The Username Token Profile is about setting username/pwd through SOAP Headers. Specify the property auth type to prevent the username from being used in the HTTP header: ((BindingProvider)port).getRequestContext().put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE); SAML tokens not supported yet. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4231540#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...