cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf git commit: Applying Opensaml 3.0.x patch
Date Tue, 24 Feb 2015 11:38:45 GMT
Applying Opensaml 3.0.x patch


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2426a087
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2426a087
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2426a087

Branch: refs/heads/opensaml-3.0-port
Commit: 2426a0879b06cf6dea32004af16f96f793d568eb
Parents: a79bb05
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Feb 24 11:38:13 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Feb 24 11:38:13 2015 +0000

----------------------------------------------------------------------
 parent/pom.xml                                  |  8 +-
 pom.xml                                         |  8 ++
 .../grants/saml/Saml2BearerGrantHandler.java    |  5 +-
 .../oauth2/saml/SamlOAuthValidator.java         | 14 +--
 ...AbstractRequestAssertionConsumerHandler.java | 15 ++-
 .../saml/sso/AbstractServiceProviderFilter.java |  2 +-
 .../security/saml/sso/AuthnRequestBuilder.java  |  2 +-
 .../saml/sso/DefaultAuthnRequestBuilder.java    | 14 +--
 .../saml/sso/SAMLProtocolResponseValidator.java | 98 ++++++++------------
 .../saml/sso/SAMLSSOResponseValidator.java      | 22 ++---
 .../saml/sso/SamlPostBindingFilter.java         | 21 ++---
 .../saml/sso/SamlRedirectBindingFilter.java     |  2 +-
 .../saml/sso/SamlpRequestComponentBuilder.java  | 25 ++---
 .../saml/sso/AuthnRequestBuilderTest.java       | 14 +--
 .../security/saml/sso/SAML2CallbackHandler.java |  4 +-
 .../sso/SAML2PResponseComponentBuilder.java     | 23 ++---
 .../saml/sso/SAMLResponseValidatorTest.java     | 28 +++---
 .../saml/sso/SAMLSSOResponseValidatorTest.java  | 24 +++--
 .../rs/security/saml/AbstractSamlInHandler.java |  5 +-
 .../apache/cxf/rs/security/saml/SAMLUtils.java  |  4 +-
 .../rs/security/xml/XmlSecOutInterceptor.java   |  2 +-
 .../rs/security/xml/XmlSigOutInterceptor.java   |  4 +-
 rt/security/pom.xml                             | 22 +++++
 .../apache/cxf/rt/security/saml/SAMLUtils.java  | 14 +--
 .../AbstractXACMLAuthorizingInterceptor.java    | 34 ++++---
 .../security/xacml/RequestComponentBuilder.java |  7 +-
 .../xacml/SamlRequestComponentBuilder.java      | 13 +--
 .../rt/security/saml/SamlCallbackHandler.java   |  6 +-
 .../apache/cxf/rt/security/xacml/DummyPDP.java  | 11 +--
 .../security/xacml/XACMLRequestBuilderTest.java | 16 ++--
 .../ws/security/wss4j/SamlTokenInterceptor.java |  7 +-
 .../policyhandlers/AbstractBindingBuilder.java  | 10 +-
 .../AbstractStaxBindingHandler.java             |  6 +-
 .../AsymmetricBindingHandler.java               |  6 +-
 .../policyhandlers/SymmetricBindingHandler.java |  4 +-
 .../policyhandlers/TransportBindingHandler.java |  6 +-
 .../DefaultClaimsPolicyValidator.java           | 20 ++--
 .../IssuedTokenPolicyValidator.java             |  2 +-
 .../SamlTokenPolicyValidator.java               |  2 +-
 .../wss4j/saml/SAML1CallbackHandler.java        |  4 +-
 .../wss4j/saml/SAML2CallbackHandler.java        |  4 +-
 .../apache/cxf/sts/claims/ClaimsManager.java    | 24 ++---
 .../token/delegation/SAMLDelegationHandler.java |  8 +-
 .../sts/token/provider/SAMLTokenProvider.java   |  2 +-
 .../sts/token/provider/SamlCallbackHandler.java |  6 +-
 .../cxf/sts/token/renewer/SAMLTokenRenewer.java | 22 ++---
 .../sts/token/validator/SAMLTokenValidator.java | 10 +-
 .../cxf/sts/common/CustomClaimsHandler.java     | 13 +--
 .../cxf/sts/token/provider/SAMLClaimsTest.java  |  4 +-
 .../systest/sts/batch/SAMLBatchUnitTest.java    |  2 +-
 .../cxf/systest/sts/claims/ClaimsValidator.java | 23 +++--
 .../systest/sts/claims/StaxClaimsValidator.java | 22 ++---
 .../sts/realms/DifferentRealmValidator.java     |  2 +-
 .../sts/secure_conv/SCTSAMLTokenProvider.java   |  2 +-
 .../sts/bearer/Saml2CallbackHandler.java        |  4 +-
 .../OnBehalfOfValidator.java                    |  8 +-
 .../sts/sendervouches/Saml2CallbackHandler.java |  4 +-
 .../sts/username_actas/ActAsValidator.java      |  9 +-
 services/xkms/pom.xml                           |  2 +-
 .../security/oauth2/SamlCallbackHandler.java    |  4 +-
 .../security/oauth2/SamlCallbackHandler2.java   |  4 +-
 .../security/saml/SamlCallbackHandler.java      |  6 +-
 .../examples/saml/SamlCallbackHandler.java      |  4 +-
 .../systest/ws/saml/CustomSaml2Validator.java   |  4 +-
 .../ws/saml/PolicyDecisionPointMockImpl.java    | 12 +--
 .../ws/saml/client/SamlCallbackHandler.java     |  6 +-
 .../ws/saml/client/SamlRoleCallbackHandler.java |  6 +-
 67 files changed, 379 insertions(+), 372 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/parent/pom.xml
----------------------------------------------------------------------
diff --git a/parent/pom.xml b/parent/pom.xml
index 352244a..ce5d330 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -125,10 +125,8 @@
         <cxf.netty.version.range>[4,5)</cxf.netty.version.range>
         <cxf.oauth.bundle.version>20100527_1</cxf.oauth.bundle.version>
         <cxf.oauth.version>20100527</cxf.oauth.version>
-        <cxf.opensaml.version>2.6.1</cxf.opensaml.version>
-        <cxf.opensaml.osgi.version>2.6.1_1</cxf.opensaml.osgi.version>
-        <cxf.opensaml.xmltooling.version>1.4.0_1</cxf.opensaml.xmltooling.version>
-        <cxf.opensamlws.version>1.5.0_1</cxf.opensamlws.version>
+        <cxf.opensaml.version>3.0.0</cxf.opensaml.version>
+        <cxf.opensaml.osgi.version>3.0.0_1</cxf.opensaml.osgi.version>
         <cxf.rhino.version>1.7R2</cxf.rhino.version>
         <cxf.servlet-api.group>org.apache.geronimo.specs</cxf.servlet-api.group>
         <cxf.servlet-api.artifact>geronimo-servlet_3.0_spec</cxf.servlet-api.artifact>
@@ -147,7 +145,7 @@
         <cxf.woodstox.core.version>4.4.1</cxf.woodstox.core.version>
         <cxf.woodstox.stax2-api.version>3.1.4</cxf.woodstox.stax2-api.version>
         <cxf.wsdl4j.version>1.6.3</cxf.wsdl4j.version>
-        <cxf.wss4j.version>2.0.3</cxf.wss4j.version>
+        <cxf.wss4j.version>2.1.0-SNAPSHOT</cxf.wss4j.version>
         <cxf.xerces.version>2.11.0</cxf.xerces.version>
         <cxf.xmlbeans.version>2.6.0</cxf.xmlbeans.version>
         <cxf.xmlschema.version>2.2.1</cxf.xmlschema.version>

