<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" >Hi Luiz,</div>
<div dir="ltr" > </div>
<div dir="ltr" >I have been doing something which I think is very similar recently. Are you able to share your overlay or is it proprietary?</div>
<div dir="ltr" > </div>
<div dir="ltr" >Wil</div>
<div dir="ltr" > </div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: Luiz Omori <luiz.omori@duke.edu><br>Sent by: mitreid-connect-bounces@mit.edu<br>To: Dominik Schmich <icemanno1@gmail.com>, "mitreid-connect@mit.edu" <mitreid-connect@mit.edu><br>Cc:<br>Subject: Re: [mitreid-connect] Delegated Login<br>Date: Thu, Nov 10, 2016 3:38 PM<br> <br><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" >-->
<div><p><span style="font-size:11.0pt;font-family:Calibri" >Hello Dominik,<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:Calibri" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:Calibri" >Yes, that’s why we had to extend MitreID and implement this flow with an overlay.<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:Calibri" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:Calibri" >Regards,<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:Calibri" >Luiz<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:Calibri" ><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in" ><p><b><span style="font-family:Calibri;color:black" >From: </span> </b><span style="font-family:Calibri;color:black" >Dominik Schmich <icemanno1@gmail.com><br><b>Date: </b>Thursday, November 10, 2016 at 10:30 AM<br><b>To: </b>Luiz Omori <luiz.omori@duke.edu>, "mitreid-connect@mit.edu" <mitreid-connect@mit.edu><br><b>Subject: </b>Re: [mitreid-connect] Delegated Login<o:p></o:p></span></p></div>
<div><p><o:p> </o:p></p></div>
<p>Hi Luiz, <o:p></o:p></p>
<div><p>Thanks for the answer.<o:p></o:p></p></div>
<div><p><span style="font-size:10.0pt" >Before I wrote this article I was checking in GitHub and MitreId supports the mentioned RFC. As far as I could find in the code, only for client application authentication and not end user authentication, even though the RFC is talking supporting both.</span><o:p></o:p></p></div>
<div><p>Greets,<o:p></o:p></p></div>
<div><p style="margin-bottom:12.0pt" >Dominik<o:p></o:p></p>
<div><div><p>Luiz Omori <<a href="mailto:luiz.omori@duke.edu" target="_blank" >luiz.omori@duke.edu</a>> schrieb am Do., 10. Nov. 2016, 15:30:<o:p></o:p></p></div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in" ><div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" ><span><span style="font-size:11.0pt;font-family:Calibri" >We had a similar use case and used this: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc7523&d=CwMFaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=R6m41WT3w_KtulQAsSIxc_C2mwuKoWSycEMpss0QQJA&m=vruon4vvHaIY0qCLPbRVvXrRuYSg5ceWZYi-ZEapWnA&s=80AFDYW97aqmD1dDHRKzDTWwwycE0nv8QfhogeL8Kk0&e=" target="_blank" > https://tools.ietf.org/html/rfc7523</a></span></span><o:p></o:p></p>
<p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" ><span><span style="font-size:11.0pt;font-family:Calibri" > </span></span><o:p></o:p></p>
<p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" ><span><span style="font-size:11.0pt;font-family:Calibri" >Implemented this flow through a simple overlay to MitreID.</span></span><o:p></o:p></p>
<p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" ><span><span style="font-size:11.0pt;font-family:Calibri" > </span></span><o:p></o:p></p>
<p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" ><span><span style="font-size:11.0pt;font-family:Calibri" >Regards,</span></span><o:p></o:p></p>
<p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" ><span><span style="font-size:11.0pt;font-family:Calibri" >Luiz</span></span><o:p></o:p></p>
<p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" ><span><span style="font-size:11.0pt;font-family:Calibri" > </span></span><o:p></o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in" ><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" ><span><b><span style="font-family:Calibri;color:black" >From: </span></b></span><span><span style="font-family:Calibri;color:black" ><<a href="mailto:mitreid-connect-bounces@mit.edu" target="_blank" >mitreid-connect-bounces@mit.edu</a>> on behalf of Dominik Schmich <<a href="mailto:icemanno1@gmail.com" target="_blank" >icemanno1@gmail.com</a>></span></span><br><span style="font-family:Calibri;color:black" ><span><b>Date: </b>Thursday, November 10, 2016 at 5:08 AM</span><br><span><b>To: </b>"<a href="mailto:mitreid-connect@mit.edu" target="_blank" >mitreid-connect@mit.edu</a>" <<a href="mailto:mitreid-connect@mit.edu" target="_blank" >mitreid-connect@mit.edu</a>></span><br><span><b>Subject: </b>[mitreid-connect] Delegated Login</span></span><o:p></o:p></p></div></div></div>
<div><div><div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" > <o:p></o:p></p></div>
<p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" >Hi team, <o:p></o:p></p>
<div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" >is it possible to login a resource owner/end-user authenticated by a different identiy provider?<o:p></o:p></p></div>
<div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" >Here's our use case: Partner Portal (which we trust has secure user authentication) needs a token issued by our MitreId Instance to access our resource server. Therefore can we transfer the authenticated user ID and use it to provide an access token (if required provide consent if not done yet) and avoid the user login screen?<o:p></o:p></p></div>
<div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" >Thanks,<o:p></o:p></p></div>
<div><p style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto" >Dominik<o:p></o:p></p></div></div></div></blockquote></div></div></div>
<div><font face="Default Monospace,Courier New,Courier,monospace" size="2" >_______________________________________________<br>mitreid-connect mailing list<br>mitreid-connect@mit.edu<br><a href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect" target="_blank" >http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a></font></div></blockquote>
<div dir="ltr" > </div></div>Unless stated otherwise above:<BR>
IBM United Kingdom Limited - Registered in England and Wales with number 741598. <BR>
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU<BR>
<BR>