> But > the schema, does not mention about the sender-voucher method. How does the > STS, will populate the SV confirmation method ?
SenderVouches does not have any meaning in terms of a Token issued from an STS - and hence it is not supported to issue a token with SubjectConfirmation of SenderVouches from the STS. A client can generate a token themselves with SenderVouches - this is supported. Colm. On Thu, Feb 21, 2013 at 10:23 PM, kk31 <[email protected]> wrote: > Thanks for the explanation. Now i understand how the confirmation > method will be populated after looking into the wsstrust_1.3.xsd. But > the schema, does not mention about the sender-voucher method. How does the > STS, will populate the SV confirmation method ? its not mentioned in the > WSTrust schemaI have looked into the following url for understanding > different confirmation mechanisms l > < > http://fusesource.com/docs/esb/4.4.1/cxf_security/WsTrust-BasicScenario.html > > > In the sender-voucher, the following is mentionedThe STS generates a SAML > token with subject confirmation type server-vouches and returns the SAML > token in a RequestSecurityTokenReply (RSTR) message. i have look into > different sts.wsdl which was distributed from 2.7.2. I am attaching for > your > reference which does not say anything about keytype and confirmation > method. > ws-trust-1.4-service.wsdl > <http://cxf.547215.n5.nabble.com/file/n5723555/ws-trust-1.4-service.wsdl> > Your helloWorld sts wsdl have asymmetric binding with explicit mentioning > about key type and token type. But the wsdl i have looked into is > having > symmetric binding and there is no clue for saml version and token type. > In the above wsdl, by looking into the wsdl, how can i know its following > saml 2.0 and hok confirmation method > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/saml-subject-confirmation-method-tp5723511p5723555.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