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index e2d362b..8e3ac45 100644
--- a/pom.xml
+++ b/pom.xml
@@ -77,6 +77,14 @@
                 <enabled>false</enabled>
             </releases>
         </repository>
+        <!-- needed for opensaml -->
+        <repository>
+            <id>shib-release</id>
+            <url>https://build.shibboleth.net/nexus/content/groups/public</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
     </repositories>
     <pluginRepositories>
         <pluginRepository>

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
index 3be0905..9dbc021 100644
--- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/grants/saml/Saml2BearerGrantHandler.java
@@ -33,7 +33,6 @@ import javax.ws.rs.core.MultivaluedMap;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-
 import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.jaxrs.utils.HttpUtils;
@@ -69,8 +68,8 @@ import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
 import org.apache.wss4j.dom.validate.Credential;
 import org.apache.wss4j.dom.validate.SamlAssertionValidator;
 import org.apache.wss4j.dom.validate.Validator;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
+import org.opensaml.xmlsec.signature.KeyInfo;
+import org.opensaml.xmlsec.signature.Signature;
 
 /**
  * The "SAML2 Bearer" grant handler

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
index dc9eb62..ffb8719 100644
--- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
@@ -29,12 +29,12 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml.saml2.core.Audience;
+import org.opensaml.saml.saml2.core.AudienceRestriction;
+import org.opensaml.saml.saml2.core.Conditions;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml.saml2.core.SubjectConfirmationData;
 
 public class SamlOAuthValidator {
     private String accessTokenServiceAddress;
@@ -116,7 +116,7 @@ public class SamlOAuthValidator {
     
     private boolean validateAuthenticationSubject(Message m, 
                                                   Conditions cs,
-                                                  org.opensaml.saml2.core.Subject subject) {
+                                                  org.opensaml.saml.saml2.core.Subject subject) {
         if (subject.getSubjectConfirmations() == null) {
             return false;
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
index e20c84f..b66c184 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractRequestAssertionConsumerHandler.java
@@ -37,7 +37,6 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 
 import org.w3c.dom.Document;
-
 import org.apache.cxf.Bus;
 import org.apache.cxf.common.i18n.BundleUtils;
 import org.apache.cxf.common.logging.LogUtils;
@@ -53,7 +52,7 @@ import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.util.DOM2Writer;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.core.xml.XMLObject;
 
 public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSSOSpHandler {
     private static final Logger LOG = 
@@ -162,7 +161,7 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
                                            String relayState,
                                            boolean postBinding) {
            
-        org.opensaml.saml2.core.Response samlResponse = 
+        org.opensaml.saml.saml2.core.Response samlResponse = 
                readSAMLResponse(postBinding, encodedSamlResponse);
 
         // Validate the Response
@@ -221,7 +220,7 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
         return requestState;
     }
     
-    private org.opensaml.saml2.core.Response readSAMLResponse(
+    private org.opensaml.saml.saml2.core.Response readSAMLResponse(
         boolean postBinding,
         String samlResponse
     ) {
@@ -276,17 +275,17 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
         } catch (WSSecurityException ex) {
             throw ExceptionUtils.toBadRequestException(ex, null);
         }
-        if (!(responseObject instanceof org.opensaml.saml2.core.Response)) {
+        if (!(responseObject instanceof org.opensaml.saml.saml2.core.Response)) {
             throw ExceptionUtils.toBadRequestException(null, null);
         }
-        return (org.opensaml.saml2.core.Response)responseObject;
+        return (org.opensaml.saml.saml2.core.Response)responseObject;
     }
     
     /**
      * Validate the received SAML Response as per the protocol
      */
     protected void validateSamlResponseProtocol(
-        org.opensaml.saml2.core.Response samlResponse
+        org.opensaml.saml.saml2.core.Response samlResponse
     ) {
         try {
             SAMLProtocolResponseValidator protocolValidator = new SAMLProtocolResponseValidator();
@@ -304,7 +303,7 @@ public abstract class AbstractRequestAssertionConsumerHandler extends AbstractSS
      */
     protected SSOValidatorResponse validateSamlSSOResponse(
         boolean postBinding,
-        org.opensaml.saml2.core.Response samlResponse,
+        org.opensaml.saml.saml2.core.Response samlResponse,
         RequestState requestState
     ) {
         try {

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
index e96566a..d3ccfac 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
@@ -61,7 +61,7 @@ import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.AuthnRequest;
 
 @PreMatching
 @Priority(Priorities.AUTHENTICATION + 1)

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java
index a7e1687..c7dc832 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilder.java
@@ -20,7 +20,7 @@
 package org.apache.cxf.rs.security.saml.sso;
 
 import org.apache.cxf.message.Message;
-import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.AuthnRequest;
 
 /**
  * This interface defines a method to create a SAML 2.0 Protocol AuthnRequest.

