The WSHandlerConstants class defines action constants, such as SAML_TOKEN_SIGNED and SAML_TOKEN_UNSIGNED
I'm struggling to find any documentation about these action constants, after looking around a lot, I still can't find an explanation below
Comparing action constants with expected behavior, suppose to call
Which constant should be determined at the outgoing end (client) versus which constants should be defined at the incoming end (server), if the constant can be used at both ends, while its behavior changes.
What effect does each constant have on the SAML token
I am studying actions related to authentication and SAML generation.
After digging in the source, I found that WSSConfig has a default action mapping. However, action classes are only called through the WSS4JOutInterceptor.
WSS4JInInterceptor uses server-side configured actions to work if the tokens are valid, however, I was not able to determine exactly how.
I suspect there should be an easy way to find out these different combinations. In the end, I hope to have some clarity,
If a SAML marker is generated with these (X, Y, Z) characteristics, it can be successfully verified when the CXF is configured with these (A, B, C) actions and a brief explanation for each of them. Some recommendations on best practices and commonly used combinations will not hurt.