What does the security policy of vendor-sts look like? I guess it contains an IssuedToken policy to result in an infinite loop in the STSClient?
Colm. On Thu, May 23, 2019 at 10:59 AM Sölvi Páll Ásgeirsson <sol...@gmail.com> wrote: > Hello > > I'm trying to use CXF as a client towards a set of WCF services > provided by a third party. > The WCF services are protected with WS-Trust and they trust tokens > issued/signed by a certain STS, vendor-sts. The vendor-sts is a MS > ADFS 2.0(I think) service. > > I cannot authenticate directly towards the vendor-sts, but must > instead use the issuedtokenmixedsymmetricbasic256 endpoint of the > vendor-sts. The vendor-sts trusts tokens signed by a certificate of > mine and issues new ones which I can pass on to their services. > > I have (somewhat) configured CXF to be a client towards these > services, as in this gist: > https://gist.github.com/solvip/1a70f3422a67ceb7a8d66a11f740f600 > > However, this naturally results in an infinite loop as the STSClient > tries to fetch a token from vendor-sts to satisfy the vendor-sts > policy for that endpoint. > > How can I tell CXF to first contact my STS for a token to pass on > towards the vendor-sts? I've looked at the cxf sts cross_domain test; > but I'm not sure that it applies to my use case as I have no control > over the vendor STS or vendor service configuration. > > Many thanks & best regards > Sölvi > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com