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java
index 9fdde89..1aff3b2 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/DefaultAuthnRequestBuilder.java
@@ -22,13 +22,13 @@ package org.apache.cxf.rs.security.saml.sso;
 import java.util.Collections;
 
 import org.apache.cxf.message.Message;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.NameIDPolicy;
+import org.opensaml.saml.saml2.core.RequestedAuthnContext;
 
 /**
  * A default implementation of the AuthnRequestBuilder interface to create a SAML 2.0

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index 0444bfa..2ec8aa0 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -57,14 +57,15 @@ import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.encryption.XMLEncryptionException;
 import org.apache.xml.security.utils.Constants;
 import org.joda.time.DateTime;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.xml.encryption.EncryptedData;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureValidator;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.ValidatorSuite;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
+import org.opensaml.security.credential.BasicCredential;
+import org.opensaml.security.x509.BasicX509Credential;
+import org.opensaml.xmlsec.encryption.EncryptedData;
+import org.opensaml.xmlsec.signature.KeyInfo;
+import org.opensaml.xmlsec.signature.Signature;
+import org.opensaml.xmlsec.signature.support.SignatureException;
+import org.opensaml.xmlsec.signature.support.SignatureValidator;
 
 /**
  * Validate a SAML (1.1 or 2.0) Protocol Response. It validates the Response against the specs,
@@ -97,7 +98,7 @@ public class SAMLProtocolResponseValidator {
      * @throws WSSecurityException
      */
     public void validateSamlResponse(
-        org.opensaml.saml2.core.Response samlResponse,
+        org.opensaml.saml.saml2.core.Response samlResponse,
         Crypto sigCrypto,
         CallbackHandler callbackHandler
     ) throws WSSecurityException {
@@ -124,13 +125,20 @@ public class SAMLProtocolResponseValidator {
             }
         }
         
-        validateResponseAgainstSchemas(samlResponse);
+        if (SAMLVersion.VERSION_20 != samlResponse.getVersion()) {
+            LOG.fine(
+                "SAML Version of " + samlResponse.getVersion()
+                + "does not equal " + SAMLVersion.VERSION_20
+            );
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+        }
+        
         validateResponseSignature(samlResponse, sigCrypto, callbackHandler);
 
         Document doc = samlResponse.getDOM().getOwnerDocument();
         // Decrypt any encrypted Assertions and add them to the Response (note that this will break any
         // signature on the Response)
-        for (org.opensaml.saml2.core.EncryptedAssertion assertion : samlResponse.getEncryptedAssertions()) {
+        for (org.opensaml.saml.saml2.core.EncryptedAssertion assertion : samlResponse.getEncryptedAssertions()) {
             
             Element decAssertion = decryptAssertion(assertion, sigCrypto, callbackHandler);
             
@@ -139,7 +147,7 @@ public class SAMLProtocolResponseValidator {
         }
 
         // Validate Assertions
-        for (org.opensaml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
+        for (org.opensaml.saml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
             SamlAssertionWrapper wrapper = new SamlAssertionWrapper(assertion);
             validateAssertion(wrapper, sigCrypto, callbackHandler, doc);
         }
@@ -153,7 +161,7 @@ public class SAMLProtocolResponseValidator {
      * @throws WSSecurityException
      */
     public void validateSamlResponse(
-        org.opensaml.saml1.core.Response samlResponse,
+        org.opensaml.saml.saml1.core.Response samlResponse,
         Crypto sigCrypto,
         CallbackHandler callbackHandler
     ) throws WSSecurityException {
@@ -182,11 +190,18 @@ public class SAMLProtocolResponseValidator {
             }
         }
         
-        validateResponseAgainstSchemas(samlResponse);
+        if (SAMLVersion.VERSION_11 != samlResponse.getVersion()) {
+            LOG.fine(
+                "SAML Version of " + samlResponse.getVersion()
+                + "does not equal " + SAMLVersion.VERSION_11
+            );
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+        }
+        
         validateResponseSignature(samlResponse, sigCrypto, callbackHandler);
 
         // Validate Assertions
-        for (org.opensaml.saml1.core.Assertion assertion : samlResponse.getAssertions()) {
+        for (org.opensaml.saml.saml1.core.Assertion assertion : samlResponse.getAssertions()) {
             SamlAssertionWrapper wrapper = new SamlAssertionWrapper(assertion);
             validateAssertion(
                 wrapper, sigCrypto, callbackHandler, samlResponse.getDOM().getOwnerDocument()
@@ -195,44 +210,10 @@ public class SAMLProtocolResponseValidator {
     }
     
     /**
-     * Validate the Response against the schemas
-     */
-    private void validateResponseAgainstSchemas(
-        org.opensaml.saml2.core.Response samlResponse
-    ) throws WSSecurityException {
-        // Validate SAML Response against schemas
-        ValidatorSuite schemaValidators = 
-            org.opensaml.Configuration.getValidatorSuite("saml2-core-schema-validator");
-        try {
-            schemaValidators.validate(samlResponse);
-        } catch (ValidationException e) {
-            LOG.log(Level.FINE, "Saml Validation error: " + e.getMessage(), e);
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
-        }
-    }
-    
-    /**
-     * Validate the Response against the schemas
-     */
-    private void validateResponseAgainstSchemas(
-        org.opensaml.saml1.core.Response samlResponse
-    ) throws WSSecurityException {
-        // Validate SAML Response against schemas
-        ValidatorSuite schemaValidators = 
-            org.opensaml.Configuration.getValidatorSuite("saml1-core-schema-validator");
-        try {
-            schemaValidators.validate(samlResponse);
-        } catch (ValidationException e) {
-            LOG.log(Level.FINE, "Saml Validation error: " + e.getMessage(), e);
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
-        }
-    }
-    
-    /**
      * Validate the Response signature (if it exists)
      */
     private void validateResponseSignature(
-        org.opensaml.saml2.core.Response samlResponse,
+        org.opensaml.saml.saml2.core.Response samlResponse,
         Crypto sigCrypto,
         CallbackHandler callbackHandler
     ) throws WSSecurityException {
@@ -250,7 +231,7 @@ public class SAMLProtocolResponseValidator {
      * Validate the Response signature (if it exists)
      */
     private void validateResponseSignature(
-        org.opensaml.saml1.core.Response samlResponse,
+        org.opensaml.saml.saml1.core.Response samlResponse,
         Crypto sigCrypto,
         CallbackHandler callbackHandler
     ) throws WSSecurityException {
@@ -340,24 +321,23 @@ public class SAMLProtocolResponseValidator {
         SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
         try {
             validator.validate(signature);
-        } catch (ValidationException ex) {
+        } catch (SignatureException ex) {
             LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
 
