Hi Ruchith,
I'm working with SAML token and I can see that there is a STSClient class in "*org.apache.axis2.security.trust.client*.STSClient" but I'm using "* org.apache.rahas.client*.STSClient". What is the main difference between these classes? I don't understand why STS Service needs the provider service policy. Is it necessary? The requestSecurityToken method returns a token with assertion. Does it make sense to have more than one assertion in the response security token? Thanks, Nuria
