With the latest WS-SecurityPolicy stuff on 2.2, the answer is yes. I originally had the WS-Trust13 test endpoints setup to do something similar.
Basically, you can use the STSClient we have to obtain a token from the STS, and then set that token into the request context of multple service clients. When the clients see the "IssuedToken" assertion in the policy, it will use the token from the context. Dan On Tue February 3 2009 1:35:22 pm bogdan.csoregi wrote: > On the server I have three web services: > 1. the STS > 2. WebService A - needs a security token for accessing > 3. WebService B - needs a security token for accessing > > > On the client I want to do the following: > > 1. Call A.serviceMethod() > 2. Call B.serviceMethod() > > I want that both calls to use the same security token so that: > > When the first call is done there will be a request to the STS after that I > will have a token then the service A is called with the token then the > service B is called using the same token. > > What I managed to do until now is that when the first call is done the STS > is called and I have a token then the service A is called using that token > but when the second call is done the STS is called again and it issues > another token used for the call to service B. > > Is it possible to make the second call use the token issued first? > > Even if this is not possible only by small configuration, is it possible to > do it by making an programmatic call to the STS then getting the > SAMLassertion and using it to make the calls to service A and B? -- Daniel Kulp [email protected] http://www.dankulp.com/blog
