Thx for reply. Ad 1) Consequently, if I am allow SSO on the server side, the client side is able to use the saml token for one service address or different service addresses. The client side has to do action if he want to use the saml token again until it expire. Hope I get it.
Ad 2) Yes I am sure that the seceond request is sent. Both methods (getshipment(proxy) & getlistshipments(proxy)) are implemented at the business service, transferservice. With the conmand Thread.sleep(900000) I want to see the error msg if the saml token is expired. Because I do not configure the Renew operation on the STS. Furthermore, I saw at the logs on the server side. All five request are sent to the server. I do not understand how the client is reauthenticated without the username and passwort. I receive this error msg on the client side: Jän 17, 2018 11:57:25 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessageInternal WARNUNG: The request is a SOAP Fault, but it is not secured Jän 17, 2018 11:57:25 AM org.apache.cxf.ws.security.trust.STSTokenRetriever renewToken WARNUNG: Error renewing a token org.apache.cxf.binding.soap.SoapFault: Implementation for this operation not found. ...and afterwards I receive the information from the output of the response on the console. Did anybody have the same problems? Regrads, Patrick -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
