We have not validated whether it is possible to implement TAS3 architecture using local login approach. The local login approach has many problems, including
Each site has separate login so more burden to the user
Users are lazy and use same password on many sites, thus allowing the sites to impersonate (masquerade) their users towards other sites.
Local logins require local effort to support new better authentication methods.
Local logins necessitate local user database maintenance
Local logins require password resets to be handled locally
If you must do local login, we recommend using one-time-passwords and the Authentication Service Protocol [SOAPAuthn2] to validate the authentication centrally using an IdP.