Hi Oliver, Thanks for your answers, all you recommened has been working. I followed your blogs, and managed to make running the STS, IDP, RP, and the web service client (with tomcat plugin). But only with the 1.0.0 version. In case of later Fediz releases there is problem with the tomcat keystore.
* In 1.0.0 the tomcat keytstore has a key with the following cert: CN=localhost, SHA1: FE:B6.... The IDP has this cert in its truststore * In 1.1.0-SNAPSHOT the IDP trusts this cert: CN=localhost, SHA1: A6:BC... I know very well that I could generate the keys/keystores by myself, but first I would prefer running your examples as they are, as they come out from github. Could you please share with me the tomcat keystore you are using currently, that the current IDP trusts? Thank you very much, kind regards, Ivan +49 179 3814022 2013/5/27 Oliver Wulff <owu...@talend.com> > Hi > > 1) Yes, CXF supports caching the token per user dependent on AppliesTo and > Lifetime. So each component must have a different AppliesTo value. > > 2) This is supported. Just use the WebServiceContext API. Fixed here: > https://issues.apache.org/jira/browse/CXF-4212 > > The following example uses this API: > > http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/wsclientWebapp/webservice/ > > 3) Never tested. > > Thanks > Oli > > > ------ > > Oliver Wulff > > Blog: http://owulff.blogspot.com > Solution Architect > http://coders.talend.com > > Talend Application Integration Division http://www.talend.com > > ________________________________________ > From: Iván Brencsics [ivan.brencs...@gmail.com] > Sent: 26 May 2013 00:48 > To: users@cxf.apache.org > Subject: WS-Trust token handling > > Hello, > > I need to design a distributed software architecture that implements SSO > with WS-Trust/SAML. I have made some experiments, read the excellent blogs > of the Talend colleagues, and now I have an idea how WS-Trust is working. > > I would just have three questions: > > 1) In my architecture, there are many components that call each other via > SOAP. The idea is that when the first component is triggered, it acquires a > SAML token from the STS, and then during the subsequent calls this single > token is used until the workflow is completed. So lets say 1) the module no > 1 is triggered; 2) it acquires a SAML token; 3) calls module no 2; 4) when > module no 2 calls module no 3, the same SAML token is transmitted. Is this > possible with the CXF implementation? > > 2) I need to put claims in the token (eg roles). I saw in a blog how to do > that. But on the receiving side, what is the best way to evaluate the > claims found in the received token? For instance, how to retrieve the role > claims? Should I implement some interceptor for that? > > 3) I would prefer using SOAP over JMS. Is every WS-Trust operation working > over JMS the same way as over HTTP? > > Thank you in advance. > > Kind regards, > Ivan >
