Before using OpenSSO Enterprise to secure web services, you must resolve the following issues:
Metadata exchange (MEX) between individual components has already been completed.
Users are authenticated to an Identity Provider.
The scope of the current Web Service Security provider plug-ins is limited to JSR 196 SPI implementation, and is only supported on Sun Application Server version 9.0 and above.
Clients using JAX-WS based applications on web or J2EE containers that do not support JSR 196 specifications must use handlers.
Clients using SAAJ based applications need to secure the messages programmatically using the OpenSSO Enterprise Client SDK.