I have a scenario where my service which is an OSB need to act as a pure-passthrough service for a client sending a SAML token to a Service requiring the token. We are using wss10_saml_token_service_policy on OSB Proxy Service and wss10_saml_token_client_policy on OSB Business Service.
My question is, for this simple token, do we require to establish a trust (importing my certificate to the Server Keystore, and client's certificate into my keystore)?
I know if SSL related policies or message encryption related policies are used, trust is to be established. But is it required for this policy?