In order to support high availability and domain segregation requirements, our STS deployment will likely consist of multiple STS being deployed between two or more domains, each with their own certificate. In theory, all of the STS should trust each other, i.e., each STS should accept tokens issued by any of the other STS when passed in through the RST/ActAs element or when passed into the Validate interface. Can the CXF STS be configured with this sort of trust relationship, maybe through importing all the trusted certs into the STS keystore or trust store?
Thanx, Stephen W. Chappell
