cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <>
Subject Re: SamlTokenInterceptor
Date Fri, 04 Dec 2015 10:25:27 GMT
SamlTokenInterceptor is designed to be used with WS-SecurityPolicy, when
you have a SupportingToken policy with no security binding, just a
SamlToken policy. For example, see the "DoubleItBearerPolicy" policy here:;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl;h=70c2233daadec104fd5adf41251f016bd309061d;hb=HEAD

You could try adding the interceptor manually to the inInterceptor chain,
I'm not sure if it will work though without a security policy. The normal
way of reading SAML without WS-SecurityPolicy, is to use the "action"
approach with WSS4J, where you tell the WSS4JInInterceptor that a SAML
Token is required.


On Fri, Dec 4, 2015 at 1:22 AM, joesam <> wrote:

> Hi all,
> I am new to CXF. I am using v3.0.4.
> I have a requirement to read SAML token from a incoming SOAP header request
> and store the token for other purposes.
> I want to use SamlTokenInterceptor. Do I need to extend this class and
> override processToken method?
> Also, in <jaxws:server> configuration, do I pass this class as
> <jaxws:provider> or <jaxws:inInterceptors>?
> Example of the configuration is highly appreciated.
> Thanks in advance.
> --
> View this message in context:
> Sent from the cxf-user mailing list archive at

Colm O hEigeartaigh

Talend Community Coder

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message