soap sample and my code generated soap - soap

I need another pair of eyes for this problem.
My soap sample from vendor and my code generated soap
Pls tell me what could I work on to make these two alike.One think for sure is the Signarture tag. Mine has so many URI's..Looks like it is encrypting the whole message. Also the securitytokenreference in the Signature
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mhs="http://org/emedny/mhs/" xmlns:urn="urn:hl7-org:v3">
<soapenv:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d">MIICeDCC....(eMedNY signed user MLS cert).......</wsse:BinarySecurityToken>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685">MIIDFj.....( eMedNY MLS web-service end-point public cert)........</wsse:BinarySecurityToken>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-970e9a80-00cc-4c86-8ec4-3ba16e029a5b">
<wsse:Username>....your_username.....</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">.....your_plaintext_password....</wsse:Password>
<wsse:Nonce>KNyu6MsXCkTg4DDyvwvEiw==</wsse:Nonce>
<wsu:Created>2010-09-15T18:00:30Z</wsu:Created>
</wsse:UsernameToken>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>gpBAWt91pdwhKva............</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#Enc-0641b860-b16d-4941-91c0-d60bece67794"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
SAMP L E R EQUE ST W I T H WS S E CURI T Y
eMedNY Meds History Service User Guide Page 13 of 48 February 16, 2012
Version 1.1
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Id-f10674fd-b999-47c9-9568-c11fa5e5405b">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>wRUq.........</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>tBSsaZi........</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="Id-f10674fd-b999-47c9-9568-c11fa5e5405b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedData Id="Enc-0641b860-b16d-4941-91c0-d60bece67794" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>SQsTCAK6ZaVhojB8+Y.........</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
This one I generated using a custom binding
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1" u:Id="_3"/><a:MessageID u:Id="_4">urn:uuid:848a7231-015c-4312-8f33-5d780929e826</a:MessageID><a:ReplyTo u:Id="_5"><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo5EXKV18H0NGpFzQdQUpyfoAAAAAZ8XUgTPDn0+XJhO5/IiN5w7sG3fELmtHj/xndkfuYrIACQAA</VsDebuggerCausalityData><a:To s:mustUnderstand="1" u:Id="_6">https://service100.emedny.org:9047/MHService</a:To><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken u:Id="uuid-b6dbb7d6-5204-425c-bbad-a48fdcc6bc02-3" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"><removed=</o:BinarySecurityToken>
<o:BinarySecurityToken u:Id="uuid-b6dbb7d6-5204-425c-bbad-a48fdcc6bc02-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">M<removed></o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:Reference URI="#uuid-b6dbb7d6-5204-425c-bbad-a48fdcc6bc02-2"/>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData><e:CipherValue>cpNzU2vWQVjpUunQyy8D7dHUooHWF96tybpgEWxNiddkNBh38f6E/pDykBMI4+8LBmM7Y0o0QCDleK65kxddypo7kfSDK6NZRx8k7+wF/GOk2iMx4qufP/bBkUECIM5p225kDBanQcW7jCuLJuZN6+mUVIXwYpCePL/XLNRtfss=</e:CipherValue></e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"/></e:ReferenceList>
