The client configuration needs a reference to a STSClient Object. See here for an example:
https://github.com/apache/cxf/blob/master/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/cxf-client.xml The service configuration requires the same as well as a custom validator for SecureConversationTokens which uses the STSClient to validate the received token: https://github.com/apache/cxf/blob/master/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/cxf-service.xml Colm. On Wed, Aug 16, 2017 at 1:25 PM, pat7 <pat.pichle...@gmail.com> wrote: > Hi, > > I try to configure the service provider with the following steps and not > sure if it is correct: > > I adapt my policy in the transfer service wsdl with the following issuer > tag > .... > <sp:SymmetricBinding> > <wsp:Policy> > <sp:ProtectionToken> > <wsp:Policy> > <sp:SecureConversationToken > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws- > securitypolicy/200702/IncludeToken/AlwaysToRecipient"> > <sp:Issuer> > > <wsa:Address>https://localhost:8443/SecurityTokenService-2.6.0.1.0 > </wsa:Address> > </sp:Issuer> > <wsp:Policy> > <sp:RequireDerivedKeys/> > <sp:BootstrapPolicy> > <wsp:Policy> > <sp:AsymmetricBinding> > ... > and in the second step with the following bean definitions: > @Bean > public List<String> transportEndpoints(){ > List<String> transportendpoints = new ArrayList<String>(); > > transportendpoints.add("https://localhost:8443/TransferService-2.6.0.1.0 > "); > return transportendpoints; > } > @Bean > public StaticService transportService(){ > StaticService staticservice = new StaticService(); > staticservice.setEndpoints(transportEndpoints()); > return staticservice; > } > @Bean > public List<ServiceMBean> transportServices(){ > List<ServiceMBean> serviceMBean = new > ArrayList<ServiceMBean>(); > serviceMBean.add(transportService()); > return serviceMBean; > } > The last bean transportServices is set in the beans tokenissueoperation and > tokenvalidateoperation. Hope this both steps are correct to send the > received SecurityContextToken off to the STS for validation. > > For me it is no clear how to use my configured STS as a standalone STS. Do > I > have to do more configuration on the service side to establish a standalone > STS or all stuff have to be done at the client/ test case side? > > Regards, > Patrick > > > > -- > View this message in context: http://cxf.547215.n5.nabble. > com/These-policy-alternatives-can-not-be-satisfied-tp5782647p5782728.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com