Hi, I try to configure the service provider with the following steps and not sure if it is correct:
I adapt my policy in the transfer service wsdl with the following issuer tag .... <sp:SymmetricBinding> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> <sp:Issuer> <wsa:Address>https://localhost:8443/SecurityTokenService-2.6.0.1.0</wsa:Address> </sp:Issuer> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:BootstrapPolicy> <wsp:Policy> <sp:AsymmetricBinding> ... and in the second step with the following bean definitions: @Bean public List<String> transportEndpoints(){ List<String> transportendpoints = new ArrayList<String>(); transportendpoints.add("https://localhost:8443/TransferService-2.6.0.1.0"); return transportendpoints; } @Bean public StaticService transportService(){ StaticService staticservice = new StaticService(); staticservice.setEndpoints(transportEndpoints()); return staticservice; } @Bean public List<ServiceMBean> transportServices(){ List<ServiceMBean> serviceMBean = new ArrayList<ServiceMBean>(); serviceMBean.add(transportService()); return serviceMBean; } The last bean transportServices is set in the beans tokenissueoperation and tokenvalidateoperation. Hope this both steps are correct to send the received SecurityContextToken off to the STS for validation. For me it is no clear how to use my configured STS as a standalone STS. Do I have to do more configuration on the service side to establish a standalone STS or all stuff have to be done at the client/ test case side? Regards, Patrick -- View this message in context: http://cxf.547215.n5.nabble.com/These-policy-alternatives-can-not-be-satisfied-tp5782647p5782728.html Sent from the cxf-user mailing list archive at Nabble.com.