-        BasicX509Credential credential = new BasicX509Credential();
+        BasicCredential credential = null;
         if (samlKeyInfo.getCerts() != null) {
-            credential.setEntityCertificate(samlKeyInfo.getCerts()[0]);
+            credential = new BasicX509Credential(samlKeyInfo.getCerts()[0]);
         } else if (samlKeyInfo.getPublicKey() != null) {
-            credential.setPublicKey(samlKeyInfo.getPublicKey());
+            credential = new BasicCredential(samlKeyInfo.getPublicKey());
         } else {
             LOG.fine("Can't get X509Certificate or PublicKey to verify signature");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
-        SignatureValidator sigValidator = new SignatureValidator(credential);
         try {
-            sigValidator.validate(signature);
-        } catch (ValidationException ex) {
+            SignatureValidator.validate(signature, credential);
+        } catch (SignatureException ex) {
             LOG.log(Level.FINE, "Error in validating the SAML Signature: " + ex.getMessage(), ex);
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
@@ -432,7 +412,7 @@ public class SAMLProtocolResponseValidator {
     }
     
     private Element decryptAssertion(
-        org.opensaml.saml2.core.EncryptedAssertion assertion, Crypto sigCrypto, CallbackHandler callbackHandler
+        org.opensaml.saml.saml2.core.EncryptedAssertion assertion, Crypto sigCrypto, CallbackHandler callbackHandler
     ) throws WSSecurityException {
         EncryptedData encryptedData = assertion.getEncryptedData();
         Element encryptedDataDOM = encryptedData.getDOM();

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index e0117d4..e89216e 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -28,8 +28,8 @@ import org.apache.cxf.common.logging.LogUtils;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
 import org.apache.wss4j.common.util.DOM2Writer;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml.saml2.core.AudienceRestriction;
+import org.opensaml.saml.saml2.core.AuthnStatement;
 
 /**
  * Validate a SAML 2.0 Protocol Response according to the Web SSO profile. The Response
@@ -70,7 +70,7 @@ public class SAMLSSOResponseValidator {
      * @throws WSSecurityException
      */
     public SSOValidatorResponse validateSamlResponse(
-        org.opensaml.saml2.core.Response samlResponse,
+        org.opensaml.saml.saml2.core.Response samlResponse,
         boolean postBinding
     ) throws WSSecurityException {
         // Check the Issuer
@@ -94,7 +94,7 @@ public class SAMLSSOResponseValidator {
         // Validate Assertions
         boolean foundValidSubject = false;
         Date sessionNotOnOrAfter = null;
-        for (org.opensaml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
+        for (org.opensaml.saml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
             // Check the Issuer
             if (assertion.getIssuer() == null) {
                 LOG.fine("Assertion Issuer must not be null");
@@ -111,7 +111,7 @@ public class SAMLSSOResponseValidator {
             // Check for AuthnStatements and validate the Subject accordingly
             if (assertion.getAuthnStatements() != null
                 && !assertion.getAuthnStatements().isEmpty()) {
-                org.opensaml.saml2.core.Subject subject = assertion.getSubject();
+                org.opensaml.saml.saml2.core.Subject subject = assertion.getSubject();
                 if (validateAuthenticationSubject(subject, assertion.getID(), postBinding)) {
                     validateAudienceRestrictionCondition(assertion.getConditions());
                     foundValidSubject = true;
@@ -151,7 +151,7 @@ public class SAMLSSOResponseValidator {
     /**
      * Validate the Issuer (if it exists)
      */
-    private void validateIssuer(org.opensaml.saml2.core.Issuer issuer) throws WSSecurityException {
+    private void validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer) throws WSSecurityException {
         if (issuer == null) {
             return;
         }
@@ -176,7 +176,7 @@ public class SAMLSSOResponseValidator {
      * Validate the Subject (of an Authentication Statement).
      */
     private boolean validateAuthenticationSubject(
-        org.opensaml.saml2.core.Subject subject, String id, boolean postBinding
+        org.opensaml.saml.saml2.core.Subject subject, String id, boolean postBinding
     ) throws WSSecurityException {
         if (subject.getSubjectConfirmations() == null) {
             return false;
@@ -184,7 +184,7 @@ public class SAMLSSOResponseValidator {
         
         boolean foundBearerSubjectConf = false;
         // We need to find a Bearer Subject Confirmation method
-        for (org.opensaml.saml2.core.SubjectConfirmation subjectConf 
+        for (org.opensaml.saml.saml2.core.SubjectConfirmation subjectConf 
             : subject.getSubjectConfirmations()) {
             if (SAML2Constants.CONF_BEARER.equals(subjectConf.getMethod())) {
                 foundBearerSubjectConf = true;
@@ -199,7 +199,7 @@ public class SAMLSSOResponseValidator {
      * Validate a (Bearer) Subject Confirmation
      */
     private void validateSubjectConfirmation(
-        org.opensaml.saml2.core.SubjectConfirmationData subjectConfData, String id, boolean postBinding
+        org.opensaml.saml.saml2.core.SubjectConfirmationData subjectConfData, String id, boolean postBinding
     ) throws WSSecurityException {
         if (subjectConfData == null) {
             LOG.fine("Subject Confirmation Data of a Bearer Subject Confirmation is null");
@@ -257,7 +257,7 @@ public class SAMLSSOResponseValidator {
     }
     
     private void validateAudienceRestrictionCondition(
-        org.opensaml.saml2.core.Conditions conditions
+        org.opensaml.saml.saml2.core.Conditions conditions
     ) throws WSSecurityException {
         if (conditions == null) {
             LOG.fine("Conditions are null");
@@ -280,7 +280,7 @@ public class SAMLSSOResponseValidator {
             for (AudienceRestriction audienceRestriction : audienceRestrictions) {
                 if (audienceRestriction.getAudiences() != null) {
                     boolean matchFound = false;
-                    for (org.opensaml.saml2.core.Audience audience : audienceRestriction.getAudiences()) {
+                    for (org.opensaml.saml.saml2.core.Audience audience : audienceRestriction.getAudiences()) {
                         if (appliesTo.equals(audience.getAudienceURI())) {
                             matchFound = true;
                             oneMatchFound = true;

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
index 96b6f94..3f2f09f 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
@@ -28,7 +28,6 @@ import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.Response;
 
 import org.w3c.dom.Element;
-
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.jaxrs.ext.MessageContextImpl;
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
@@ -40,13 +39,13 @@ import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.util.DOM2Writer;
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.saml.common.SignableSAMLObject;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.security.x509.BasicX509Credential;
+import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
+import org.opensaml.xmlsec.signature.KeyInfo;
+import org.opensaml.xmlsec.signature.Signature;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
 
 public class SamlPostBindingFilter extends AbstractServiceProviderFilter {
     
@@ -151,9 +150,7 @@ public class SamlPostBindingFilter extends AbstractServiceProviderFilter {
         signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
         signature.setSignatureAlgorithm(sigAlgo);
         
