Does the SAML assertion appear in the security header of the request or in the body of the request? For the former, you will need to implement your own WSS4J SAML Validator, or subclass the existing one in some way:
https://github.com/apache/wss4j/blob/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java If the SAML assertion is in the SOAP Body then it's handled by the STS code, so you will need to either replace or override this class: https://github.com/apache/cxf/blob/master/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/SAMLTokenValidator.java Colm. On Tue, Aug 6, 2019 at 9:03 PM Tóth Csaba <ig...@domen.hu> wrote: > Hello! > > I have a request with the STS to validate a incoming SAML with a > certificate what come from another source: example need to query it from > a database, based on the data in the request. > > How start it? I know the SAML validation is in the deep and need the > certificate to be in a truststore. Can I give directly the certificate > as an attribute or need to create a own, custom truststore manager? > > Thanx. > > Csaba > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com