The security policy in the WSDL is unusual to say the least. It defines an AsymmetricBinding policy, but no SignedParts/EncryptedParts so no security is actually applied to the SOAP request. I find it hard to believe that this is the desired behaviour?
The example request contains three SAML Assertions. This is also rather unusual...who is supposed to be providing these Assertions? The SAML CallbackHandler is not called by the way, because there is no SamlToken policy in the WSDL. Colm. On Thu, Mar 16, 2017 at 7:19 AM, Raffaele Sgarro <[email protected]> wrote: > I have this web service that requires SAML assertions: > > - Example request: https://hastebin.com/uducuyobuv.xml > - WSDL: https://hastebin.com/yapotuqiqu.wsdl > - XSD: https://hastebin.com/udoworowig.xsd > > I put a CallbackHandler in the SecurityConstants.SAML_CALLBACK_HANDLER key > but it is never called. > > It seems to me that the security policy does not reference SAML in any way, > so I may need to manually configure CXF. But how? > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
