We use Apache WSS4J for WS-Security, so you may want to check that group's mailing list to determine current SAML support. I think Metro and possibly Axis2 is ahead of CXF with SAML support, but am unsure.
Glen 2008-06-30 Tim Williams wrote: > So my STS returns a SAML token that I can get as an w3c element. I'm > wondering how I can bind that token to an outgoing message and then > validate a SAMLv2 token on an incoming service call. There are > samples of, I think, something similiar using a UserNameToken with > WSS4J(In|Out)Interceptor but I'm not sure what the ACTION and Map > entries would be for a SAML Token and/or if this is the right > approach? Any help much appreciated... > --tim