Hello I am trying to implement WS-Trust including a policy that CXF uses to validate the received token on our application server. This part we have achieved successfully.
Be we have an additional security model which uses the TLS protocol and data from the SOAP request body to validate access to our services. Due to SSL/TLS-termination happening before the request reaches the application server, we cannot implement a policy alternative with TransportBinding. I have experimented with putting wsp:Optional="true" and wsp:Ignorable="true" on the policy specifying the AssymetricBinding but they do not seem to take effect. Is this supported by CXF? I am unfortunately locked to CXF 2.5.4 for now. Possible alternative solutions I have considered are: * Alternative policy with a custom assertion (but I believe it would require a custom policy selector as well) * Exposing two wsdl's, one with the token policy, one without the token policy. Would you recommend any of these solutions? Med venlig hilsen / Kind regards Jesper Duelund Isaksen