-        BasicX509Credential signingCredential = new BasicX509Credential();
-        signingCredential.setEntityCertificate(issuerCerts[0]);
-        signingCredential.setPrivateKey(privateKey);
+        BasicX509Credential signingCredential = new BasicX509Credential(issuerCerts[0], privateKey);
 
         signature.setSigningCredential(signingCredential);
 
@@ -163,7 +160,7 @@ public class SamlPostBindingFilter extends AbstractServiceProviderFilter {
         try {
             KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
             signature.setKeyInfo(keyInfo);
-        } catch (org.opensaml.xml.security.SecurityException ex) {
+        } catch (org.opensaml.security.SecurityException ex) {
             throw new Exception(
                     "Error generating KeyInfo from signing credential", ex);
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
index dff282b..1b0ed7a 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
@@ -42,7 +42,7 @@ import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.util.DOM2Writer;
 import org.apache.xml.security.utils.Base64;
-import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.AuthnRequest;
 
 public class SamlRedirectBindingFilter extends AbstractServiceProviderFilter {
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
index 5ce3529..74f9b27 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
@@ -24,17 +24,17 @@ import java.util.List;
 import java.util.UUID;
 
 import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLObjectBuilder;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnContextDeclRef;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.saml.common.SAMLObjectBuilder;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml.saml2.core.AuthnContextDeclRef;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.NameIDPolicy;
+import org.opensaml.saml.saml2.core.RequestedAuthnContext;
 
 /**
 * A set of utility methods to construct SAMLP Request statements
@@ -51,7 +51,8 @@ public final class SamlpRequestComponentBuilder {
     
     private static volatile SAMLObjectBuilder<AuthnContextClassRef> requestedAuthnCtxClassRefBuilder;
     
-    private static volatile XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+    private static volatile XMLObjectBuilderFactory builderFactory = 
+        XMLObjectProviderRegistrySupport.getBuilderFactory();
     
     private SamlpRequestComponentBuilder() {
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
index 25d5f90..93b0230 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/AuthnRequestBuilderTest.java
@@ -30,13 +30,13 @@ import org.w3c.dom.Element;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageImpl;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.NameIDPolicy;
+import org.opensaml.saml.saml2.core.RequestedAuthnContext;
 
 /**
  * Some unit tests for the SamlpRequestComponentBuilder and AuthnRequestBuilder

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java
index e1ac491..d298f7d 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2CallbackHandler.java
@@ -30,8 +30,8 @@ import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.bean.KeyInfoBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.bean.Version;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.opensaml.common.SAMLVersion;
 
 /**
  * A Callback Handler implementation for a SAML 2 assertion. By default it creates an
@@ -57,7 +57,7 @@ public class SAML2CallbackHandler extends AbstractSAMLCallbackHandler {
         for (int i = 0; i < callbacks.length; i++) {
             if (callbacks[i] instanceof SAMLCallback) {
                 SAMLCallback callback = (SAMLCallback) callbacks[i];
-                callback.setSamlVersion(SAMLVersion.VERSION_20);
+                callback.setSamlVersion(Version.SAML_20);
                 callback.setIssuer(issuer);
                 if (conditions != null) {
                     callback.setConditions(conditions);

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2PResponseComponentBuilder.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2PResponseComponentBuilder.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2PResponseComponentBuilder.java
index a902cbc..1ab4daa 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2PResponseComponentBuilder.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAML2PResponseComponentBuilder.java
@@ -22,16 +22,16 @@ package org.apache.cxf.rs.security.saml.sso;
 import java.util.UUID;
 
 import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLObjectBuilder;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.saml.common.SAMLObjectBuilder;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.Status;
+import org.opensaml.saml.saml2.core.StatusCode;
+import org.opensaml.saml.saml2.core.StatusMessage;
 
 /**
 * A (basic) set of utility methods to construct SAML 2.0 Protocol Response statements
@@ -50,7 +50,8 @@ public final class SAML2PResponseComponentBuilder {
     
     private static SAMLObjectBuilder<AuthnContextClassRef> authnContextClassRefBuilder;
     
-    private static XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+    private static XMLObjectBuilderFactory builderFactory = 
+        XMLObjectProviderRegistrySupport.getBuilderFactory();
     
     private SAML2PResponseComponentBuilder() {
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
index 6717813..fc9600e 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
@@ -47,16 +47,16 @@ import org.apache.wss4j.common.saml.builder.SAML2Constants;
 import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.dom.WSSConfig;
 import org.joda.time.DateTime;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.common.SignableSAMLObject;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.Status;
+import org.opensaml.security.x509.BasicX509Credential;
+import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
+import org.opensaml.xmlsec.signature.KeyInfo;
+import org.opensaml.xmlsec.signature.Signature;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
 
 /**
  * Some unit tests for the SAMLProtocolResponseValidator.
@@ -830,10 +830,8 @@ public class SAMLResponseValidatorTest extends org.junit.Assert {
 
         signature.setSignatureAlgorithm(sigAlgo);
 
-        BasicX509Credential signingCredential = new BasicX509Credential();
-        signingCredential.setEntityCertificate(issuerCerts[0]);
-        signingCredential.setPrivateKey(privateKey);
-
+        BasicX509Credential signingCredential = 
+            new BasicX509Credential(issuerCerts[0], privateKey);
         signature.setSigningCredential(signingCredential);
 
         if (useKeyInfo) {
@@ -843,7 +841,7 @@ public class SAMLResponseValidatorTest extends org.junit.Assert {
             try {
                 KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
                 signature.setKeyInfo(keyInfo);
-            } catch (org.opensaml.xml.security.SecurityException ex) {
+            } catch (org.opensaml.security.SecurityException ex) {
                 throw new Exception(
                         "Error generating KeyInfo from signing credential", ex);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
index 7855c29..9d886c3 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidatorTest.java
@@ -46,15 +46,15 @@ import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
 import org.apache.wss4j.common.util.Loader;
 import org.joda.time.DateTime;
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.saml.common.SignableSAMLObject;
+import org.opensaml.saml.saml2.core.AuthnStatement;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.Status;
+import org.opensaml.security.x509.BasicX509Credential;
+import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
+import org.opensaml.xmlsec.signature.KeyInfo;
+import org.opensaml.xmlsec.signature.Signature;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
 
 /**
  * Some unit tests for the SAMLSSOResponseValidator.
@@ -665,9 +665,7 @@ public class SAMLSSOResponseValidatorTest extends org.junit.Assert {
 
         signature.setSignatureAlgorithm(sigAlgo);
 
