> If this is the case, however, why would the token I have work for accessing > the service?
The CXF runtime does not currently validate that a received SAML Assertion matches the Claims requested in the IssuedToken policy. This is something I'll take a look at implementing soon. I've merged a fix to trunk btw so that Claims will get added to an AttributeStatement even if the ClaimsAttributeStatementProvider is not specified: https://issues.apache.org/jira/browse/CXF-4320 Colm. On Tue, May 15, 2012 at 6:58 PM, DTaylor <[email protected]> wrote: > Thank you Colm I'll try that now. > > If this is the case, however, why would the token I have work for accessing > the service? > > Thanks, > Dan. > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Accessing-Claims-in-a-client-tp5698187p5707921.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
