tag:blogger.com,1999:blog-7391783704166348052.post4264305693816829850..comments2024-03-15T22:26:58.542-07:00Comments on Open Source Security: Apache CXF STS documentation - part IColm O hEigeartaighhttp://www.blogger.com/profile/10711987281965801793noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-7391783704166348052.post-35738978268278318032016-11-07T05:52:02.456-08:002016-11-07T05:52:02.456-08:00One option would be to have the clients authentica...One option would be to have the clients authenticate to an STS instead, which would issue a SAML token to the client, which the client then includes in the service call. The client caches the token for as long as the token is valid. This is the standard WS-Trust way of doing things.Colm O hEigeartaighhttps://www.blogger.com/profile/10711987281965801793noreply@blogger.comtag:blogger.com,1999:blog-7391783704166348052.post-89430927911894320532016-11-06T23:58:20.576-08:002016-11-06T23:58:20.576-08:00hello Colm, i'm looking a way for using userna...hello Colm, i'm looking a way for using usernamatoken profile but not validating username password for every call i need a solution that i can authenticate for a time period and for every call in that period get ws context with cached session like token. What is a standart way to do this for jax-wsurbanhttps://www.blogger.com/profile/01060116052157335950noreply@blogger.comtag:blogger.com,1999:blog-7391783704166348052.post-33246673024541487702011-11-14T04:56:05.611-08:002011-11-14T04:56:05.611-08:00Hi Ramesh,
Yes, the STS is only available for JAX...Hi Ramesh,<br /><br />Yes, the STS is only available for JAX-WS, as all communication follows the WS-Trust standard. What use-cases are you interested in?<br /><br />Colm.Colm O hEigeartaighhttps://www.blogger.com/profile/10711987281965801793noreply@blogger.comtag:blogger.com,1999:blog-7391783704166348052.post-50262359258735982462011-11-03T14:29:38.319-07:002011-11-03T14:29:38.319-07:00Hi Colm,
Thanks for the post. As I understand this...Hi Colm,<br />Thanks for the post. As I understand this is very similar to OAuth style of issuing and authentication verification via token. Am I correct ? And is STS only available for JAX-WS ?Anonymoushttps://www.blogger.com/profile/00131047656970853057noreply@blogger.com