-        BasicX509Credential signingCredential = new BasicX509Credential();
-        signingCredential.setEntityCertificate(issuerCerts[0]);
-        signingCredential.setPrivateKey(privateKey);
+        BasicX509Credential signingCredential = new BasicX509Credential(issuerCerts[0], privateKey);
 
         signature.setSigningCredential(signingCredential);
 
@@ -678,7 +676,7 @@ public class SAMLSSOResponseValidatorTest extends org.junit.Assert {
             try {
                 KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
                 signature.setKeyInfo(keyInfo);
-            } catch (org.opensaml.xml.security.SecurityException ex) {
+            } catch (org.opensaml.security.SecurityException ex) {
                 throw new Exception(
                         "Error generating KeyInfo from signing credential", ex);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
index 9d5d257..a8a1be3 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
@@ -37,7 +37,6 @@ import javax.ws.rs.core.Response;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
@@ -66,8 +65,8 @@ import org.apache.wss4j.dom.validate.Credential;
 import org.apache.wss4j.dom.validate.SamlAssertionValidator;
 import org.apache.wss4j.dom.validate.Validator;
 import org.apache.xml.security.signature.XMLSignature;
-import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
+import org.opensaml.xmlsec.signature.KeyInfo;
+import org.opensaml.xmlsec.signature.Signature;
 
 @PreMatching
 public abstract class AbstractSamlInHandler implements ContainerRequestFilter {

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
index f9ef27e..c19d199 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
@@ -37,7 +37,7 @@ import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml.saml2.core.NameID;
 
 public final class SAMLUtils {
     private static final Logger LOG = 
@@ -48,7 +48,7 @@ public final class SAMLUtils {
     }
     
     public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) {
-        org.opensaml.saml2.core.Subject s = assertionW.getSaml2().getSubject();
+        org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject();
         Subject subject = new Subject();
         NameID nameId = s.getNameID();
         subject.setNameQualifier(nameId.getNameQualifier());

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
index 16ac06f..602f5bc 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
@@ -67,7 +67,7 @@ import org.apache.xml.security.stax.securityToken.SecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
 import org.apache.xml.security.utils.Constants;
 import org.apache.xml.security.utils.EncryptionConstants;
-import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
 
 /**
  * A new StAX-based interceptor for creating messages with XML Signature + Encryption content.

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
index d7379ae..9c415ee 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
@@ -30,7 +30,6 @@ import javax.xml.namespace.QName;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.DOMUtils;
@@ -44,7 +43,8 @@ import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.transforms.Transforms;
 import org.apache.xml.security.utils.Constants;
-import org.opensaml.xml.signature.SignatureConstants;
+
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
 
 //TODO: Make sure that enveloped signatures can be applied to individual
 //      child nodes of an envelope root element, a new property such as 

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/security/pom.xml
----------------------------------------------------------------------
diff --git a/rt/security/pom.xml b/rt/security/pom.xml
index 1a1ca60..1d487f2 100644
--- a/rt/security/pom.xml
+++ b/rt/security/pom.xml
@@ -47,6 +47,28 @@
             <version>${cxf.wss4j.version}</version>
         </dependency>
         <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-xacml-impl</artifactId>
+            <version>${cxf.opensaml.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.findbugs</groupId>
+                    <artifactId>jsr305</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-xacml-saml-impl</artifactId>
+            <version>${cxf.opensaml.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.findbugs</groupId>
+                    <artifactId>jsr305</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-jdk14</artifactId>
             <scope>test</scope>

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
index 69c3a6d..bec5702 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
@@ -30,10 +30,10 @@ import org.apache.cxf.rt.security.claims.Claim;
 import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.rt.security.claims.SAMLClaim;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.saml2.core.Attribute;
+import org.opensaml.saml.saml2.core.AttributeStatement;
 
 public final class SAMLUtils {
     
@@ -67,11 +67,11 @@ public final class SAMLUtils {
                 }
             }
         } else {
-            List<org.opensaml.saml1.core.AttributeStatement> attributeStatements = 
+            List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = 
                 assertion.getSaml1().getAttributeStatements();
             
-            for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements) {
-                for (org.opensaml.saml1.core.Attribute atr : statement.getAttributes()) {
+            for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
+                for (org.opensaml.saml.saml1.core.Attribute atr : statement.getAttributes()) {
                     SAMLClaim claim = new SAMLClaim();
                     
                     String claimType = atr.getAttributeName();

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
index 51e45cd..c0e6da0 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
@@ -128,25 +128,29 @@ public abstract class AbstractXACMLAuthorizingInterceptor extends AbstractPhaseI
         
         ResponseType response = performRequest(request, message);
         
-        ResultType result = response.getResult();
+        List<ResultType> results = response.getResults();
         
-        // Handle any Obligations returned by the PDP
-        handleObligations(request, principal, message, result);
-        
-        if (result == null) {
+        if (results == null) {
             return false;
         }
-
-        DECISION decision = result.getDecision() != null ? result.getDecision().getDecision() : DECISION.Deny; 
-        String code = "";
-        String statusMessage = "";
-        if (result.getStatus() != null) {
-            StatusType status = result.getStatus();
-            code = status.getStatusCode() != null ? status.getStatusCode().getValue() : "";
-            statusMessage = status.getStatusMessage() != null ? status.getStatusMessage().getValue() : "";
+        
+        for (ResultType result : results) {
+            // Handle any Obligations returned by the PDP
+            handleObligations(request, principal, message, result);
+            
+            DECISION decision = result.getDecision() != null ? result.getDecision().getDecision() : DECISION.Deny; 
+            String code = "";
+            String statusMessage = "";
+            if (result.getStatus() != null) {
+                StatusType status = result.getStatus();
+                code = status.getStatusCode() != null ? status.getStatusCode().getValue() : "";
+                statusMessage = status.getStatusMessage() != null ? status.getStatusMessage().getValue() : "";
+            }
+            LOG.fine("XACML authorization result: " + decision + ", code: " + code + ", message: " + statusMessage);
+            return decision == DECISION.Permit;
         }
-        LOG.fine("XACML authorization result: " + decision + ", code: " + code + ", message: " + statusMessage);
-        return decision == DECISION.Permit;
+        
+        return false;
     }
     
     public abstract ResponseType performRequest(RequestType request, Message message) throws Exception;

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilder.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilder.java b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilder.java
index c73bfd3..1086364 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilder.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilder.java
@@ -21,7 +21,8 @@ package org.apache.cxf.rt.security.xacml;
 
 import java.util.List;
 