</e:EncryptedKey>
<wsse:UsernameToken wsu:Id="uuid-b6dbb7d6-5204-425c-bbad-a48fdcc6bc02-1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Username>XXX</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXX</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">ZjkOD1RqShv7ZYpA4wEU+UhX7Aw=</wsse:Nonce><wsse:Created>2013-05-19T08:36:14.948Z</wsse:Created></wsse:UsernameToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>F7UsmXHI4QTXK3WDc6z+2uRUUFI=</DigestValue></Reference><Reference URI="#_3"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>DonC3xMPywpTOjov235wsJMaMcQ=</DigestValue></Reference>
<Reference URI="#_4">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>2dFhw0FhPvuQ3KmC49UXXP8I8bI=</DigestValue></Reference>
<Reference URI="#_5"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>k69pykploFPkXhw5ogDHcjcJUI0=</DigestValue></Reference>
<Reference URI="#_6"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>UGa8rjex4LcxUj2jNn/6oipzpdw=</DigestValue></Reference><Reference URI="#uuid-b6dbb7d6-5204-425c-bbad-a48fdcc6bc02-1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>9KFMwwujEgkI/CFWqWtpJh05bhA=</DigestValue></Reference></SignedInfo><SignatureValue>Om7OYdNv4y8IlQCBqbOJhm+pjiMmMN0XlhkEQiQ+6xCAJ0z/ukLR/few30tWPrt6HBXjiAoy2E5N0UXmGBtaBL5Fd1jP3d8IY2mg1AvzdXkJly9zoI2Capj4QpqCDP7jjUwuE6T5BeSajLHvHp2goCspX1gZkTB4KhgMH3LOYsY=</SignatureValue><KeyInfo><o:SecurityTokenReference><o:Reference URI="#uuid-b6dbb7d6-5204-425c-bbad-a48fdcc6bc02-3"/></o:SecurityTokenReference></KeyInfo></Signature></o:Security></s:Header><s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><e:CipherData><e:CipherValue>gvhF+xGuMqxaQFpVFjxE+</e:CipherValue></e:CipherData></e:EncryptedData></s:Body></s:Envelope>
Thank you for your time
Sun

Related

Consuming SAML XML Response in ColdFusion

We are currently developing a SOAP API request that requires a SAML Authentication:
Here is the response we got from the Security Token Service of our provider:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal</a:Action>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2019-05-28T03:58:09.114Z</u:Created>
<u:Expires>2019-05-28T04:03:09.114Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:RequestSecurityTokenResponse>
<trust:KeySize>256</trust:KeySize>
<trust:Lifetime>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2019-05-28T03:58:09.114Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2019-05-28T04:58:09.114Z</wsu:Expires>
</trust:Lifetime>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>http://idibilling.com/webservices</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<trust:RequestedSecurityToken>
<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</e:EncryptionMethod>
<KeyInfo>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<X509Data>
<X509IssuerSerial>
<X509IssuerName>XXXXXXXXX</X509IssuerName>
