Do you use CXF in your Java client? If yes, you can achieve that without programming just by configuration. Your WSDL of the service must contain a WS-SecurityPolicy element which defined an "IssuedToken" assertion (which means request a token from the STS). You can also configure the token type in this policy. Your jaxws:client spring bean must contain the STS Client configuration where you configure the URL of the STS and such.
If you use already the Talend STS have a look to the Talend ESB examples which is based on CXF. You can find the security example here: <talend-esb-install-dir>/examples/talend/tesb/rent-a-car/crmservice/service-endpoint-sts/src/main/resources/saml.policy You can find more information here: http://coheigea.blogspot.com/2011/09/saml-securitypolicy-enforcement-in-cxf.html HTH Oli ------ Oliver Wulff Blog: http://owulff.blogspot.com Solution Architect http://coders.talend.com Talend Application Integration Division http://www.talend.com ________________________________________ Von: ermanno.travaglino [[email protected]] Gesendet: Dienstag, 3. April 2012 14:23 Bis: [email protected] Betreff: Security Token Service Hi everybody, I would like to implement a brokered authentication with STS. My development environment is Eclipse and Tomcat, and now I have some RESTful services, available via java client, or browser after a web portal authentication. Do you could advise me to do this work in a clean and fast way? For now I have an STS, provided by Talend (war). For example, how would I write a Java client which interfaces with the STS? In other words, I need to implement a subset of WS-*, in particular WS-Trust and WS-Security... Thanks in advance. Ermanno -- View this message in context: http://cxf.547215.n5.nabble.com/Security-Token-Service-tp5614958p5614958.html Sent from the cxf-user mailing list archive at Nabble.com.
