Hello, I need to design a distributed software architecture that implements SSO with WS-Trust/SAML. I have made some experiments, read the excellent blogs of the Talend colleagues, and now I have an idea how WS-Trust is working.
I would just have three questions: 1) In my architecture, there are many components that call each other via SOAP. The idea is that when the first component is triggered, it acquires a SAML token from the STS, and then during the subsequent calls this single token is used until the workflow is completed. So lets say 1) the module no 1 is triggered; 2) it acquires a SAML token; 3) calls module no 2; 4) when module no 2 calls module no 3, the same SAML token is transmitted. Is this possible with the CXF implementation? 2) I need to put claims in the token (eg roles). I saw in a blog how to do that. But on the receiving side, what is the best way to evaluate the claims found in the received token? For instance, how to retrieve the role claims? Should I implement some interceptor for that? 3) I would prefer using SOAP over JMS. Is every WS-Trust operation working over JMS the same way as over HTTP? Thank you in advance. Kind regards, Ivan
