Good day, I've run into a situation where we are using CXF, but the client at this point wants to have a multiple STS setup as follows:
STS A: Takes a username and login, returns a SAML 1.1 token (TOKEN_A) with a basic set of claims (username, role, given name) STS B: Takes TOKEN_A, and creates a new SAML 1.1 token (TOKEN_B) from it (perhaps my phrasing here is incorrect, my apologies I'm going directly from the req's doc) with additional claims added (custom_claim1, custom_claim2, custom_claim3). Service A (SA) takes TOKEN_A as credentials, while Service B takes TOKEN_B (SB)as credentials. From our client, we want to make a series of calls to both SA and SB. My questions are: 1) Is CXF capable of this in general? 2) Is CXF able to handle this case using the WSDL 2 Java generated classes and code across the two services and two STSs? 3) For custom / manual security code, if I've retrieved a security token, TOKEN_A, using one STSClient instance, do I retrieve TOKEN_B utilizing a new STSClient instance and the method: requestSecurityToken(String appliesTo, String action, String requestType, SecurityToken target)? Thanks, Dan. -- View this message in context: http://cxf.547215.n5.nabble.com/Multiple-STS-Authentication-and-Authorization-tp5155338p5155338.html Sent from the cxf-user mailing list archive at Nabble.com.
