[ https://issues.jboss.org/browse/JBWS-3831?page=com.atlassian.jira.plugin.... ] R Searls commented on JBWS-3831: -------------------------------- There has been a change in the evaluation of the "bearer" signature checking in the apache code. jbossws-cxf (5.0.0-SNAPSHOT) uses 2 updated apache archives, <cxf.version>3.0.2-SNAPSHOT</cxf.version> <wss4j.version>2.0.2-SNAPSHOT</wss4j.version> (wss4j code repo: http://svn.apache.org/repos/asf/webservices/wss4j/trunk) There was a major change in "bearer" signature identification in class, org.apache.wss4j.dom.processor.SAMLTokenProcessor. (log comment: r1624049 | coheigea | 2014-09-10 12:06:15 -0400 (Wed, 10 Sep 2014) | 1 line Record SAML Token signed results so that it can be used in SignedElements evaluation. ) Below is the diff of the most current rev (r1624049) and the prev rev (r1609062) (Used cmd svn diff -r 1609062 ./ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java ) Lines starting with (-) is the prev and lines starting with (+) are the current. There is a significant change starting with "SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(elem);" @@ -76,8 +80,15 @@ Validator validator = data.getValidator(new QName(elem.getNamespaceURI(), elem.getLocalName())); - Credential credential = handleSAMLToken(elem, data, validator, wsDocInfo); - SamlAssertionWrapper samlAssertion = credential.getSamlAssertion(); + + SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(elem); + XMLSignature xmlSignature = + verifySignatureKeysAndAlgorithms(samlAssertion, data, wsDocInfo); + List<WSDataRef> dataRefs = createDataRefs(elem, samlAssertion, xmlSignature); + + Credential credential = + handleSAMLToken(samlAssertion, data, validator, wsDocInfo); + samlAssertion = credential.getSamlAssertion(); if (LOG.isDebugEnabled()) { : : For these 2 "bearer" tests no signature is found in the message. Evaluation is continuing to determine why this is true and how to resolve it. -- This message was sent by Atlassian JIRA (v6.3.1#6329)