[Copied from Jira WSS-517] When a SAML 1.1 token is referenced by an XML Signature reference URI in the SOAP message, WSS4J cannot find the assertion element. It looks like WSSecurityUtil.findSAMLAssertionElementById doesn't remove the hash symbol (#) before searching. --- Additional comment from Kyle Lape on 2014-10-23 00:09:11 EDT --- Commit can be seen here: https://github.com/apache/wss4j/commit/fec38d39c4c4980f119bb3d23bf034a47939ced3 No upstream release yet
Tag is up: https://github.com/jbossas/redhat-wss4j/commits/wss4j-1.6.17.SP1
Verified on EAP 6.3.3 CR. commit https://github.com/apache/wss4j/commit/fec38d39c4c4980f119bb3d23bf034a47939ced3 is present in decompiled code