Hi 1) Yes, CXF supports caching the token per user dependent on AppliesTo and Lifetime. So each component must have a different AppliesTo value.
2) This is supported. Just use the WebServiceContext API. Fixed here: https://issues.apache.org/jira/browse/CXF-4212 The following example uses this API: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/ 3) Never tested. Thanks Oli ------ Oliver Wulff Blog: http://owulff.blogspot.com Solution Architect http://coders.talend.com Talend Application Integration Division http://www.talend.com ________________________________________ From: Iván Brencsics [[email protected]] Sent: 26 May 2013 00:48 To: [email protected] Subject: WS-Trust token handling Hello, I need to design a distributed software architecture that implements SSO with WS-Trust/SAML. I have made some experiments, read the excellent blogs of the Talend colleagues, and now I have an idea how WS-Trust is working. I would just have three questions: 1) In my architecture, there are many components that call each other via SOAP. The idea is that when the first component is triggered, it acquires a SAML token from the STS, and then during the subsequent calls this single token is used until the workflow is completed. So lets say 1) the module no 1 is triggered; 2) it acquires a SAML token; 3) calls module no 2; 4) when module no 2 calls module no 3, the same SAML token is transmitted. Is this possible with the CXF implementation? 2) I need to put claims in the token (eg roles). I saw in a blog how to do that. But on the receiving side, what is the best way to evaluate the claims found in the received token? For instance, how to retrieve the role claims? Should I implement some interceptor for that? 3) I would prefer using SOAP over JMS. Is every WS-Trust operation working over JMS the same way as over HTTP? Thank you in advance. Kind regards, Ivan
