Yes, exactly. The relevant policy is here: https://gist.github.com/solvip/c842a5a13a43c24e94abf9073039cab5
Cheers Sölvi On Thu, May 30, 2019 at 10:56 AM Colm O hEigeartaigh <[email protected]> wrote: > > What does the security policy of vendor-sts look like? I guess it contains > an IssuedToken policy to result in an infinite loop in the STSClient? > > Colm. > > On Thu, May 23, 2019 at 10:59 AM Sölvi Páll Ásgeirsson <[email protected]> > wrote: > > > Hello > > > > I'm trying to use CXF as a client towards a set of WCF services > > provided by a third party. > > The WCF services are protected with WS-Trust and they trust tokens > > issued/signed by a certain STS, vendor-sts. The vendor-sts is a MS > > ADFS 2.0(I think) service. > > > > I cannot authenticate directly towards the vendor-sts, but must > > instead use the issuedtokenmixedsymmetricbasic256 endpoint of the > > vendor-sts. The vendor-sts trusts tokens signed by a certificate of > > mine and issues new ones which I can pass on to their services. > > > > I have (somewhat) configured CXF to be a client towards these > > services, as in this gist: > > https://gist.github.com/solvip/1a70f3422a67ceb7a8d66a11f740f600 > > > > However, this naturally results in an infinite loop as the STSClient > > tries to fetch a token from vendor-sts to satisfy the vendor-sts > > policy for that endpoint. > > > > How can I tell CXF to first contact my STS for a token to pass on > > towards the vendor-sts? I've looked at the cxf sts cross_domain test; > > but I'm not sure that it applies to my use case as I have no control > > over the vendor STS or vendor service configuration. > > > > Many thanks & best regards > > Sölvi > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
