Hey Emil, It is possible, but you would need to write some code in order to protect your soap endpoints based on KC tokens. Basically, what you need is a JAX-WS handler on the server that knows how to extract a token from a WS-Security header. Once you have the token you may use KC's API to validate it or even invoke a specific REST endpoint in a KC instance. What PicketLink STS provides is a WS-Trust compliant Security Token Service. Which is basically a JAX-WS endpoint that uses WS-Trust to issue/renew/validate/revoke SAML assertions. Although it is flexible enough to support other types of tokens as well. It also provides some OOTB client and server side components that you can use to protect SOAP endpoints. I think we can consider this as a RFE in order to support OOTB protection for soap endpoints based on JAX-WS. Regards. Pedro Igor ----- Original Message ----- From: "Emil Posmyk" <emil.posmyk(a)gmail.com&gt; To: keycloak-user(a)lists.jboss.org Sent: Friday, February 20, 2015 4:40:15 AM Subject: [keycloak-user] Securing war project with webservice (JAX-WS) using keycloak. Hello all It is possible to secure project with webservice using keycloak ? I saw Picketlink STS but I'm not sure it's the best solution becouse this is SAML. regards -- Emil Posmyk _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user