In the STS stsstore.jks, the myidpkey is imported: keytool -import -trustcacerts -keystore stsstore.jks -storepass stsspass -alias myidpkey -file MyIDP.cer -noprompt
How does the code know how to use this keystore and certificate for verifying the UsernameToken in the requests? The following code appears to point to the keystore and the private key, but I can't see in the code how the STS is configured to find the public keys like the myidpkey: <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties"> <property name="signaturePropertiesFile" value="stsKeystore.properties" /> <property name="signatureUsername" value="mystskey" /> <property name="callbackHandlerClass" value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler" /> <property name="encryptionPropertiesFile" value="stsKeystore.properties" /> <property name="issuer" value="DoubleItSTSIssuer" /> <property name="encryptionUsername" value="myservicekey" /> </bean> Many thanks, Chris