cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <>
Subject Re: CXF SecureConversationTest - Fails to renew SCT, no examples or tests.
Date Mon, 14 Jul 2014 11:29:11 GMT
Hi Freddy,

The patch looks good. Could you create a JIRA + attach it please?


On Fri, Jul 11, 2014 at 9:36 PM, Freddy Exposito <> wrote:

> Hi Colm,
> We are having issues working with Secure Conversation and SAML Token
> renewing (or reissuing) SCT in a (SAML1.1 + SCT) scenario (using the mock
> STS for SCTs).
> When CXF tries to renew (or reissue) and expired SCT, it includes the
> IssuedTokenOutInterceptor  in the interceptors chain (as expected) to renew
> or reissue the SAML token.
> However, the contextual properties  "ws-security.token" and
> ""  ‘received’ in the IssuedTokenOutInterceptor
> are referencing the expired SCT token (added to the context in the
> AbstractSTSClient) so it tries to renew the SCT token (created by the mock
> STS) against the SAML STS failing of course.
> If we understand right how this is working, the AbstractSTSClient.renew()
> method, when renewing the SCT, must put the token in the RCT going to the
> MockSTS but can not put the SCT in
> the context that is intended to be used by the IssuedTokenOutInterceptor
> that is expecting a SAML token to be there (and it's getting an SCT).
> The attached CXF patch fixed the issue for us and illustrate the behaviour
> we are expecting.
> Are we missing something here or it's something going on wrong in the way
> 'token' and ''
> are being copied from the STSClient to the Interceptors?
> Thanks,
> Freddy
> sct+saml-issue.patch
> <>
> --
> View this message in context:
> Sent from the cxf-dev mailing list archive at

Colm O hEigeartaigh

Talend Community Coder

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message