The following figure illustrates the process flow for a bank loan web service using a SAML 1 security token.
WSC1 authenticates to STS1 with its X509 token.
WSC1 gets to SAML1 token (owner is WSC1).
WSC1 secures web service to WSP1 with its SAML1 token.
WSP1 then authenticates to STS2 with its X509 token, and sends the SAML1 token of WSC1.
The SAML1 token is sent on behalf of the X509 token in order to convert it to SAML2 token for WSC1.
WSC2 just passes through this SAML2 token of WSC1 to WSP2.
WSC2 secures the web service to WSP2 with the SAML2 token of WSC1.
The following are configuration suggestions for the Bank Loan use case:
WSC agent - profile name is LoanRequestorService for WSC1
STSSecurity
SecurityTokenService
WSP agent - profile name is wsp for WSP1
Default
ldapService
SAML2 token
WSC agent - profile name is LoanProcessorService for WSC2
Enabled