I am not sure what the Merlin class is looking for in "org/apache/xml/security/resource/xmlsecurity
These are the keystores that I have configured: cas.authn.wsfedIdP.sts.signingKeystoreFile=/etc/cas/config/ststrust.jks cas.authn.wsfedIdP.sts.signingKeystorePassword=storepass cas.authn.wsfedIdP.sts.encryptionKeystoreFile=/etc/cas/config/stsencrypt.jks cas.authn.wsfedIdP.sts.encryptionKeystorePassword=storepass # cas.authn.wsfedIdP.sts.subjectNameIdFormat=unspecified cas.authn.wsfedIdP.sts.encryptTokens=false cas.authn.wsfedIdP.sts.realm.keystoreFile=/etc/cas/config/stscasrealm.jks cas.authn.wsfedIdP.sts.realm.keystorePassword=storepass cas.authn.wsfedIdP.sts.realm.keystoreAlias=realmcas cas.authn.wsfedIdP.sts.realm.keyPassword=cas123456 -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html