Thanks Colm, Andrei & Daniel for your answers to those questions. I'm having a bit of trouble getting secure conversation working with SAML assertions on my service and I'm wondering if someone could lend some assistance.
I wanted to make sure my initial assumptions are correct before I go much further. We have an STS, service and client, all written in Java for now (C# interop coming later), where we want to create a SAML token and SCT at the STS (SAML token being based off an incoming username token). For the STS: 1) We need a port with a non-SecureConversation policy which receives a SignedEncryptedSupportingToken of type UsernameToken in order to create the SAML token. 2) We need a port with a SecureConversation policy in place. 3) The configuration needs to be provided for the various encryption and signature parameters (regular and .sct versions). For the Service: 1) We need a port with a SecureConversation policy which is secured by the SAML token from STS (1) above. 2) We need the correct configuration for the various encryption and signature parameters (regular and .sct versions). For the client: 1) We need an STS client pointing to the non-SecureConversation port which will be used to retrieve the SAML token. 2) We need an STS client pointing to the SecureConversation port which will be used to retrieve the SecureConversation token. 3) A configuration entry for the spring client which is used to access the secure conversation enabled port of the service, with the property entry "ws-security.sts.client" value pointing to the port from STS (1) above and a property entry "ws-security.sts.client.sct" value pointing to the port from STS(2) above. 4) A configuration entry for the spring client which has the non-SCT username and passwords for the certificates being used. 5) A configuration entry for the spring client which has the non-SCT username and passwords for the UsernameToken for STS(1) above. I know that's a lot to ask and a giant pain but I want to make sure I'm not missing anything or having an incorrect base assumption before asking more detailed questions re my WSDLs and configs, etc. Thanks, Dan -- View this message in context: http://cxf.547215.n5.nabble.com/WS-SecureConversation-and-SAML-assertions-tp5728643p5728809.html Sent from the cxf-user mailing list archive at Nabble.com.
