Will the mere presence of client X.509 under supporting tokens validate client authentication. I thought SignatureTrustValidator will validate the received token against trust store for assertion. Not true? Should a message part be signed to verify client auth?
-- View this message in context: http://cxf.547215.n5.nabble.com/SecurityPolicy-Option-tp5456290p5463176.html Sent from the cxf-user mailing list archive at Nabble.com.
