[jboss-dev-forums] [JBoss Web Services Development] - Re: JBossSTS SOAP protocol handler
beve
do-not-reply at jboss.com
Wed Sep 23 01:52:51 EDT 2009
anonymous wrote : Dan, the question was whether the SAML assertion can be used as the authentication construct rather than username/pwd or a X509 certificate (as supported by the WS-Security implementation in JBossWS).
So we are talking about the STS own requirements for authenticating and authorizing requests for security tokens. (This would be the item 1. in Anils post right).
anonymous wrote :
| Maybe you can have a single username/pwd for the ESB layer with the STS to pass in the WS-S headers. Or better some type of X509 certificate that is mutually agreed on.
This is how we have currently set this up. We are currently using a username/pwd for this in the ESB but I'll look into using X509 certificate instead.
Thanks,
/Daniel
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4256527#4256527
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4256527
More information about the jboss-dev-forums
mailing list