Hi Luiz,<div>Thanks for the answer.</div><div><span style="font-size:13px">Before I wrote this article I was checking in GitHub and MitreId supports the mentioned RFC. As far as I could find in the code, only for client application authentication and not end user authentication, even though the RFC is talking supporting both.</span></div><div>Greets,</div><div>Dominik<br><br><div class="gmail_quote"><div dir="ltr">Luiz Omori <<a href="mailto:luiz.omori@duke.edu">luiz.omori@duke.edu</a>> schrieb am Do., 10. Nov. 2016, 15:30:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72" class="gmail_msg">
<div class="m_-3770884615487121199WordSection1 gmail_msg">
<p class="MsoNormal gmail_msg"><span style="font-size:11.0pt;font-family:Calibri" class="gmail_msg">We had a similar use case and used this: <a href="https://tools.ietf.org/html/rfc7523" class="gmail_msg" target="_blank">https://tools.ietf.org/html/rfc7523</a><u class="gmail_msg"></u><u class="gmail_msg"></u></span></p>
<p class="MsoNormal gmail_msg"><span style="font-size:11.0pt;font-family:Calibri" class="gmail_msg"><u class="gmail_msg"></u> <u class="gmail_msg"></u></span></p>
<p class="MsoNormal gmail_msg"><span style="font-size:11.0pt;font-family:Calibri" class="gmail_msg">Implemented this flow through a simple overlay to MitreID.<u class="gmail_msg"></u><u class="gmail_msg"></u></span></p>
<p class="MsoNormal gmail_msg"><span style="font-size:11.0pt;font-family:Calibri" class="gmail_msg"><u class="gmail_msg"></u> <u class="gmail_msg"></u></span></p>
<p class="MsoNormal gmail_msg"><span style="font-size:11.0pt;font-family:Calibri" class="gmail_msg">Regards,<u class="gmail_msg"></u><u class="gmail_msg"></u></span></p>
<p class="MsoNormal gmail_msg"><span style="font-size:11.0pt;font-family:Calibri" class="gmail_msg">Luiz<u class="gmail_msg"></u><u class="gmail_msg"></u></span></p>
<p class="MsoNormal gmail_msg"><span style="font-size:11.0pt;font-family:Calibri" class="gmail_msg"><u class="gmail_msg"></u> <u class="gmail_msg"></u></span></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in" class="gmail_msg">
<p class="MsoNormal gmail_msg"><b class="gmail_msg"><span style="font-family:Calibri;color:black" class="gmail_msg">From: </span>
</b><span style="font-family:Calibri;color:black" class="gmail_msg"><<a href="mailto:mitreid-connect-bounces@mit.edu" class="gmail_msg" target="_blank">mitreid-connect-bounces@mit.edu</a>> on behalf of Dominik Schmich <<a href="mailto:icemanno1@gmail.com" class="gmail_msg" target="_blank">icemanno1@gmail.com</a>><br class="gmail_msg">
<b class="gmail_msg">Date: </b>Thursday, November 10, 2016 at 5:08 AM<br class="gmail_msg">
<b class="gmail_msg">To: </b>"<a href="mailto:mitreid-connect@mit.edu" class="gmail_msg" target="_blank">mitreid-connect@mit.edu</a>" <<a href="mailto:mitreid-connect@mit.edu" class="gmail_msg" target="_blank">mitreid-connect@mit.edu</a>><br class="gmail_msg">
<b class="gmail_msg">Subject: </b>[mitreid-connect] Delegated Login<u class="gmail_msg"></u><u class="gmail_msg"></u></span></p>
</div></div></div><div bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72" class="gmail_msg"><div class="m_-3770884615487121199WordSection1 gmail_msg">
<div class="gmail_msg">
<p class="MsoNormal gmail_msg"><u class="gmail_msg"></u> <u class="gmail_msg"></u></p>
</div>
<p class="MsoNormal gmail_msg">Hi team, <u class="gmail_msg"></u><u class="gmail_msg"></u></p>
<div class="gmail_msg">
<p class="MsoNormal gmail_msg">is it possible to login a resource owner/end-user authenticated by a different identiy provider?<u class="gmail_msg"></u><u class="gmail_msg"></u></p>
</div>
<div class="gmail_msg">
<p class="MsoNormal gmail_msg">Here's our use case: Partner Portal (which we trust has secure user authentication) needs a token issued by our MitreId Instance to access our resource server. Therefore can we transfer the authenticated user ID and use it to provide an
access token (if required provide consent if not done yet) and avoid the user login screen?<u class="gmail_msg"></u><u class="gmail_msg"></u></p>
</div>
<div class="gmail_msg">
<p class="MsoNormal gmail_msg">Thanks,<u class="gmail_msg"></u><u class="gmail_msg"></u></p>
</div>
<div class="gmail_msg">
<p class="MsoNormal gmail_msg">Dominik<u class="gmail_msg"></u><u class="gmail_msg"></u></p>
</div>
</div></div></blockquote></div></div>