Ok I think I understand the use-case. So the idea is that the service receives a SAML Token + you want to use this as the "internal" IssuedToken? In this case, I think you can achieve it with a small modification of the STSClient. CXF has some functionality to use received tokens in ActAs/OnBehalfOf calls. See here how to extract security tokens from a request:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/ReceivedTokenCallbackHandler.java;hb=HEAD So I suggest you extend the existing STSClient + use the functionality above to just return a SecurityToken Object containing the received token. Colm. On Mon, Jul 7, 2014 at 10:00 AM, coheigea <[email protected]> wrote: > Sorry, I don't follow you. Could you outline how you expect the token flow > to work in detail? From my POV, if the STS requires an IssuedToken, the > client must obtain this token from another STS instance. > > Colm. > > > On Mon, Jul 7, 2014 at 7:47 AM, roband915 [via CXF] < > [email protected]> wrote: > > > The Shibboleth SP that we're using actually communicates with the same > STS > > as the webapplication should do. So there is only one STS. > > > > When my Shibboleth SP recieves the token from the ADFS, Isn't the ADFS > > then "aware" that there is a valid token sent to this client? So when I > via > > the webapplication call the "Issued-token" on the ADFS it can respond > with > > the already existing token? > > > > > > > > ------------------------------ > > If you reply to this email, your message will be added to the discussion > > below: > > > > > http://cxf.547215.n5.nabble.com/Issue-with-WS-Trust-using-security-tokens-SAML-assertions-tp5744142p5746057.html > > To unsubscribe from Issue with WS-Trust using security tokens/SAML > > assertions, click here > > < > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5744142&code=Y29oZWlnZWFAYXBhY2hlLm9yZ3w1NzQ0MTQyfC0xOTcwMzMwNTMz > > > > . > > NAML > > < > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Issue-with-WS-Trust-using-security-tokens-SAML-assertions-tp5744142p5746062.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
