Regarding the adding of the SAML Assertion to the outgoing SOAP Security Header, perhaps a better solution would be to have the JBossSTSAction set the SAML Assertion as a ThreadLocal. This way we could write a a protocol handler for SOAP which could add the SAML Assertion to the out bound SOAP Header. This would also simplify the STSAction as it would not require the additional 'addToEsb*' options. What do you think? Regards, /Daniel View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4255005#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...