Putting it on the client request context should work. The question is
though, how are you configuring that a SAML token is required? Setting the
SAML CallbackHandler is not enough - either you need to have a SamlToken
policy assertion in the WSDL (or in a local policy file) or else you need
to set
Thanks Colm
I just found an example with a WSS4JOutInterceptor and my SamlCallbackHandler
gets called now.
What I noticed: On the WSS4JOutInterceptor I have to use
ConfigurationConstants.SAML_CALLBACK_REF. When I use
SecurityConstants.SAML_CALLBACK_HANDLER instead, I get an error saying that
The xmlns:wst defines the namespace used in the message, whereas the
targetNamespace is used in the WSDL itself. Looking at the specs it appears
that the WSDL in the CXF sample started off as a WS-Trust 1.3 WSDL (which
uses the "/" for all namespaces) and was modified to make the requests
The SecurityConstants configuration tags only apply to WS-SecurityPolicy
configuration, and not when you are using the WSS4JOutInterceptor. Instead
you can use "ConfigurationConstants.SAML_CALLBACK_CLASS".
Colm.
On Tue, Sep 18, 2018 at 10:38 AM Burkard Stephan
wrote:
> Thanks Colm
>
> I just