Skip to main content

SAML audience workaround for SOAP

A new security feature named audience restriction check has been introduced in CXF 3. However, this feature is supported only in CXF versions 3.2.0 and above. Using it in earlier CXF versions causes security failures when using SAML with JMS.

As the support for audience restriction check with JMS is available only with CXF 3.2.0, a workaround that allows running SAML with JMS is needed. Setting the JAX-WS property security.sts.applies-to to the value of the QName on the consumer side, is the workaround that applies to this scenario.

For example, in case of Spring configuration, the property can be configured in the JAX-WS properties section of the consumer configuration like this:

<entry key="security.sts.applies-to" value="{http://services.talend.org/demos/Library/1.0}LibraryProvider"/>

The full example can be found in Library Service example: <TESB-HOME>/examples/tesb/library-service

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!