Hi Ivan, Thanks a lot for your explanation and offer! I also have 3 tomcat instances and managed to get it work as same as you. But in my requirement, step 1) is not the same as the examples\wsclientWebapp\
+++++++++++++++++++++++++ 1) When you log in to the web application (c), a SAML token is aquired from the IDP/STS. (When you use Fediz with the Tomcat plugin for instance, you get a FederationPrincipal by calling HttpServletRequest.getUserPrincipal(). By using the FederationPrincipal, you access the claims in the SAML token. You can also access the whole token, if you put it into ThreadLocal from a servlet filter - also in the example). +++++++++++++++++++++++++ In my requirement the user is authenticated by an external identity provider based on SSO protocol. patch -- View this message in context: http://cxf.547215.n5.nabble.com/Get-Security-Token-tp5728824p5728843.html Sent from the cxf-user mailing list archive at Nabble.com.
