Am 16.06.2010 00:35, schrieb Brian Eaton:
On Tue, Jun 15, 2010 at 8:54 AM, Torsten Lodderstedt
<tors...@lodderstedt.net> wrote:
Wouldn't it be an alternative solution, if the AS first tries to
authenticate the user using SPNEGO within the Web Server flow? This should
work in the inhouse scenario. If it fails, it can fall back to
username/password auth..
This would let you skip password entry, but I think you'd still
require user confirmation to grant the access.
which is ok, if you want to involve the user in the process. So he/her
realizes what's going on.
Otherwise, the assertion workflow would be the better choice.
regards,
Torsten.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
