Hi.

After working with some examples (like http://community.jboss.org/wiki/SAMLEJBIntegrationWithPicketLinkSTS) and reading some articles I have "found" an scenario I don´t know how to deal with.

The article http://community.jboss.org/wiki/PicketLinkSecurityTokenService talks about the Web Services Trust Model. The first two steps (message flow) are:

1. The client sends a SOAP message to the Web Service

2. The Web service has a policy that requires a token. Upon receiving the request, the service checks if it has a security token. If the token is absent, the Web service asks the client to obtain a token from a trusted STS.

In the examples, the client side is aware of what kind of token the STS has to provide, but I wonder if there is any kind of handler or configuration to deal with this scenario, in which the client doesn´t know anything about the server side policies until the WS asks to obtain a token.

Thanks in advance.