js-file-line blob-code-inner blob-code" style="box-sizing: border-box; padding: 0px 10px; position: relative; vertical-align: top; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; white-space: pre; overflow: visible; word-wrap: normal;">
<span class="pl-c" style="box-sizing: border-box; color: rgb(150, 152, 150);">* The /oauth/authorize endpoint also needs to be secure, but that is a normal user-facing endpoint and should be</span></td>
</tr>
<tr style="box-sizing: border-box;" class="">
<td id="L34" class="blob-num js-line-number" data-line-number="34" style="box-sizing: border-box; padding: 0px 10px; width: 50px; min-width: 50px; white-space: nowrap; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; vertical-align: top; text-align: right; border-style: solid; border-color: rgb(238, 238, 238); border-width: 0px 1px 0px 0px; cursor: pointer; -webkit-user-select: none;">
</td>
<td id="LC34" class="js-file-line blob-code-inner blob-code" style="box-sizing: border-box; padding: 0px 10px; position: relative; vertical-align: top; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; white-space: pre; overflow: visible; word-wrap: normal;">
<span class="pl-c" style="box-sizing: border-box; color: rgb(150, 152, 150);">* secured the same way as the rest of your UI, so is not covered here. The default settings cover the most common</span></td>
</tr>
<tr style="box-sizing: border-box;" class="">
<td id="L35" class="blob-num js-line-number" data-line-number="35" style="box-sizing: border-box; padding: 0px 10px; width: 50px; min-width: 50px; white-space: nowrap; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; vertical-align: top; text-align: right; border-style: solid; border-color: rgb(238, 238, 238); border-width: 0px 1px 0px 0px; cursor: pointer; -webkit-user-select: none;">
</td>
<td id="LC35" class="js-file-line blob-code-inner blob-code" style="box-sizing: border-box; padding: 0px 10px; position: relative; vertical-align: top; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; white-space: pre; overflow: visible; word-wrap: normal;">
<span class="pl-c" style="box-sizing: border-box; color: rgb(150, 152, 150);">* requirements, following recommendations from the OAuth2 spec, so you don't need to do anything here to get a</span></td>
</tr>
<tr style="box-sizing: border-box;" class="">
<td id="L36" class="blob-num js-line-number" data-line-number="36" style="box-sizing: border-box; padding: 0px 10px; width: 50px; min-width: 50px; white-space: nowrap; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; vertical-align: top; text-align: right; border-style: solid; border-color: rgb(238, 238, 238); border-width: 0px 1px 0px 0px; cursor: pointer; -webkit-user-select: none;">
</td>
<td id="LC36" class="js-file-line blob-code-inner blob-code" style="box-sizing: border-box; padding: 0px 10px; position: relative; vertical-align: top; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; white-space: pre; overflow: visible; word-wrap: normal;">
<span class="pl-c" style="box-sizing: border-box; color: rgb(150, 152, 150);">* basic server up and running.</span></td>
</tr>
</tbody>
</table>
<div class="">"</div>
<div class="">In MitreID Connect it looks like this EP is not explicitly protected. How it is done? </div>
<div class="">Thanks,</div>
<div class="">Zhanna</div>
</div>
_______________________________________________<br class="">mitreid-connect mailing list<br class=""><a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a><br class="">http://mailman.mit.edu/mailman/listinfo/mitreid-connect<br class=""></div></blockquote></div><br class=""></div></body></html>