anonymous wrote : Dan, the question was whether the SAML assertion can be used as the authentication construct rather than username/pwd or a X509 certificate (as supported by the WS-Security implementation in JBossWS). So we are talking about the STS own requirements for authenticating and authorizing requests for security tokens. (This would be the item 1. in Anils post right). anonymous wrote : | Maybe you can have a single username/pwd for the ESB layer with the STS to pass in the WS-S headers. Or better some type of X509 certificate that is mutually agreed on. This is how we have currently set this up. We are currently using a username/pwd for this in the ESB but I'll look into using X509 certificate instead. Thanks, /Daniel View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4256527#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...