ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gunnar G. Bergem" <>
Subject SAML token caching without an STS
Date Mon, 22 Oct 2012 12:45:27 GMT

We are using WSS4J 1.6.7 to enable SAML security for our webservice calls. Since there is
some overhead with signing and
validating the SAML assertions, we would like to cache tokens on both the client and the service
provider. However, we would like to avoid
using an STS since that would introduce a single point of failure in the organization. The
problem is that all the code I have seen in WSS4J
about caching (the TokenStore) seems to be closely related to setups using an STS. This code
exists in STSClient, STSTokenValidator etc.

Is there a way to enable caching of tokens without writing too much custom code?

We also have a question about re-sending of SAML assertions. Is there a way for the service
provider to re-use the SAML token it receives
from the client and use it in a new webservice call, where the service provider will act as
a client to a second service provider?

Best regards,
  Gunnar Gauslaa Bergem

View raw message