<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Right, your user service layer would need to account for users coming from different domains, and the token service layer would need to inject the appropriate information into the generated tokens.<div class=""><br class=""></div><div class="">In short, the server wasn’t really set up for that, but at its core it’s a federation server so it could be customized in such a way to act like you’re looking for, probably. </div><div class=""><br class=""></div><div class=""> — Justin</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Sep 6, 2016, at 9:23 AM, Luiz Omori <<a href="mailto:luiz.omori@duke.edu" class="">luiz.omori@duke.edu</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="WordSection1" style="page: WordSection1; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><span style="font-size: 11pt; font-family: Calibri;" class="">2) Custom service layer: could you elaborate? I was thinking the user would have to enter something like domain1/john or domain2/john and upon the user verification against the referred domain, the returned id token would return the user data including the domain where she was validated against.<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><span style="font-size: 11pt; font-family: Calibri;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><span style="font-size: 11pt; font-family: Calibri;" class="">Regards,<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><span style="font-size: 11pt; font-family: Calibri;" class="">Luiz<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><span style="font-size: 11pt; font-family: Calibri;" class=""><o:p class=""> </o:p></span></div><div style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in;" class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><b class=""><span style="font-family: Calibri;" class="">From:<span class="Apple-converted-space"> </span></span></b><span style="font-family: Calibri;" class="">Justin Richer <<a href="mailto:jricher@mit.edu" class="">jricher@mit.edu</a>><br class=""><b class="">Date:<span class="Apple-converted-space"> </span></b>Friday, September 2, 2016 at 3:52 PM<br class=""><b class="">To:<span class="Apple-converted-space"> </span></b>Luiz Omori <<a href="mailto:luiz.omori@duke.edu" class="">luiz.omori@duke.edu</a>><br class=""><b class="">Cc:<span class="Apple-converted-space"> </span></b>"<a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a>" <<a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a>><br class=""><b class="">Subject:<span class="Apple-converted-space"> </span></b>Re: [mitreid-connect] Post Logout redirect and user domains<o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><o:p class=""> </o:p></div></div><div class=""><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class="">1) Yes, at some point. Nothing specific, especially considering the fluctuations of the logout spec.<o:p class=""></o:p></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class="">2) No, but you might be able to do that with a custom service layer. <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""> — Justin<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><o:p class=""> </o:p></div><div class=""><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class="">On Sep 2, 2016, at 8:31 PM, Luiz Omori <<a href="mailto:luiz.omori@duke.edu" style="color: purple; text-decoration: underline;" class="">luiz.omori@duke.edu</a>> wrote:<o:p class=""></o:p></div></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><o:p class=""> </o:p></div><div class=""><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; background-color: white;" class=""><span style="font-size: 11pt; font-family: Calibri;" class="">Hi,</span><span style="font-family: Calibri;" class=""><o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; background-color: white;" class=""><span style="font-size: 11pt; font-family: Calibri;" class=""> </span><span style="font-family: Calibri;" class=""><o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; background-color: white;" class=""><span style="font-size: 11pt; font-family: Calibri;" class="">A couple of questions:</span><span style="font-family: Calibri;" class=""><o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; background-color: white;" class=""><span style="font-size: 11pt; font-family: Calibri;" class=""> </span><span style="font-family: Calibri;" class=""><o:p class=""></o:p></span></div></div><div style="margin-left: 0.5in;" class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; text-indent: -0.25in; background-color: white;" class=""><span style="font-size: 11pt; font-family: Calibri;" class="">1.</span><span style="font-size: 7pt;" class=""> <span class="apple-converted-space"> </span></span><span style="font-size: 11pt; font-family: Calibri;" class="">Post Logout Redirect is listed as NYI, or so is on the version we are using 1.2.2. Any plans to implement it?</span><span style="font-family: Calibri;" class=""><o:p class=""></o:p></span></div></div><div style="margin-left: 0.5in;" class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; text-indent: -0.25in; background-color: white;" class=""><span style="font-size: 11pt; font-family: Calibri;" class="">2.</span><span style="font-size: 7pt;" class=""> <span class="apple-converted-space"> </span></span><span style="font-size: 11pt; font-family: Calibri;" class="">Use domains: does MitreID support multiple user domains, each one having its own database for credentials?</span><span style="font-family: Calibri;" class=""><o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; background-color: white;" class=""><span style="font-size: 11pt; font-family: Calibri;" class=""> </span><span style="font-family: Calibri;" class=""><o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; background-color: white;" class=""><span style="font-size: 11pt; font-family: Calibri;" class="">Regards,</span><span style="font-family: Calibri;" class=""><o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman'; background-color: white;" class=""><span style="font-size: 11pt; font-family: Calibri;" class="">Luiz</span><span style="font-family: Calibri;" class=""><o:p class=""></o:p></span></div></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><span style="font-size: 9pt; font-family: Helvetica; background-color: white; background-position: initial initial; background-repeat: initial initial;" class="">_______________________________________________</span><span style="font-size: 9pt; font-family: Helvetica;" class=""><br class=""><span style="background-color: white; background-position: initial initial; background-repeat: initial initial;" class="">mitreid-connect mailing list</span><br class=""></span><a href="mailto:mitreid-connect@mit.edu" style="color: purple; text-decoration: underline;" class=""><span style="font-size: 9pt; font-family: Helvetica; color: rgb(149, 79, 114); background-color: white; background-position: initial initial; background-repeat: initial initial;" class="">mitreid-connect@mit.edu</span></a><span style="font-size: 9pt; font-family: Helvetica;" class=""><br class=""></span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.mit.edu_mailman_listinfo_mitreid-2Dconnect&d=CwMFaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=R6m41WT3w_KtulQAsSIxc_C2mwuKoWSycEMpss0QQJA&m=44NpWr6ClN0XfHoCwi3Xw4LBAbPjncBOZV5rpUSse2M&s=Xzn3CP9LL7C75fZkwHFoVt5eG1kyogwcvsRl6Cztj0o&e=" style="color: purple; text-decoration: underline;" class=""><span style="font-size: 9pt; font-family: Helvetica; color: rgb(149, 79, 114); background-color: white; background-position: initial initial; background-repeat: initial initial;" class="">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</span></a><o:p class=""></o:p></div></div></blockquote></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman';" class=""><o:p class=""> </o:p></div></div></div></div></div></div></blockquote></div><br class=""></div></body></html>