Hi Apache WS-Team, first thanks for the WSS4J - library, as it really makes my life handling SAML-Authentication much easier.
I am currently working with WSS4J-1.6.16. I have the issue, that an assertion-element is not recognized as signed by WSSecurityUtil.fetchActions, when the signing takes places via an direct reference. Please find attached a xml-file of the request. Debugged down, there issues goes down to the call of "AssertionImpl.isSigned", within xmltooling.1.3.2-1. There all elements children are checked for being the signature, but the direct reference gets ignored. Do I have to retrieve the directly referenced signature manually within my CallbackHandler (using DOMCallbackLookup) or is this something WSS4J is supposed to do on it's own? Thanks for your help, Lennart
test.xml
Description: XML document
