The STS uses an interface which is in the cxf-rt-ws-security module: https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=rt/ws/security/src/main/java/org/apache/cxf/ws/security/sts/provider;h=853c9298b6a097de3ecc25707b618450289697b5;hb=HEAD
The implementation is available here: https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=services/sts/sts-core;h=0813719f67e8b04dc1552a855ea0b4d06a33e862;hb=HEAD I'd suggest just looking at one of the systests in services/sts/systests/basic + debugging through the code flow in the STS itself. Start by putting a breakpoint in the TokenIssueOperation in the sts-core. Colm. On Thu, Jul 2, 2015 at 4:20 PM, bob45 <fuchs1...@gmx.de> wrote: > Maybe yes. It depends on the effort. But I have no clue where to start. The > CXF codebase is huge. Can you give me an idea where to start? > > Bob > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Does-the-CXF-STS-Support-WS-Trust-Challenges-tp5745337p5758786.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com