Hi Colm, I agree. It is probably not a good idea by default to add fields like RequestType however a pluggable way of creating the RequestSecurityTokenResponse would be great. The schema allows for many different fields and someone will probably come along next looking to add something different.
For now, I just extended TokenIssueOperation and overrode 'issueSingle' and added my requirements to 'createResponse'. Should I log a JIRA on this? Thanks, Yogesh -- View this message in context: http://cxf.547215.n5.nabble.com/CXF-STS-RequestSecurityTokenResponse-and-RequestType-tp5719848p5719862.html Sent from the cxf-user mailing list archive at Nabble.com.
