Hi Gina
No, the user is not kicked out from the session and he might not have to re-enter the credentials as the browser might still have a session with ADFS. If you use kerberos (browser <-> ADFS), you don't have to log in at all. The new token is then cached in the session. The URL with the suffix /text is required for Tomcat 7. Will update that. CXF supports transport binding (my example) as well as asymmetric and symmetric binding. Could you please attach the generated wsdl file of the .NET service and ADFS? Thanks Oli ------ Oliver Wulff Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/> Solution Architect http://coders.talend.com <http://coders.talend.com>Talend Application Integration Division http://www.talend.com ________________________________ From: Gina Choi [ginacho...@gmail.com] Sent: 21 May 2012 22:54 To: Oliver Wulff Cc: users@cxf.apache.org Subject: Re: CXF supporting scope Hi Oliver, Thanks for clarification. <<< What can happen is that your web sso token is valid for 30minutes but the token for soap/http communication is valid for 35 minutes. When the web sso redirected the browser user after 30minutes, CXF will still use the cached one for the next 5 minutes. This should be fine. >>> If sso token validity period is 30 min, after 30 min, user is kicked out from current session and asked credentials again? In other words, application session is expired after 30 min? In your pom.xml file under /fediz/trunk/examples/wsclientWebapp/webservice/service/<http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/service/>, in line 54, you have this. <url>http://localhost:10080/manager</url> Without changing this line to <url>http://localhost:10080/manager/text</url>, it doesn't allow me deploy. I deployed /fedizhelloworld/secure/fedservlet successfully and try to call webservice using actas token. Do you have any requirment about web service certificate? Previously I used Symmetric bindings, so I had to import web service certificate to STS. Thanks. Gina
