Hi there I'd like to double check with you whether it's ok to enhance the STSClient thus it can be used for subclassing.
My use case is: Implementation of an identity provider (for WS-Federation passive requestor profile) which is a web application and calls the new CXF STS server. In this case, I need the full RSTR instead of the security token only. I can't subclass as a lot of methods and setter/getter members are private. Do you mind that I change that to protected? Further, I must be able to pass the claims within the RST element instead of within the secondary parameters. Do you mind that I enhance the STSClient to set the claims on the STSClient class? Thanks Oli