<X509SerialNumber>123456789</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>Y1fId9FFPZfhSOhiPj61Mbqx3fdIpvUeY0SlwTXdOSDkS06PFks7pM209sfwakkvxkdAG7iovy7gpDFlmAkq7ePKMCZhztgBJWnHuzylB3sEyncXXQCrzbJDIqYUXqp/ZJ7SVBp/XPq/jtimhCiHrbm5SGIW+v3R+Zf1lWWUsn9QXaqbj00uKhWKl1EV491SoswCYXAtUdSRSd+Ex+ATK9gvO95LShdUvbEwWYYKyoxKuKyE6sjBiMUan3N/qBK0z7ku0fopRKjbfWPRbdB7tEM7n2f08fxScDzPjFTGsCZz4kDEm7UaRLOYeCQVkhH4tFrS+D/V/AgVU9HErTmuow==</e:CipherValue>
</e:CipherData>
</e:EncryptedKey>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>di2ADzpQFrKWQh4S6m5PsadBvghJfb5fJgZwW7FA2Q4bVgTcm2YhDLOxei6mVWuaOzykh4ft0OQdiViN5Hn/mJYVIzk/p6zUV9/oqaiSpQT9VgZTa1ngtOnszP8H+A1+BdQ+jC4I6VrKHMiA8hXsvED5dhXxHj3k2dBWxwc22+TjswDQHWNzn2bUqJShWSy0JYPsjlTrG6AhVyPLlrPCQXRGMnrLraL3aaAlBHXlTw02TyE2J89BHV6PNrC0TsymQRGH69kOE1GqslQsLOqD0IMS3XEjGY2ZPlqoczSgJXZr9dirbX6jJ1svRRhLT1XhaGpXwJ5l5r/0IAAVSJUAoDBhZBizy5rNfaDZH4UA2IRRVw1J+1RHY1PypjBu0H43NQdODHVt0WtaTaXQhaZs216wX9BbWaK9mySMr9ZTgB3t9LX2PmwfOYiPRrdeyTO2+BxLJOxJ+y1DYQ35RIotQJK9VfekINNeMSS99ARCpc28ueDcdreNcCAjay95ONtEASs9784dwgs3YQ0in84VAxKOT+s321I3h15qPW90uS+5enB+qW5n9E+yTajEW2GO20GDiH8amoFEH+3drpCksDOJjCb5TVcNkqhX6DjekiaCBv+j1Cb6Ixj4YnAF2Rw3ca1UsgZ/xs651j56F1NcxoEZe6VmC729T6t3hVF/2p2nsKqgLt8wsDqhqLae0ZCfK7U41FTuFPPUOk1NNaH5IQzLt3eEsHGzaCi5nh0MUJ5iadiqnM5BxaxD7GRA0fI7DH3YTeq2+hNRHGtPLbSwxddKiiBEJE1PVyv7W8CiJWm5RxjNvc+sf6VSvROTST/mU8/C5u/bVCSUK5Pi/JC24bezW2jk9TiJr0LPU0MdYn6mb7Gr3Z/91owRTL16+P+j9Xpm5lv2oUr1ThXmAry177keXygx/8lezM/5AhJf8DUYMRmJ+IBfs9fMWPPx5ZM4jPECKJGI8o19h2I6guPBzHWyDM3ZH2Khh8GCqOf1WOZNKgxCTW5XBsimMbmfEVDpGGK7hAH1YaKx8LLnugkcwFf8l8lEO7KurKXKUzZ/bKf9JvUoGD7RxQrYpA/6kRxirAIklrKE9tCClgqEnY9+zmksdd2chNbNFy75XGVuNfEl8dAu5A6v80p9TloEQsFMEyb3E/vN5m1T+jp/E9K246of/P/Oz7iblDpHhNbbfV7iZeiO3NEyAlDrxKJAGbE4tFhciKVMA8MEYNYUxikCBgjtOHrO/WPS4woBpvy8ZMnOP2/PbsKD65tMJ3tYu2y57nWva17+rFRxm5U85lwLt3aMrtPQS6OshuvhPIGvOei1D35R7HnU8W9wrw94xKrGJoYoJ52msFIeCpHKaeYaKDoIhEHO4g2rGqYKoW8BBYglsxs7llD8lysZHIcaI9mxZcPTtpz2m6gIoB0MbLaQ92+VDFj8M99cx+O5SM44F/clsKm0+W4y6WokcoFfFMSmasODQRe6D/U3tn6jpTtcXpZnPUDgy//STVl8JYU+g7VG2BYEiAgPiBZ0dKkE5+Og8Zj6wG5qTgrmrN360qnjr4EdxlhsidgxpgWURFS+TZpl0PTh/WrsakaZ9ZpJ9kz8s/rPNTQXucomlERL95mXMfkZYalsvW5NsIx0vQudPV+6LfnbgmWreowa5qdyib4v86rN9tGepz8C4pgs0osj1tnxW9069MvtM2jg0KbtAyLRIHkTovznBHU6DmVVNn2+iNcz7xdVp8K6LnBbv+a7+/HPTGLhy/76og66kpH67B0tRHGVdiJDlh6UyZN4Z0G3qgHJM5uJ2JGYuH7p5uUDiZKPR/RdIQGiuUUXbvY+8QiyFA2qJv6+9VbctX7xEMmULRW/Geo3JaQqG2Zvl5tkXp2m6z2eKFijeVl5P/4mLmiIFw+gqURx840hK/Hmx2+BU69V0hRMlhpLW/X1zPaFwTzdxSX3A1hXLh6TmS5AOmA6KqJ+egrBs+YKmHKXQj4BI/OaYeWhOaXAqCdozljR21O0pSMU2uVYaXwOVE00LV/hlbyjnt2/9iJUWtoi9uTje8ipq6wgFMBHub3pQll7Wy8mrttVx+QVOeh6/y8FRtfCvDoBax/MiiPW40ATYkqSz8AsAGvlYT49RcVo8Vt4VBpb3VjgzsjD+PHEsonQ+0nkRXXrnh6XMxY87OjY40UhqzH01U/JUToZVG5lknf0kEfoFDYJWzJNJl77oukns85MsN1oXWuhvu+JcJ5/V/+UxGXxv7OFv3shP+5N+KhF9wKK7w1yVu84MRK5RcVDY0guAfnTJsAgHHHiWIj8TUamcmuKWClXT/bziFeQtt5QkRVPGW/gTUMbIs2ccK39H+auFqWTofAqcm6cVFUsn5M9jda7TGXOT2mOQDMpTEkkunbgotRMstPZBXXKjy2sRCQ/4wruCVzqLuiJIaY8sTuL8HSDiwwy6AcKn55ebz1xZr0vgvfgLYM+y7RqblxNcna8SsaG/WmV2QEUUzVsgl/FVGz7+nLi7Dw2F59SXTBIkCYIEkFfKFqsyCehUkjH7cbxAsffCpvlT2GWq3ReD2CfValm86MhfbdiR4b3Vku33224FWc6w6Y7MKY5ugLVwaOApPhMRo28OJ3kfsOoQewBIK3LrM+O24qlXHsTfnonbCq3I8q+ZF/InWFgOmxQ+EoHigEHxFyDyFq4ICi4AZPtZsaiBpwv4e1Oh7hvRJw9Db8/UyeU4/n1ccEDGk79kDgRaZWIXMOBguafkON759Y9fA5JsoQkFGun7JYzx55pJ5gmXuXe9cifNTQGepnG1/9mHQ5FZcWNzyU7iGMNSJ03XGpNZoXLhbupCj+OYQpthliw1x4bVMNXlZ4faUnbZWf1nrEvrCiwv77TDgKKaXJsSoiE51OoDRgz+KXWP4kkR/HsUfL0z5UveRsgS+DoZsPKnRcYuzYYQ1nFanjLsTQPmgujkDYQYnu51xQUfIQx5MkDGbRJqUlrmovJLo8XUn9R9w3ZQbcqDxJGUpLsPjLuQJQubjv1RzuBOqwrOzCEQEOliXGDJMYM9Dnez0PYCE6vLD2A+IwPJXyhFclzrnpx9J4UbAzQYqDuU4kO2hzc2wcHK8Cg6xyGn6dVq902sXRdc0x5pXfJvUYK8yR7qo1JZHBiSW8/Naqu2vV3g/b87C1dgpQZdjid4qXGFaUmBEJlUn/I5Mv57TTXuO5VwC0jN+XWyd3HREkYIwkrT0OGhMP2hcVVqvZ0FrDwUWJtDdJCjaZicANqNTb+0SEsZVkmBSuvIeSsDiAxlLmBZsjFzNOYhyKExk2GYwEF3jgmBdsxCLmjqPpz+FM1rq9E6rABbVMe4ESRTp80mZX9wkzAcCSBT4uAfOfIIqlZeeAXmeNNCeQIEnd/jaskrjlZNuqjLqF5X6NG56T/cNodoTCCfrbn2DnC9Mq2H+gev1SVgbUWikHsjH/iIwqJtkRR0li8auSR/WxQ3zOfFg7lXClwNcvnauyvRnVYzjDJVLi9NyST+CUTqerH5b9iGCF4hmaLxfhRjzoa7cKF2j5WtSnKJCs+ARhPqq/1T6znukGDJ82/NRiVs2bwApIodXrcBst4cBSSQNUvwtUMX7ogt5+xouWuSBmSvH9Ll2BRk47ibf3fjXxK+/z7KfIFlck6nHFSHnL6BJR25KOD6Tgw0YR5S1Z8n3DHdrjDnGCd11KI6GIMRz3VKes5h82TyG6NoFFzHpLdubO5m+kmmnDAbnaQQe3p78oZa4i9U6buXxC1AIgEEgzEt9/r9HuCbu4KW/pNm0N3zEk7+0vzJmgnKsEh2644S5kZvEHpXZ7twDJEftReb5/LkJCwiJyq7LVL/4o0LVVRZsEd0QmBxkyIb2rrT/sYC8i9fXx7f0TSAZN2MEHGnl5JVQrYe8N8l2haXWzxiu2btjtdrNJz3jsM3GgZ4sUkhgJp72ZnMd9FTD2QMOkJiA/mLOWprG6N/uH0kueCyYB7zxlKf9758RVlaFb4tgHS6YhN73Cn9kkaDe7rWDeKbyUg3R0vOSTnCIygMhUkz3TqgkDKmWbMoZnfs07B4bLwpvLrddWCO4JBZh0teBQKBu1phMdBnNeMvr7tlF81LzKD01rZeQ5lxFgm2gjlC7+0E+0LoPiHetjFLaOtMW4N3xjr5+CeCxftgvot81hn4evBnueovePikuSo1LYn6rmVOfpsC9CLJ3s8ozE47Kao1Ym+t81hp7b97nPFxVCndcB/CmXebovnmfG9abyFtISep7D5KReB1qM03ZnL+WBKfsjuKMQPbPKdVWhy3F6UpNKG/ZYaBDjP6mQwog8UrQNBZYcqFDA2pE3lLpor/uLPKzrSjxBnxZhE9qKv3KYxbFC3CpA2dZ79HuzGQRIiPA6UXpIksOr+J4vO8v69NCrKefN5nMu4WTYb7DR6GHg56ckSiBGQhAKUO/ZmsgutjRHdHI5V9eTlTC8SGwxVd44Qv/XrsTPafT3Tz80tuPT4e3SAX6T5eGW5fksRkccgLLx7ieEZP05cclEMEkl1FdNILNY/6nJeYe27jmpvAR2wB5CWvcI8w/G7BYU2Nma0rSvaMVN/c5PN6Vw8B4eIgaG223vKzUAqjSQEb3k4VIPdyG8yksZWvWD8QMEiWMXvWjjeB4N52Ahc32N+C2mKJ5ovC1dfRa3n9Hdv7iuLFdiTY13jemvJO6De5jZIdklyuiD37ACCoR8H9Ehp364pgl4aY/j1EpCg8ZPvd5P8c5esEnXoA3+woQRM0q6sSNimBJqvH0Jf4C0kZ6q2nUHkiP7k0A04cmxCaCJaEcrjdtCUkBPk+Tlmz2S3PIT0s6jEjwpZjTgj4la+sqlIYT47cwLtPQWkT3XfrnalwfMrDA9RP0vJ6zPu8ehC2D2pJWNoRumNrDKH3HtzBy+l7UljXzXS3+ZQMdEFS1OJsYE07qi8gc/BgYJO8R9GHkosJtbFT4SJ5+sXA6F37yOTBr/QR/NkoqWOEI5AGhpe+LIUw12nrVoE/03/k5kFncY53vpemKlPMN3WSeKWC2sTZRUAknJegBB48rHm9WALgqmX8ZqB9RqfDt/uJVbnz5QYv5NjtgthOyfewny/UPvxMNSpP356j0Mcqa7mroQLaujYfDNBn4U8VJCmlhZh6E5+tLlmlZekDUzpjLaLT4KeS/wSxVpP0paEzZrphb9zxH00fl9Z1g+lu9GlzKUMCoWMpX6vA6dODT1YLyC4tVIiGwLXAsv62oYg7GaFrmiFfhk0++Vmb5mtsnPhBY8ii0MDWadioMtLZqh3aPiXJwNkPYdXFb5GwZXxpqCEZYCvRiJ6dixQ/PpH5+Y7Ub8xfOCCKU8lQWxnjsiV1MaL5evGIMSzsh26MCaswSbKijryxaFU1FegKMOuustdzu9jk0fIuCp/wih5DqgeTdWu90VEL/ooLWwUGbvSs4JzUiQ9IOslXH87Ajyr6PGezooPqGDdw6iE0kl6iBKgcRQsyxIZTNq8To3+ikbw0YztrFoPLtmHBzIbP7+Ixq5lacWKhJ2Hwo+B7Qlg9OoTgRGZWBFLRUg2A7CZ3nLyo2sRkc4+uRr3Rux4MQ6zAFYz1Tds5CuqKwOuLI+uR62UzJYbhKGrZxal30VYdbY0GhS7FBArjpB3m/4grbHfzGgzzoNRwP63HOlgmEC87lN/K2qS5aIMhDC3opfaYbhQOyOgpsmhjQzZXeeBtIj0lgiPl3dmiXCEPHNWtkjxHjtRcp/EXAfR6uPeP/UWv4mI5kpZMbR6V4nHQDLKVdsfRQXUj2iqOwYwNti1KYa3vwMYBuuULndjfLJ51QXdjbnIe12shVSnZNivQZa3oEb7Df+g0vpByAiNVNMS+ZCBa6+JwhOnjtYdfd6kOjM40WaFu/ea/DQ3QnEcRTwc9W9ViTTn0nLsgXEIWHKo2R/Ckj2ncrKlnOCrogq+Jy4BqB+PBtIyyuyMm53loztfXjJnDeyb6w0kekV4DlDUrTaDNgTzqeJzF85