Hi Dan I've set up several realms of the CXF STS where each realm uses a different certificate to sign the saml assertion.
If you send a SAML token issued by Realm A to the STS Realm B, the STS will validate the SAML token issued by Realm A and issue a new SAML token. Now, there are two options, either the principals are mapped between Realm A and Realm B or the claims are transformed. I've got an example available here where the principal is mapped: https://github.com/owulff/sts_wsfed You find some information about claims transformation here (default is principal mapping): http://coheigea.blogspot.ch/2012/06/transforming-claims-and-tokens-in-cxf.html HTH ------ Oliver Wulff Blog: http://owulff.blogspot.com Solution Architect http://coders.talend.com Talend Application Integration Division http://www.talend.com ________________________________________ From: DTaylor [[email protected]] Sent: 13 July 2012 14:48 To: [email protected] Subject: STS B using token from STS A Hi All, I'm curious if anyone has experience trying to do the following setup in CXF: 1) STS A uses a username token to authenticate the user. 2) Service A uses the token from STS A, allows the user to do xyz. 3) STS B uses a token from STS A to authenticate the user. 4) Service B uses the token from STS B, allows the user to do ab&c. Has anyone done anything like this? Is it possible in CXF? Thanks, Dan -- View this message in context: http://cxf.547215.n5.nabble.com/STS-B-using-token-from-STS-A-tp5711052.html Sent from the cxf-user mailing list archive at Nabble.com.
