Hi, We are implementing SOAP web services using CXF 2.7.8 / WSS4J SAML 2.0 implementation.
Question: Is the specification part related to "Audience Restriction" implemented by CXF such that if a SAML token in SOAP request does not contain the "correct" audience restriction URI then the SAML token validation will fail? How does CXF determine the audience restriction URI of the service provider? "Audience Restriction" as described in SAML specification: "The <AudienceRestriction> element specifies that the assertion is addressed to one or more specific audiences identified by <Audience> elements. Although a SAML relying party that is outside the audiences specified is capable of drawing conclusions from an assertion, the SAML asserting party explicitly makes no representation as to accuracy or trustworthiness to such a party" Best Regards, Yossi Cohen This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
