I have a client, a business service and an STS. The scenario is as follows: 1. Client receives a SAML token from the STS. Client authenticates with a UsernameToken. (RST-Issue to STS TokenType=SAML) 2. Client uses the SAML token as bootstrap token to create a security context (RST-Issue to Business Service TokenType=SCT) 3. Client uses SCT to encrypt and sign the message payload. (Business method call)
All communication goes over TLS. Currently I am stuck at stage 2. -- View this message in context: http://cxf.547215.n5.nabble.com/Where-to-put-sp-Timestamp-in-WS-Policy-for-RST-SCT-Issue-Request-with-Timestamp-tp5739515p5739552.html Sent from the cxf-user mailing list archive at Nabble.com.
