I'm working with CXF-STS and I just tried to get a SAML HOK. From the client part i've set the key type to public and I've set ws-security.sts.token.usecert property to true.
From the server side, it occurs a NPE in the WSS4J class : Cryptobase.email@example.com. I've changed the DefaultSubjectProvider call at line 173 in order to give an empty collection instead of null.
Is it a bug or am I missing something?
Since I've changed, I'm able to retrieve my SAML Token.