What is the workflow for securing web services using SAML and is there particular implementation of ws-trust in JBoss that can be used.
Currently I have a pojo-ws (SP) deployed in JBoss AS7 using picketlink SAML handlers and the security domain configuration using SAML2STSLoginModule.
I also have a pojo-ws-client that contacts the STS (picketlink-sts) gets a token (SAML assertion) and programatically inserts the SAML assertion to the SOAP header to invoke the pojo-ws.
In this case the client knows to contact the STS but without the fact that the ws-client needs to contact the STS is there a way to initiate contacting a STS(picketlink-sts) while invoking the SP(pojo-ws)