KtDIEzoCXrQdje/JfZYwbYMzKG5qtk831QFIZSLmH+FyBmsRJgmLYXiCd+4GHZ1HQsbuATt8uaR1myL9NfrrpQJ3MQEaoWrx+sy1oA4zIKDO7z7aV2UEf5Ov2Xmp8HYVqss3zUGiOX9g6Wy2GHzci9A7lwFLw8q1D9vqmejf+93GI/GAyNAMmpz6XO6AIxNOQXp8bG9+iaHF91DfQQmRCcuvxinaBOZD4TMNe+F2KSfldUwh4vHhthgTUmtKTY/jiqDUbsPGSGPTTMJFu7vFvKAA1vlk9VOsehwIpE90ja1J/xbsT49NxlOG96JdiBrsOqUXU55Ad647x286g1jornxjaSNLxetjkE19FjLM6AMlEB2eKn6dtDzv6x05hlTlJ7/9nruvvkLY3V6MFQSMokoid8pXqmjAJc2tdXRD57lQJpCTFN+K8ZA4I+oc98HAHEPl/DggIjAX3mjjp7DWDyWqd9s3cnagSdxd9RxCXzJdIjlA9YXPN96qQ/lpL1NBzXBrPVgRUixEYuEPLlhzqdcnCT9WYptA4c2pOBvq6V7TGg8gksmhyApgRCeozPASmwZsVXYNZdAjdTNfvN4GZolUYKmfc0vHZpG6MUWeriF4liXhOqDCG2ZIlnb66tVxMSr9HwX/iFlhbrqTtrzYYHnzM28aUjg9rLNTCjNOAoMNkMms2N7anuzoyuJ2seiS97shvc/UydAJZXG9twJ9f7Bw2s0y51VboVX/WLAtJ79Vh+ZDOFWK7SWAywtmO+u85TaEOOXkDR7nRZCZCtjMxEwfAgV8Ezzfn5D1aZuptAc1H+37r+TOEhtRZtuALC9Rk/z1vlocGCfBs0tjrPXfKMS2kMYk/6C9BjkwOqSErXjrNxyAkb8ISBOJlPQrF1AYtCs928oAUH2xH2Id4l4R9WAfs5Ry2mQj2xGEiw68D3wg/Y3UAaYD6XQukYiUlrJ42lDyk69s2eSMZ8+QAYMRJgj3QtjhHq7Y2XhNN1Q4KhvVQ0WMSZ+B3mktQuJ3SXIi1IfZnkfV266hN8WDkFf8P5knSiyIJ0Hb4GbIbdaSgIOMw7RIiJ2bEXwg8Kxt2Iq6v+4wu0ZmwJ8igRg1w4BWDG6fCZhMSoS3B0UijrST+JzNTFsKU/SVrErUP4agIpYt5ytfiJtgwHD2R85AD5yaIeWn2/hrqNqMW8/ahoJDN7jGCGKTY4B11hWC8QkTI6Q5+WRIU2vQRongrwOFAaf9F29BDxFYCT+p2BEGLkOwRVghpKTaI9Y+4dlRR6mquTwIJ4jsdEeP94q6VgrJNqRPxjlJUVDWF/wpxT5p3teS+xO3c++NANS3mFXiSdRtl9etrbF1XNQ8sJ0PYYFRYn+UJqoJ/78HfWQkdtsReqJlGSu1AD13VJ9gvCNSxcxEPq6skMr1KZnBPsdLEAmPeXSWf5J6pRR59oXDtOWeQlYz3d55+btBzO7AVuYmArW96vLcuEXOlFTZLlJ0LKHzDT5Wi0Cq9ihlctnLmmRmwJ1y/Wenx/eeLYvIFblBohmrVKZao0HbVAjIR2H08fQpczAgThdG8qVxjaNzgZRzWVbIaXn1efEsLQ0gDcNftb2f+sH491h6MHDI4kcLQZ0jc0V7rJE4XUya1RsU+FGMW7Fareq3E024pALJbnu0C3TgPu1Acvv4ajN4HUC7qwGGeXPy1XGUN+OqM</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</trust:RequestedSecurityToken>
<trust:RequestedProofToken>
<trust:BinarySecret>bOkZdTCufrwieMmOdcO5T1e+JSzlDB5SlcLhPgWwlsE=</trust:BinarySecret>
</trust:RequestedProofToken>
<trust:RequestedAttachedReference>
<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a13abe92-0956-407b-ae40-8266bd218521</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedAttachedReference>
<trust:RequestedUnattachedReference>
<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a13abe92-0956-407b-ae40-8266bd218521</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedUnattachedReference>
<trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
</trust:RequestSecurityTokenResponse>
</trust:RequestSecurityTokenResponseCollection>
</s:Body>
</s:Envelope>
What we want to accomplish is to consume this SAML Response so we can use it in a security header like this one:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<u:Created>2019-05-21T05:05:05.573Z</u:Created>
<u:Expires>2019-05-21T05:10:05.573Z</u:Expires>
</u:Timestamp>
<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</e:EncryptionMethod>
<KeyInfo>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<X509Data>
<X509IssuerSerial>
<X509IssuerName>XXXXXXX</X509IssuerName>
