Am 16.06.2010 00:35, schrieb Brian Eaton:
On Tue, Jun 15, 2010 at 8:54 AM, Torsten Lodderstedt
tors...@lodderstedt.net wrote:
Wouldn't it be an alternative solution, if the AS first tries to
authenticate the user using SPNEGO within the Web Server flow? This should
work in the inhouse
+1
On 2010-06-14, at 9:02 PM, Brian Eaton wrote:
On Mon, Jun 14, 2010 at 8:31 PM, Andrew Arnott andrewarn...@gmail.com wrote:
For an application I'm building, the installed client app will have
intermittent windows of time where it can obtain a (non-OAuth) assertion for
user identity.
, 2010 8:32 PM
*To:* OAuth WG (oauth@ietf.org)
*Subject:* [OAUTH-WG] Assertion flow: please add optional refresh_token in
response
For an application I'm building, the installed client app will have
intermittent windows of time where it can obtain a (non-OAuth) assertion for
user identity
Why can the client app access the AS to get an access token but not the
corporate network to get a new assertion?
How does the client app get the assertion to begin with? How did delegation
from the user happen?
Would you elaborate more on the use case so that we can understand the full
trust
)
Subject: [OAUTH-WG] Assertion flow: please add optional refresh_token in
response
For an application I'm building, the installed client app will have
intermittent windows of time where it can obtain a (non-OAuth) assertion for
user identity. During this time, it seems appropriate
Hi Dick,
Responses inline.
On Tue, Jun 15, 2010 at 7:12 AM, Dick Hardt dick.ha...@gmail.com wrote:
Why can the client app access the AS to get an access token but not the
corporate network to get a new assertion?
The corporate network where the AD lives is behind a firewall, whereas the
AS
Wouldn't it be an alternative solution, if the AS first tries to
authenticate the user using SPNEGO within the Web Server flow? This
should work in the inhouse scenario. If it fails, it can fall back to
username/password auth..
Thoughts?
regards,
Torsten.
Am 15.06.2010 um 17:19 schrieb
On Tue, Jun 15, 2010 at 8:54 AM, Torsten Lodderstedt
tors...@lodderstedt.net wrote:
Wouldn't it be an alternative solution, if the AS first tries to
authenticate the user using SPNEGO within the Web Server flow? This should
work in the inhouse scenario. If it fails, it can fall back to