1. I was trying to do authenticate + authorization with only the client certificate from TLS.
(as the <login-config>CLIENT-CERT</login-config> does in web.xml for servlets) (tomcat for example takes the Distinguished name from certificate and does autorization from a simple tomcat-users.xml file where it maps it to roles) 2. from this exact post here http://cxf.547215.n5.nabble.com/x-509-security-token-tp5150380p5485643.html i understood that by adding TransportBindging/HttpsToken + a supportingToken of typpe X509Token , "Then you would see the BST in the request" (and then use it but that is another question) And since, as i guessed, TransportBindging/HttpsToken takes its certificate from conduit tlsClientParameters, i said to myself that also the SupportingToken will will also come from tlsClientParameters, because in fact is the same from TransportBindging/HttpsToken. This was the understanding from the above link. But as you explained in your response to my post, it seems that a supportingToken of typpe X509Token comes only from the " client jaxws:properties " In any case, what i try to do is point 1. Thanks a lot. -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
