cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "pawel.jasinski" <>
Subject per request SAML assertion
Date Wed, 19 Nov 2008 12:07:07 GMT


cxf together with wss4j does not allow for SAML assertion with dynamic
subject name (different subject name for each invocation).
I have made modification to wss4j to accept the extra parameter. I am stuck
at the cxf. WSS4JOutInterceptor is the place where the arguments have to be
added, but I don't see an obvious way to add the per request parameters to
the message context.
My goal would be to make a changes which can eventually make to the trunk.
I am afraid my spontaneous creation has very high chance to violate the cxf
best practices.

My specific use case:
- servlet (tomcat) obtains the user certificate as a result of SSL client
- servlet uses cxf client to invoke a web service (SAML, encryption,

Here are some ideas:
1. servlet put the information into the thread local variable, which in turn
is repacked by WSS4JOutInterceptor 
2. more complex: 
  - define identity interceptor, it takes config (?class) which describes
how to get the identity from given application and inserts it into message
  - WSS4JOutInterceptor repacks the information.

Any pointers and/or comments will be appreciated


View this message in context:
Sent from the cxf-dev mailing list archive at

View raw message