Hi all, I use CXF 2.0.4, opensaml 1.1b and wss4j 1.5 to generate and send a SOAP message containing a signed sender-vouches SAML token to a secured Web Service deployed on a Web Logic Server. In order to do it, I set the action of the wss4joutinterceptor to "SAMLToken Signature" instead of "SAMLTokenSigned" and I configure the rest nicely: the signature only sign the saml assertion. If I use the action "SAMLTokenSigned", it is exactly the same message but the body is signed as well (I don't understand why though).
Anyway, when I send my token out, the token is rejected (the certificate and issuer and everything else on the server side is good though). The only difference I spotted when looking at a saml signed token generated with web logic is that they sign the BinarySecurity token and have an extra XML tag in the transform reference of the signature: <exc14n:InclusiveNamespaces xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="" /> ( this is useless though since the prefixlist is empty...). I am a bit confused and don't really know what to think. In addition, I can not find in the specs the section about this. Any help would be appreciated. Thanks, Benjamin Coiffe