You need the security constraint to trigger any kind of authentication mechanism (basic auth, form based or STS).
Would you be happy if the IDP/STS could support form based authentication as well thus your application has to care about federation only? The reason I ask is that a workaround (if possible) might be a little bit hacky... What is your criteria to use either the IDP/STS or FORM based authentication? ________________________________________ Von: ermanno.travaglino [[email protected]] Gesendet: Freitag, 13. April 2012 14:41 Bis: [email protected] Betreff: Re: AW: Enable/Disable STS Authentication You hit the mark! But for now, I'd to be able to exclude or include the STS approach. Perhaps the problem is related to security-constraint in the web.xml. Furthermore if I take off this configuration the other "filters" (authentication schema) works, but as you can imagine STS authentication doesn't work, and the client is redirected on the index.jsp without any kind of authentication. Is there a solution for this problem? Ermanno -- View this message in context: http://cxf.547215.n5.nabble.com/Enable-Disable-STS-Authentication-tp5637879p5638182.html Sent from the cxf-user mailing list archive at Nabble.com.
