Out/In Interceptor requires additional IN action when using SAMLTokenSigned

Issue

I am using the "SAMLTokenSigned" action in my client and server setup. 

Out Transport

Using the action in the WSS4JOutInterceptor works correctly and ends up setting a single HandlerAction when sending data down to doSenderAction:

The action constant is ST_SIGNED:

Inbound Data

When processing the header, there seems to be an additional action discovered.

The first WSSecurityEngineResult is a SAMLToken:

A second WSSecurityEngine result is added based on the SignatureProcessor:

The failure then happens when checkReceiverResultsInAnyOrder is invoked.

We have 1 recorded action and 2 found actions in the wsResult value:

When checking if that additional action, which is a signature is part of the recorded action, the check will fail and our interceptor will produce a fault:

Work Around

On the server side, we can set the actions to both a "SAMLTokenSigned" and "Signature":

  // TODO work around here is to add Signature to the actions
        inProps.put("action", "SAMLTokenSigned Signature");

Questions

1. Should the SAMLSignedToken handling also add a receiver action of SIGN (WSConstant.SC)?

Sample that reproduces the issue

https://github.com/AnEmortalKid/cxf/tree/sign_saml_test/distribution/src/main/release/samples/ws_security/signed_saml_token