Hello.
I'll probably have to try since this might be my task in the next
future. If I'll come up with something I'll contribute it back to the
project.
Thank you for the reference to the JIRA issue -- I'll put the patches there.
AL
Hi,
No, SignChallenge is not currently supported either by the STS Client or
the STS itself. Here is a JIRA that was previously raised:
https://issues.apache.org/jira/browse/CXF-4159
Are you interested in contributing this feature?
Colm.
On 20.07.2013 21:20, Al Le wrote:> Hello.
WS-Trust 1.4 spec allows the process of obtaining a security token to
consist not only of two messages (request for token, response with the
token), but also to have some intermediate requests and responses. In
these intermediate requests and responses, the STS may challenge the
token requestor to answer a challenge (e.g. to sign a randomly generated
string). Only after all challenges have been aswered correctly, would
the STS sent a real token. See e.g. chapter 8.2 (Signature Challenges)
of the WS-Trust spec.
Does the CXF's STSClient support such a protocol? I.e. can it response
to the challenges? If yes, how should it be configured to do so?
Thank you!
AL
