Details
Description
According to wss-v1.1-spec-os-SAMLTokenProfile.pdf on - section 3.4 Identifying and Referencing Security Tokens :
The three forms of token references defined by the <wsse:SecurityTokenReference> element are defined as follows:
1)key identifier reference such as <wsse:KeyIdentifier>;
2)Direct or URI reference such as <wsse:Reference>;
3)An Embedded reference such as <wsse:Embedded>.
WSS4J uses <DirectReference> while OWSM using <KeyIdentifier> to refer to a saml token from within a <STR>. This means webservices using wss4j will not be able to interoperate with OWSM successfully.