Hi all I've raised the following issue some time back: https://issues.apache.org/jira/browse/CXF-3520
Right now, the STS will map the identity or the claims of the identity in two cases: - Issue request, onbehalfof (intermediary, proxy) - Validate request, tokenType not equal to status The above JIRA should support to send a SAML token in the WS-Security header. If the SAML token has been issued by another realm, either the identity is mapped or the claims transformed. 1) The WS-Security headers are processed by WSS4J whereas the onbehalfof, validatetarget, actas elements are validated by the TokenValidators. The TokenProviderParameters interface provides the authenticated principal. How can I access the already parsed SAML token? 2) Maybe we should add an instance of ReceivedToken for the token in the WS-Security header. Then, the token provider implementation can decide which information should be encoded within an issued token. 3) I had a look to the testcases of WSS4J here: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/validate/ValidatorTest.java What is the best way to add unit tests in sts-core (which is based on JAXB classes) where you can add a WS-Security header without using the whole SOAP/HTTP stack. Thoughts? Thanks Oli ------ Oliver Wulff http://owulff.blogspot.com<http://owulff.blogspot.com/> Solution Architect Talend Application Integration Division http://www.talend.com
