DefaultSecurityTokenServiceProvider

The CXF STS provides a subclass of the SecurityTokenServiceProvider to efficiently handle the most common use cases when configuring an STS. This implementation supports the issue and validate bindings by default, supports the ability to issue and validate SAML Tokens, and validates UsernameTokens and X.509 Tokens. Therefore, for any of these use cases there is no need to use the SecurityTokenServiceProvider directly, which involves explicitly instantiating each TokenProvider or TokenValidator instance and setting them on an IssueOperation/ValidateOperation instance. However, if you wish to use the renew or cancel bindings, or do anything with SecurityContextTokens, configuring SecurityTokenServiceProvider will be necessary.

The DefaultSecurityTokenServiceProvider can be configured with the following optional properties:

• boolean encryptIssuedToken - Whether to encrypt the issued token or not. The default is false.
• List<ServiceMBean> services - A list of service endpoints to support.
• boolean returnReferences - Whether to return references to an issued token or not. The default is true.
• TokenStore tokenStore - The TokenStore caching implementation to use.
• ClaimsManager claimsManager - The ClaimsManager to use if you wish to be able to handle claims.

A sample CXF configuration file showing the standard SecurityTokenServiceProvider is here, and see here for a simplified configuration using DefaultSecurityTokenServiceProvider.