Thanks for the reply. I will log a JIRA ticket. As for a workaround, I was thinking about specifying my own implementation of SAMLIssuer and using that in the saml.properties (org.apache.ws.security.saml.issuerClass) file that is in my ear. That custom implementation will then read from whatever properties file that I choose. All the other keys in the saml.properties is then effectively ignored. If that doesn't work, then I'll try to override the SAMLTokenSignedAction as you suggested.
-- View this message in context: http://cxf.547215.n5.nabble.com/WSS4JOutInterceptor-SAML-configuration-tp5721000p5721002.html Sent from the cxf-user mailing list archive at Nabble.com.
