List, I am new to rampart. However, I managed to set up an STS and wrote client, which works fine so far. My question is related to the following scenario:
Trust Relations as follows: Client<-->STS1 Service<-->STS1 Service requires SAML Token and signature Client gets a SAML token from STS1 (1) and sends it to the service to authenticate (2). Since the Service does not know the client and therefore does not trust the client, it has to deny the request because it cannot verify signature. However, the SAML token is issued by a trusted STS (STS1) and includes the X.509 certificate with public key of the client. My questions: a) Is Rampart smart enough to extract the client's X.509 token from the trusted SAMLToken and regards it as trusted and therefore the signature? b) How does a policy for interaction (2) look like. I managed interaction (1) but struggling with interaction (2). Use a SAML token as initiator token? Thanks for your help. Regards, Peter