-import org.opensaml.Configuration;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.xacml.XACMLObjectBuilder;
 import org.opensaml.xacml.ctx.ActionType;
 import org.opensaml.xacml.ctx.AttributeType;
@@ -31,7 +32,6 @@ import org.opensaml.xacml.ctx.RequestType;
 import org.opensaml.xacml.ctx.ResourceContentType;
 import org.opensaml.xacml.ctx.ResourceType;
 import org.opensaml.xacml.ctx.SubjectType;
-import org.opensaml.xml.XMLObjectBuilderFactory;
 
 /**
  * A set of utility methods to construct XACML 2.0 Request statements
@@ -51,7 +51,8 @@ public final class RequestComponentBuilder {
     
     private static volatile XACMLObjectBuilder<RequestType> requestTypeBuilder;
     
-    private static volatile XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+    private static volatile XMLObjectBuilderFactory builderFactory = 
+        XMLObjectProviderRegistrySupport.getBuilderFactory();
     
     private RequestComponentBuilder() {
         // complete

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilder.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilder.java b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilder.java
index 1928f63..353815c 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilder.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilder.java
@@ -22,15 +22,15 @@ package org.apache.cxf.rt.security.xacml;
 import java.util.UUID;
 
 import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.SAMLObjectBuilder;
-import org.opensaml.common.SAMLVersion;
-import org.opensaml.saml2.core.Issuer;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.saml.common.SAMLObjectBuilder;
+import org.opensaml.saml.common.SAMLVersion;
+import org.opensaml.saml.saml2.core.Issuer;
 import org.opensaml.xacml.XACMLObjectBuilder;
 import org.opensaml.xacml.ctx.RequestType;
 import org.opensaml.xacml.profile.saml.SAMLProfileConstants;
 import org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType;
-import org.opensaml.xml.XMLObjectBuilderFactory;
 
 /**
  * A set of utility methods to construct XACML SAML Request statements, based on the
@@ -41,7 +41,8 @@ public final class SamlRequestComponentBuilder {
     
     private static volatile SAMLObjectBuilder<Issuer> issuerBuilder;
     
-    private static volatile XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+    private static volatile XMLObjectBuilderFactory builderFactory = 
+        XMLObjectProviderRegistrySupport.getBuilderFactory();
     
     private SamlRequestComponentBuilder() {
         // complete

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java
----------------------------------------------------------------------
diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java b/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java
index ba8220a..6703ac5 100644
--- a/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java
+++ b/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java
@@ -31,9 +31,9 @@ import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.bean.AttributeBean;
 import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.bean.Version;
 import org.apache.wss4j.common.saml.builder.SAML1Constants;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.opensaml.common.SAMLVersion;
 
 /**
  * A CallbackHandler instance to mock up a SAML Attribute Assertion.
@@ -60,9 +60,9 @@ public class SamlCallbackHandler implements CallbackHandler {
             if (callbacks[i] instanceof SAMLCallback) {
                 SAMLCallback callback = (SAMLCallback) callbacks[i];
                 if (saml2) {
-                    callback.setSamlVersion(SAMLVersion.VERSION_20);
+                    callback.setSamlVersion(Version.SAML_20);
                 } else {
-                    callback.setSamlVersion(SAMLVersion.VERSION_11);
+                    callback.setSamlVersion(Version.SAML_11);
                 }
 
                 callback.setIssuer("sts");

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyPDP.java
----------------------------------------------------------------------
diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyPDP.java b/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyPDP.java
index 39b3c99..45222b3 100644
--- a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyPDP.java
+++ b/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/DummyPDP.java
@@ -30,12 +30,12 @@ import javax.xml.transform.dom.DOMSource;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.rt.security.xacml.pdp.api.PolicyDecisionPoint;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
-import org.opensaml.Configuration;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.xacml.XACMLObjectBuilder;
 import org.opensaml.xacml.ctx.AttributeType;
 import org.opensaml.xacml.ctx.DecisionType;
@@ -46,7 +46,6 @@ import org.opensaml.xacml.ctx.ResultType;
 import org.opensaml.xacml.ctx.StatusCodeType;
 import org.opensaml.xacml.ctx.StatusType;
 import org.opensaml.xacml.ctx.SubjectType;
-import org.opensaml.xml.XMLObjectBuilderFactory;
 
 /**
  * A test implementation of AbstractXACMLAuthorizingInterceptor. It just mocks up a Response
@@ -90,7 +89,7 @@ public class DummyPDP implements PolicyDecisionPoint {
     }
 
     private ResponseType createResponse(DECISION decision) {
-        XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+        XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
         
         @SuppressWarnings("unchecked")
         XACMLObjectBuilder<ResponseType> responseTypeBuilder = 
@@ -130,7 +129,7 @@ public class DummyPDP implements PolicyDecisionPoint {
         result.setStatus(status);
         
         ResponseType response = responseTypeBuilder.buildObject();
-        response.setResult(result);
+        response.getResults().add(result);
         return response;
     }
 
@@ -141,7 +140,7 @@ public class DummyPDP implements PolicyDecisionPoint {
                 List<AttributeType> attributes = subject.getAttributes();
                 if (attributes != null) {
                     for (AttributeType attribute : attributes) {
-                        if (XACMLConstants.SUBJECT_ROLE.equals(attribute.getAttributeID())) {
+                        if (XACMLConstants.SUBJECT_ROLE.equals(attribute.getAttributeId())) {
                             return attribute.getAttributeValues().get(0).getValue();
                         }
                     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java
----------------------------------------------------------------------
diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java b/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java
index c746336..29ab5d5 100644
--- a/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java
+++ b/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java
@@ -164,17 +164,17 @@ public class XACMLRequestBuilderTest extends org.junit.Assert {
         boolean resourceURISatisfied = false;
         for (AttributeType attribute : resource.getAttributes()) {
             String attributeValue = attribute.getAttributeValues().get(0).getValue();
-            if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeID())
+            if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId())
                 && "{http://www.example.org/contract/DoubleIt}DoubleItService#DoubleIt".equals(
                     attributeValue)) {
                 resourceIdSatisfied = true;
-            } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeID())
+            } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId())
                 && service.equals(attributeValue)) {
                 soapServiceSatisfied = true;
-            } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeID())
+            } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId())
                 && operation.equals(attributeValue)) {
                 soapOperationSatisfied = true;
-            } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeID())
+            } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId())
                 && resourceURL.equals(attributeValue)) {
                 resourceURISatisfied = true;
             }
@@ -221,16 +221,16 @@ public class XACMLRequestBuilderTest extends org.junit.Assert {
             service + "#" + operation;
         for (AttributeType attribute : resource.getAttributes()) {
             String attributeValue = attribute.getAttributeValues().get(0).getValue();
-            if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeID())
+            if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId())
                 && expectedResourceId.equals(attributeValue)) {
                 resourceIdSatisfied = true;
-            } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeID())
+            } else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId())
                 && service.equals(attributeValue)) {
                 soapServiceSatisfied = true;
-            } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeID())
+            } else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId())
                 && operation.equals(attributeValue)) {
                 soapOperationSatisfied = true;
-            } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeID())
+            } else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId())
                 && resourceURL.equals(attributeValue)) {
                 resourceURISatisfied = true;
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
index 0c39dbf..ea9d4b4 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
@@ -51,6 +51,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.Version;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDocInfo;
 import org.apache.wss4j.dom.WSSConfig;
@@ -66,7 +67,7 @@ import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.SamlToken;
 import org.apache.wss4j.policy.model.SamlToken.SamlTokenType;
-import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml.common.SAMLVersion;
 
