Hello everyone, I am using the provided SAML Token Issuer (from rahas), according to the policy sample #05 from the Rampart distribution. I am also able to retrieve a SAML Token using a STSClient (instead of a ServiceClient). From what I observed, I can add the token to the header of the soap message, or extract a secret.
In our case here, we would like our trusted services to only respond to requests that contain a valid SAML Token issued by the STS. On the samples, it doesn't seem to make any difference on the service response whether i add the token to the request or not. I have looked through the rampart repository (junit tests) and available documentation, but it is still not clear to me how to enforce this validation. How should i proceed in order to achieve this? I would very much appreciate any kind of help or advice. Thanks and regards, Joana Trindade -- Student Intern SAP Research - Security & Trust SAP Labs France 805 Avenue du Dr. Maurice Donat 06250 Mougins T +33/492286319 F +33/492286201 Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade
