[ https://issues.jboss.org/browse/TEIID-3059?page=com.atlassian.jira.plugin... ] Ramesh Reddy commented on TEIID-3059: ------------------------------------- After spending a ton of time and building a kerberos based example and trying to test with individual client and then through Teiid, the conclusion I derived is 1) To use any WS-Security features in "ws" translator, the resource-adapter must be configured with WSDL. When WSDL is configured it exposes all the methods on the port through dynamic metadata. These methods needs to be used instead of using generic "invoke" procedure. The reason for this is, the client proxy that gets generated through "Service.create()" call takes ws-policy information in the WSDL automatically. Otherwise the onerous is on the Teiid framework to do the same (through some duplicate config or WSDL) on generic Dispatch interface. Which seems cumbersome at best. The issue is current tooling is based on "invoke" based execution, this is need to be re thought when WSDL is available. 2) As per pass-through authentication for Kerberos token to the web service from logged in user, this feature just got committed to master branch in cxf (url in above comment), so when we move up in CXF version them we can support it. I tried to see if I can patch existing code, but the change involves CXF and WSS4J modules and totally trivial. So, I say we push this until we support later version of the CXF and WSS4J. (not in 2.0.1 of wss4j) 3) wrote sample examples here https://github.com/rareddy/ws-security-examples 4) I update documentation with above -- This message was sent by Atlassian JIRA (v6.2.6#6264)