Hi patch, Maybe I am not the best one to answer your question, but let me explain in more detail what happens in wsclientWebapp.
You have 3 tomcat instances: a) runs the CXF STS and Fediz IDP, b) runs the web service that requires a SAML token, c) runs the web application that is a client to the web service in (b) 1) When you log in to the web application (c), a SAML token is aquired from the IDP/STS. (When you use Fediz with the Tomcat plugin for instance, you get a FederationPrincipal by calling HttpServletRequest.getUserPrincipal(). By using the FederationPrincipal, you access the claims in the SAML token. You can also access the whole token, if you put it into ThreadLocal from a servlet filter - also in the example). 2) After logged in, when you call from the web application (c) the web service (b), a new token request is sent to the STS (a) directly (so no IDP is needed). The request contains the current SAML token as OnBehalOf. 3) The STS prepares a new token, and sends it back 4) The web application (c) calls the web service (b) by sending the second SAML token. ---- I have the feeling this is your scenario. But as I said, I am also kind of new in this topic. If you need, I can send you my three Tomcat instances, and with them you can try the above mentioned steps. Cheers, Ivan 2013/6/6 patch_78 <[email protected]> > Hi Ivan, > > I am still confused how the examples\wsclientWebapp\ fits my requirement. > It > would be very helpful if you can point out based on my requirement > described > previously. > > FYI, > in step 1) the user is authenticated by an external identity provider based > on SSO protocol. I implemented this with Spring Security - SAML extension > and managed to get SAML2 token. > After step 1) there is no IDP need, only STS/web service that issues > another > SAML token based on the one got from step 1). > > Thanks! > patch > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Get-Security-Token-tp5728824p5728838.html > Sent from the cxf-user mailing list archive at Nabble.com. >
