Configuring a Security Token Service (STS) for Holder-of-Key Processing
When determining which STS to use, consider the following:
![*](bullet.gif)
The STS must be able to provide a SAML 1.1 or 2.0 Holder-of-Key token to the client.
![*](bullet.gif)
The client must authenticate itself using X.509/Username/HTTP Token to the STS.
![*](bullet.gif)
STS issues a SAML assertion with the client's public key as the key information material in the token.
![*](bullet.gif)
The client uses its private key to sign the assertion before sending the request to
Mediator.
![*](bullet.gif)
There are two freely available STS implementations:
![*](bullet.gif)
Axis2
![*](bullet.gif)
JBoss PicketLink