I am still struggling with this. Unfortunately I can't give you my code. Could you please provide an example of a policy that expresses the following requirements?
1. The client communicates with the STS and business service via SSL. 2. The SecurityHeader includes a Timestamp. 3. The business service uses SAML-Token obtained from the STS as bootstrap token. 4. The client is authenticated by the STS based on a UsernameToken. Thank you very much in advance. -- View this message in context: http://cxf.547215.n5.nabble.com/Where-to-put-sp-Timestamp-in-WS-Policy-for-RST-SCT-Issue-Request-with-Timestamp-tp5739515p5739795.html Sent from the cxf-user mailing list archive at Nabble.com.
