<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.gmailmsg
{mso-style-name:gmail_msg;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Hello Dominik,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Yes, that’s why we had to extend MitreID and implement this flow with an overlay.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Luiz<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:Calibri;color:black">From: </span>
</b><span style="font-family:Calibri;color:black">Dominik Schmich <icemanno1@gmail.com><br>
<b>Date: </b>Thursday, November 10, 2016 at 10:30 AM<br>
<b>To: </b>Luiz Omori <luiz.omori@duke.edu>, "mitreid-connect@mit.edu" <mitreid-connect@mit.edu><br>
<b>Subject: </b>Re: [mitreid-connect] Delegated Login<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">Hi Luiz, <o:p></o:p></p>
<div>
<p class="MsoNormal">Thanks for the answer.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">Before I wrote this article I was checking in GitHub and MitreId supports the mentioned RFC. As far as I could find in the code, only for client application authentication and not end user authentication,
even though the RFC is talking supporting both.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Greets,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Dominik<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">Luiz Omori <<a href="mailto:luiz.omori@duke.edu">luiz.omori@duke.edu</a>> schrieb am Do., 10. Nov. 2016, 15:30:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span class="gmailmsg"><span style="font-size:11.0pt;font-family:Calibri">We had a similar use case and used this:
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc7523&d=CwMFaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=R6m41WT3w_KtulQAsSIxc_C2mwuKoWSycEMpss0QQJA&m=vruon4vvHaIY0qCLPbRVvXrRuYSg5ceWZYi-ZEapWnA&s=80AFDYW97aqmD1dDHRKzDTWwwycE0nv8QfhogeL8Kk0&e=" target="_blank">
https://tools.ietf.org/html/rfc7523</a></span></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span class="gmailmsg"><span style="font-size:11.0pt;font-family:Calibri"> </span></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span class="gmailmsg"><span style="font-size:11.0pt;font-family:Calibri">Implemented this flow through a simple overlay to MitreID.</span></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span class="gmailmsg"><span style="font-size:11.0pt;font-family:Calibri"> </span></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span class="gmailmsg"><span style="font-size:11.0pt;font-family:Calibri">Regards,</span></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span class="gmailmsg"><span style="font-size:11.0pt;font-family:Calibri">Luiz</span></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span class="gmailmsg"><span style="font-size:11.0pt;font-family:Calibri"> </span></span><o:p></o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span class="gmailmsg"><b><span style="font-family:Calibri;color:black">From:
</span></b></span><span class="gmailmsg"><span style="font-family:Calibri;color:black"><<a href="mailto:mitreid-connect-bounces@mit.edu" target="_blank">mitreid-connect-bounces@mit.edu</a>> on behalf of Dominik Schmich <<a href="mailto:icemanno1@gmail.com" target="_blank">icemanno1@gmail.com</a>></span></span><span style="font-family:Calibri;color:black"><br>
<span class="gmailmsg"><b>Date: </b>Thursday, November 10, 2016 at 5:08 AM</span><br>
<span class="gmailmsg"><b>To: </b>"<a href="mailto:mitreid-connect@mit.edu" target="_blank">mitreid-connect@mit.edu</a>" <<a href="mailto:mitreid-connect@mit.edu" target="_blank">mitreid-connect@mit.edu</a>></span><br>
<span class="gmailmsg"><b>Subject: </b>[mitreid-connect] Delegated Login</span></span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi team,
<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">is it possible to login a resource owner/end-user authenticated by a different identiy provider?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Here's our use case: Partner Portal (which we trust has secure user authentication) needs a token issued by our MitreId Instance to access our resource server. Therefore can we
transfer the authenticated user ID and use it to provide an access token (if required provide consent if not done yet) and avoid the user login screen?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Thanks,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Dominik<o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</body>
</html>