 /**
  * An interceptor to create and add a SAML token to the security header of an outbound
@@ -267,12 +268,12 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor {
         SAMLCallback samlCallback = new SAMLCallback();
         SamlTokenType tokenType = token.getSamlTokenType();
         if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
-            samlCallback.setSamlVersion(SAMLVersion.VERSION_11);
+            samlCallback.setSamlVersion(Version.SAML_11);
             assertPolicy(aim, "WssSamlV11Token10");
             assertPolicy(aim, "WssSamlV11Token11");
             
         } else if (tokenType == SamlTokenType.WssSamlV20Token11) {
-            samlCallback.setSamlVersion(SAMLVersion.VERSION_20);
+            samlCallback.setSamlVersion(Version.SAML_20);
             assertPolicy(aim, "WssSamlV20Token11");
         }
         SAMLUtil.doSAMLCallback(handler, samlCallback);

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index bb8f9bf..a6cd14a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -87,6 +87,7 @@ import org.apache.wss4j.common.principal.UsernameTokenPrincipal;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.Version;
 import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
@@ -139,7 +140,6 @@ import org.apache.wss4j.policy.model.Wss10;
 import org.apache.wss4j.policy.model.Wss11;
 import org.apache.wss4j.policy.model.X509Token;
 import org.apache.wss4j.policy.model.X509Token.TokenType;
-import org.opensaml.common.SAMLVersion;
 
 /**
  * 
@@ -841,9 +841,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         SAMLCallback samlCallback = new SAMLCallback();
         SamlTokenType tokenType = token.getSamlTokenType();
         if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
-            samlCallback.setSamlVersion(SAMLVersion.VERSION_11);
+            samlCallback.setSamlVersion(Version.SAML_11);
         } else if (tokenType == SamlTokenType.WssSamlV20Token11) {
-            samlCallback.setSamlVersion(SAMLVersion.VERSION_20);
+            samlCallback.setSamlVersion(Version.SAML_20);
         }
         SAMLUtil.doSAMLCallback(handler, samlCallback);
         SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
@@ -1945,7 +1945,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             sigParts.add(new WSEncryptionPart(sigTokId));
         }
         
-        dkSign.setParts(sigParts);
+        dkSign.getParts().addAll(sigParts);
         
         List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
         
@@ -2014,7 +2014,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
         sig.prepare(doc, getSignatureCrypto(null), secHeader);
 
-        sig.setParts(sigParts);
+        sig.getParts().addAll(sigParts);
         List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
 
         //Do signature

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index 5f80221..f65085a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -51,6 +51,7 @@ import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.bean.KeyInfoBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.bean.Version;
 import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.policy.SPConstants;
@@ -100,7 +101,6 @@ import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
-import org.opensaml.common.SAMLVersion;
 
 /**
  * 
@@ -357,9 +357,9 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
                                 samlCallback.setSubject(subjectBean);
                                 
                                 if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) {
-                                    samlCallback.setSamlVersion(SAMLVersion.VERSION_11);
+                                    samlCallback.setSamlVersion(Version.SAML_11);
                                 } else {
-                                    samlCallback.setSamlVersion(SAMLVersion.VERSION_20);
+                                    samlCallback.setSamlVersion(Version.SAML_20);
                                 }
                             }
                         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 8329647..ddacef4 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -70,7 +70,7 @@ import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
 import org.apache.wss4j.policy.model.AsymmetricBinding;
 import org.apache.wss4j.policy.model.IssuedToken;
 import org.apache.wss4j.policy.model.SamlToken;
-import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml.common.SAMLVersion;
 
 /**
  * 
@@ -461,7 +461,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                     }
                     
                     dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
-                    dkEncr.setParts(encrParts);
+                    dkEncr.getParts().addAll(encrParts);
                     dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
                             + WSConstants.ENC_KEY_VALUE_TYPE);
                     AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
@@ -648,7 +648,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                     }
                 }
 
-                dkSign.setParts(sigParts);
+                dkSign.getParts().addAll(sigParts);
 
                 List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index ff072c0..8fa9972 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -718,7 +718,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                 new QName(sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
         }
         
-        dkSign.setParts(sigs);
+        dkSign.getParts().addAll(sigs);
         List<Reference> referenceList = dkSign.addReferencesToSign(sigs, secHeader);
         
         //Add elements to header
@@ -838,7 +838,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
             }
             this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
             sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
-            sig.setParts(sigs);
+            sig.getParts().addAll(sigs);
             List<Reference> referenceList = sig.addReferencesToSign(sigs, secHeader);
 
             //Do signature

http://git-wip-us.apache.org/repos/asf/cxf/blob/2426a087/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 113e507..5ec749e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -377,7 +377,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
             
             dkSig.prepare(doc, secHeader);
             
-            dkSig.setParts(sigParts);
+            dkSig.getParts().addAll(sigParts);
             List<Reference> referenceList = dkSig.addReferencesToSign(sigParts, secHeader);
             
             //Do signature
@@ -484,7 +484,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
 
         addDerivedKeyElement(dkSign.getdktElement());
 
-        dkSign.setParts(sigParts);
+        dkSign.getParts().addAll(sigParts);
         List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
 
         //Do signature
@@ -583,7 +583,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
         Document doc = saaj.getSOAPPart();
         sig.prepare(doc, crypto, secHeader);
 
-        sig.setParts(sigParts);
+        sig.getParts().addAll(sigParts);
         List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
 
         //Do signature


Mime
View raw message