Configuring Apache CXF-based Web Service Clients

You can configure CXF-based web service clients either programmatically or through XML configuration files. Below is a sample XML configuration.

Add the following features to cxf.xml under the top-level beans section:

<cxf:bus>
    <cxf:features>
      <cxf:logging />
      <wsa:addressing />
    </cxf:features>
  </cxf:bus>

Define the STS client with its properties as follows:

<jaxws:client name="{<your webservice target namespace>}WebServicePort"
    createdFromAPI="true">
    <jaxws:properties>
<entry key="ws-security.sts.client">
        <bean class="org.apache.cxf.ws.security.trust.STSClient">
          <constructor-arg ref="cxf" />
          <property name="wsdlLocation"
            value="https://<your idp base url>nidp/wstrust/sts?wsdl" />
          <property name="serviceName" value="{http://www.netiq.com/nam-4-0/wstrust}SecurityTokenService" />
          <property name="endpointName" value="{http://www.netiq.com/nam-4-0/wstrust}STS_Port" />
    
          <property name="wspNamespace" value="http://schemas.xmlsoap.org/ws/2004/09/policy" />
          <property name="properties">
            <map>
              <entry key="ws-security.username" value="<username to connect to idp>" />
              <entry key="ws-security.password" value="<password>" />
              <entry key="ws-security.encryption.properties" value="clientKeystore.properties" />
              <entry key="ws-security.encryption.username" value="mystskey" />
              <entry key="soap.force.doclit.bare" value="true" />
              <entry key="soap.no.validate.parts" value="true" />
            </map>
          </property>
        </bean>
      </entry>
</jaxws:clien>

You can configure ws-security.callback-handler to provide username and password programmatically. You can also configure global sts-client in cxf.xml that can be used across multiple web services. For more information about configuring Apache CXF-based web service clients, see Apache CXF.