<X509SerialNumber>123456789</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>LGRkzAOljXa1jSLVJijxJoYtsEf0ac5zZKxBHxEddowiMSDUI03Ggw5GTvl5/pf/yh6V5sbO17HQtbudN7PBmbGb8fXj07bhJzjqgnibyWTF+Nn0zk/Hq+hwqNZY+MT27LoRgEshKuGLl7ll/lQTvB7fjLMXxwZsyQ2T1NcgKgoyj0BqOifPQfD1ruoiNRaTlvWC+cxpz0k4UcwN6LjQx2QfOsEDYevoIhxAPZwy1eyGhExwPaGTgbrzVvqLLszzkBjCKT+rSZ7mof1cGjRAl9tGXoyiBW/KEhlqy5N15LU141zHQpAwwBhOVNbsYPWQGc1JCgZgNu5T0914yfmGmw==</e:CipherValue>
</e:CipherData>
</e:EncryptedKey>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>4p9Gt7Km9Rgh7+v9+NlQQBLHyMZ0QniADiytP0hiaDOGEaaZNXnLptetyY9pOFwz+PY4x5BxbJAYn22+585ArxEOJsE9+RHGim1ytYxsb26YKSzkJubKW7bNbCS+DfKiChOjgkk6Z3s4Tlp8v5LCAxk6AtLwnTSpF/w7DSE6lyJB89Qt9/HYPlx6KLd4GbbHqm8eeq/cH2mCMsTVMxmsxiQsMNFOeCeVA8iOAog+aH4rGOsOM6+KajxjTmxC6UgvkYJ3BspCM/ZydSjNH62FUeciqicQim9RglpIrKJpNyubsFEBB3sNj1fP9ynnk63RHMOdteodCdkJCuYsP6EDz3V18mgn61FbnnJvKUVV0x8nTTFva/AG213lEVULrgQYbuSyoYsaSDUQK0uQyZZzzipujZ/rvi5LNYs6/MhMPvaIJ7Lo4TxJG9ZYzJVTdKL0o76NHkJ3eRwlEx3hY3Sdgt0X167OJiqRLA+ElEEELXWAeYy5dr0on3x7o/xDx4Kmhu3ZCsm5D9Oi2hoCzX8p7t6mYwq5Idlxn9AF6oQyBvELMDPw03x/LIyXHMr5l60PWdIgTVk4R19hUxE1WhLIshaLmFS+tM3PMP4KkESrJ0uMx/HAzcvou79flRpbn/qh0p23V6d76f+bXWV8dDbZurWlPO2T+5oF2WxzLzee+PNGrelEiuWPlRyY455/7Ad7lhaSphTfEoBpo6Db6X4X+q+tJ8vMNe7/UEazXp38Ye0JxwTIPePY7Y1ulEa+hxWeJ0Y1XMXO+iJSGpMac5d2WMQQ/OcyWeuhVmrsK8xfodlxgPHPnk1hlPN4cyL96aUy7zP0fwUhtIZ+P+LEF/1wifyVu2NmG58anHfaREjxn991cBay47XKibgsjSYaEY7hk+kAzysLH3DvzMCQzb+LoUFNbQWnOqqKNRn5TYsYNbcHGxIHo+rSZIHSeh9IUSYUsdRQuLybvH/dW+OlDr2zW6VgbESuGYBnd/Qnt3VELHCE/EsAr5CWKjQ8pVZQqtUI090E4bLzhF8HI5EwvDWDZ0RXzY6Hypc3/rmP5kwsraHup10BE0Z5TqSt/doDtqw3r3c69U7Fi5RDiWXWTLJ6aUHBnfiFH3GfIomTGFTJPe5amD5Rfqf80BhkoMgmfrhrYgusAJm9eTCmqCcP6p2F8LWkOmT6TBP3HXyTO9VzfaYk4j9SRqczpC/FAWcZO+XAngB9AwCzldp/CgRqlt6zHT0vhhpFKbMdwSSRDSWWeiXU5/4POcJuSBtfsuSt90AsHBEAagNfhDUWDRBa5wb4YHBpN+dOLicE+DtwkfjjHER+zw2RJzAZ7xF9XALiR8x4vufMbr6Idbm0ycIObtMPvdo5jrtt4HTiy4bu6vlg1wR+TY75Nqk+J/KHF17XHyUVeSyOzI0sLgecTDOnFo38bOnmN9lebFWKLwXoXd4/YRwFEpQ3rz0jGgUfPib0w7y9hQYzOBB266c5lJzk1WUp6Rfg2Ms+SrKkqM0wrscXC8puQ6WK5EACSa05qFdpV+yAeqLgKNsaKG3HoAmJqjcyuHP6zSwHNR3dKE1kVLZJOUCPv+MSQqMZEBA1aARcZzJuyEnOaEMdOKltnVYHa4VsO172ilolCTmC/ksWHwYApfhfXm9IhQ96ImG7wqzPTolFjj8uGjR3stcUMlOV7Z8HmRovc9EGtynZxxqZ8FB1J2Kv6t0oK1RwrBAnt8PmY8wtF80CwPUNE2sPmFxDFg8P8gHX8i5u8VT+44cu3rw6fnYj1xFDCFi8i9lZNo7a5g1zBisQYwlTPauPMXvcuKXZ2PXk5v8Iz4AFkQ3MUd42CrBQC7qQuTUDR42eSGnjrbQyH0Zsqg1zZTGhtTt2lsHqtCkGuKvkC4n3eFfeYJUuIf19nHlDZuccJd/EZ2Msr7T6wRxg340n33+XpO/YocnEEDjTP3ROF5siRG2kTRp/vIBHMhQzzto38V46hl2oO6PUFompnuleOKME4HqzoNBSowDRX3YdPVD0uHsc/DHp1aU+qpzQzn6egdvEupRLuqkEE4ieFESGDPuW5lhYs++yVW/xOqdACsJxQhAwpKqTZlxPoQhbdg+JhxPasnbxWeNRv4YTNq+Kq1YTU+Sz3kzOlIz9/glhNc1Key4a02NRTedlNLafHJl7+JEwLGJT2qRC8kewvzKCJkJWSVaxXYOv9Bi/UlkR8Jm8NkpxXIM5RpU0KsXMKrcwnoZExNdnlxYoPFIWNtkGS+lOlJ/OX3UBW4lokfJn9g+iJjA09B7Om/F7jEmeA8YGjyqNVMDNu9m0q9UPUyRnS2SqsFzVvb3MHAThX9oPaX6AK0howE6o7DrbJIUMgecItNv3nqddk2ikdqyjPiB8/QBHx5H+nZ+wTn8cpI3gJiSAt7RW9biQkoBSH6fFlcyH/yQArojB/kjJTxOBazilfps8quTjzlYh6I3HiG7boX2HFGlHJ/sW3jXjPeLvtBlbGe60aujXATJLGxueRp5cF1/YTtWoKkFAEfpvKCjsOKUC00PVEAqs0bFgG7mgl4y/7esfZpf/xlIPNIoDipMyrM08pJr3a4P9Hy+ZdIUisQLQSggL1CKEs+LlhysiaBd4E3ltArDmk/uhlI4zxlNCcHk2d2dOEXd1gtW6u5UE9zbzq/oj6Ik/0guzsOsTtTL0Dz+etji+m/qE/JT02lSlM5xAGV2/N2ykTNrP7bZW2RXuMWmyL//BuUylq3ZfwdlLMEKQzZdJb7Wi068vzzMlqSW6GBEGHjSWDM8Z5sg6K0uM5pYkBSpzHY/WETs+GV54IA9k2242yJi5OH+xGITZpSk/PMuoPYFhatqybRWl5ZtUhcc3VOJXbGbkw9C43hRJ5RDGmys2ILLDnLB2DqosCnWR41f4m+MqEvi4eXamKnbVSJZQwyTkd6aJL8lb9p39puWU5Gl3/lzTMqi9xVDcbYd/GVtwmTZASY+o88qGAs7kghpO9Z7+9PPG3Q/DR7az9oUyyQEfmEbY758iiwirmIrlfrJt6Uqx4io5HsVN9e3z/oIwqyf8e6qeAaA0EY9vcJUtdWz/bfJDt/SJXKg3u5/tC9urw9BYMnMS5quRh0hDRt/9DfLkEMBJYIb5QLsIOGA1mxVAJqYQFRoKloxDFqGj93G/NhTUqYPZm0VCEFitPHZN6LNuOS1OfgWUjfoGP7jzEUt1NSIicMUQ6NFeztxpiRgZWGtM25OfNVR0ah1avDfyrcdObdbwbVgaH7ztI/+R8Lq7XdT25QWv71aSNg4S0xwo0OvE0eyq3o6xhoJkvrtBTlkOna6yD3Htgym0fnfSc7tOAjPVj/napW5aY854l5lvzxlbvOioZjY3cADf8XVHjyG0kg9OYOt8jF0qwDp9l4cjMeG3srPqZxiXelN/rfAxjh0ylhlH+5moDwfTJ/1wCe/PhvBR7mYZY+TCZcj0gZGQlrmS5I+pB3ELFuVxBGMSHzJiATSiCCb94CvINKyrp/xNKeVpU95Pc1Yl17Qf2juY9S7etp92w6DpZCjMr3NF1ypRCWkvAh/ugiWV4rp9fdS39tILJ5mxJ58KIAi1WPksZNxYFpPWFIyncbdMILPOV/Tiy7qOfO7RksxYxyxAG1IRX82Wofn6fEo90ePqQIHTYx+DgwYgt9WPn1v26IjotFDOYJ62w0APJqtFOBdDgcYVddLTljCArJf2kd8jdg+9SPSkFdqLdvLxK6ITyjHcoq6j2M2MbzjOJCSpc1qI4/MM7J4r29tNaxUCAmncf7alBTk91WOaybpfzUVMDTqrdKboCQlzj10DnMt2HiKxRaF4MO2liKXwJkPRN+OzvR95ZyaKUj84Tyw690zr76K5GRnwfQZg59VFZUgLM1g1FuSOlmsJCukwKF/fWThU6qRahpG/VRhFqM07JXPh3gjYetDhdPMS8IrO1exruhASM1DFwNebKRKLhfJOlgVCBCtZ/0NYtPjqIb/JxPvaxWH5FLPj44fePvjHau+nBYB5i89QQ4S5cu3tZFLq7u29KrwlE9rYfoHcVXMiJmPlQJTUVn0lzMuRcgVeF5YELSIWZ0vtqHxq5yLB5+YuQW3mQ4YG+hvq6jf31t/BmGMkaiEJb05ebR8yGZevWRJUSNBJw2QMWxXL6WudwH9eJAmDZUtXyIp2lfwu0evm8ff2SYos3D6WD1bW9G1OJS0OMrJzUJX9s3cdqKLpL9WCMjQp52X/kHU+k2yLPFNlmnRc+IakaHrXd2fjbnOdjBzNfBI/nzd7bLOv4VJcqVFYRaYMs7gZ/7G781CpRsHyOHnzCRw7oSUO7gE/4sGvlWHIEGi+SVaoVePvSvoAeDTXD6ue1ByWf2H054ZoERqdgixr2wiMKPiMG6qM/IZWWUtt256X/DpmoF0yWS+n50Z0psW/+OJ+DEsmQ6iLp/wpd/4MthvpusytSRzY8JgC0KYCQtGVMvGy3hRLL4jMwlGZvmZfP8Xv6CRVL+NBSAETpnxjP8JSX4uaxSQu2YNCb9PAhfUv4OH/pXtZiVtSax1Qy3yGv9t039ItpZKdkt5wTbM0p37puPbCZZgRxrJ1W7FBWm1vPgm7rjtVTjmNTA20lLo5KuWcabmiqfUfTJiwA4aAUqodQRCDuQxxdFq+Q0J1WYkkoG9EGVR8tVUHjUyLpVpwaO2uY54UC50lLZk2a4FWI+kD6lI44G9QXVhFkZ/Etf6kgkDFzWWugVE8Z9CdharU/C6j6H1KDA2xzsoKBJjvUVjGDok+R3+LgIXTsw6kkowKA7PTLM4mw4aRmy7PrElX/vKMSb/UOei1f7R+KunbpEh9Mu2PEsY+HrE8bCll4XmrpuDQ6bRENlLcDLIh2Vf7HS4ccrlMupTjdX4uOfpmXpc8xUB0vcKAjI2+7d1P7OPXfeMia4KNg/g+Wk8lpo61mfuXlUcvxW0Ef4x6IJfvQjhfBj7QG8g/LwG478Rmzfkkmx65iMqmd9aiM0xkamQmqsi+lEVoaoRyZ+lvLSU6RUDbXjxx1yMbXvps+byCYdoge+TLKo2h+NNoRybvMi2okkrhVf3v3dhUxgMeVomuvUUQ2iLObjLO6RI3X9wluO1p5+iP3pFM2+i1+9WyA0AXbeDrb1su6puel6d5dlGqU+MPGpUV8FkVBVCLXdQ73GxcNjEG4FnILQgA7eCXnGAD3K99358BD1DF3wqBfZELuYiaG+yoCr36hdZ0sTAO0wtj3yr/32BcjP76tWmOmSLcLLZJ4o//AYNMalAYjPXHTmfkSRTI/RLX2mphu43dDMxlNmqL0DyRpmzq7WlvaF1lu8jGsbGzuHqjCywSgY9lGtQILptsNRh6m5IB1DyhX+5rC8JRBwjF6STnfWjJyJ9Z3v/qQCcUq35MsS5MqbkpQIaM9wEW4bo6pQVJe2L+t570hLeoUOqeifCTB8TsHMlfL2+4GlnHH8ZRrpLhCknwRiOBYSiwu5t1uca21uDjuu2h9msYqfZ/UY7jmwuByRq+wTHr7G9Tz2HwurtKH90Bzv+iV0LZiRn3fEUApbrUkhI8AyTcr4NhJrvuk8G88Jtlj2sjmgETuedaEj7Dlnk0HQJw+pMvTxEGpPU7tVqUlAfxtrVKJ2/SKpDYfq48WGWKabw34/UdxUiySG/vGaHIg9/6xE5KEpZoZB8YkkKhGKGeZdosBxBw156Dw/qL+FA2OundBpz38ckL9ABUiRraVmj12qwZ8Chw5uXDb+BeGXV988WcTzEOEIS+2xWruycwmyWKTWIYqXpH3/3glpBw6QbZnecqLuGmG+3Byt7qnriEi9JPQ9Vda4NH9y1PDt5RMeaghbnS2yHZx41Xkiy9u6C1jA6SPELz1/eZAFpsdcuDVQy3+WVk0AS4wDKNtwv0EPqORe9H6rGTXBXp/SX6XxXpOFSMtCI2OOAbx13T3q2Fm5D4LMaoT/+S5Woi0fSmujMcfCP22x6OAwHplkAyhjL7LhtZ4Irqr7xJ416ybkOqxYJLAM5LypyhHgdypguEYyeEI2adLdztlBZ+JiV/X+YYsVyLcIV0kP6k7p6x4ZYi3OVZIKigi0EyGfoQV5KXYmdrA1kQjTRAwDtQA+OrH3H7HwFYfCrxYlKf+lC3dZ5a+2v/K4g3UBbQkMEKJLONi2iepbFoYciSPX76EFkQv0UPLn2ZNnDCWLnij3hCZnJVUZSShtuL0XnzUXITbpiKU6za1APaf0/BsUK8Hkp6uiQ7MRHMYZl7d+eqUzPH2zpz6eNW+3rmRukFJQT9pH5ePefeKCbDlEZD4k0NLxQHiU3gET2FzxiStBVZKOS4VIIDYbXMhKfOCnYmLwJkDrGdp8n8XWJZkELqRgeryIFhvx0f0zvIuwLlYFPsuB8lvRuu49QXbbJNrIKdqaH+pi7LRPH+qR0vCNyJaQuS14tu1pfnoSgBwAT4CWkz0YcfJqv832EmbG7OITlaX3r/FGbIEfQZcsS7u+0mcIhCK0tR0KvcDzXSA2CRYhVCrCCmalbLZgHdM/Hg9l9Fnryr0RAah5wZ8oPeqBoxpBeYai+FTrdchIIPpbXU+bHJt/e2QigCZgNOXmrmr78g9XSZPlhYicHIgWT7fSqugog36VMkavaQQzbzilg84hiH35T5eeyw/Uz6LyNEk6AmUDV0PHPByKNX3rayMqVls9kfTzU/gQQAb5iqKbFoQR7WWK4SoCRo3gIy1Umx7X2gVseB6P4ICgGC+dFlxMYc0v1El6Bfuy1nDwFkgdr1B2+PFrWQZ3xUMSnB3g+ORfEn0VapCacEnim3RT2ow+mq7H2DCqQAftVBXfpEiciYbJKL0FunpByn+lGpzNgGBBfeAYbRP+TqikMeI6KPbKens+FoK0lnKsoCtiV8GBuVDzYERopw793VGipJ5pStywbKget29inLbK3JcEC98ez0dsekU6n99WrmYlhZbCZmIDASib2fUfJxJNRT8XexxTCGd+cDkcOvgiv4yy2moKEUnwzlXyuwuBy/+uchgU+9xKPq8OsIYQXPJd7psVapyUTijk/i4WnWMoLWesM3FU1tQZnuO5tJ9Jbq96f/5GsEK3E5jGROko7PMk4SPZ/tEGks2PqpOnbkd3YiVpEXtRmm4/h38WYSaBca36siLeLLo4G9mRzczcfAahqgYxyvaVcUTM+INk0y+o+vh1CepSA2t5K2xUHbwpSaUm/zhNJQJs3Nz1BjiWxOiQdVnqlRAaDLekuihnBdn74Ru1C0rRebg+vHJeDayA0lZoVaoPdoBIqG9Xgt54oTU1lhQFpXcXb2oJwuZugvbue3vP9Jd3JtJI3gAvygz7Of+VSgX9xUwBwGgVsMsbT7S6j0xwnq7TlMp8WSNtU/ToZNOsm0mcOTzeipeUsmJQaZX3oE1pel8v7LEmaGYKV2yA4K6Og92C3YduJvW+p5YiQ9AA+MIGFawvVOE6m5XBQiDWla/eFutXF0sgNnhQkhhiQG9hUO+S055wk8SFORt109DXvkeaSdlo2ufk3mcvbobBdr8OVlbT6z1ddxd2mIHAK1olfaU4WLsEGGgsbEHrnLMFfi39tiO+fhVQB2oDlDTQolqS88qFlmceDkAmWpxvALG3GJOvc1Yl6Yc36eZO0i9rfpjaywPsTq2pArlnYYnzWdiMwX9mVxZz4FkEBf6J/yT9k=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>dl7TJsR0gVfPKQ/CVl2eDQpa0Ic=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>T+DZmdJXWeNnnfMXA0bZOKNJ5b8=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_b49d8768-4b11-4032-95f0-d4c85bc3dad0</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body><CustomerLookup xmlns="http://webservices.idibilling.com/Customer/1.0"><Requestor xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><AuthorizationToken>deprecated</AuthorizationToken><RegisterID>0</RegisterID></Requestor><Request xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><CustomerID><AuthenticatedKey>deprecated</AuthenticatedKey><ID>25020</ID></CustomerID><ResponseGroups><ResponseGroup>BalanceSummary</ResponseGroup></ResponseGroups></Request></CustomerLookup></s:Body></s:Envelope>
So far we do not have any knowledge on how to get the following value to construct the Security Header:
Digest Value
Signature Value
Security Token Reference
Any help would be appreciated. Thank you in advance.

Issuer of the Assertion not found or multiple. A valid SubjectConfirmation was not found

I am generating unsigned SAML response with signed assertion for my IDP. When I am validating it using samltool.com, it fails with following errors:
Issuer of the Assertion not found or multiple.
A valid SubjectConfirmation was not found on this Response Found an invalid Signed Element. SAML Response rejected.
But when I generate Signed response with Unsigned assertion it passes without any error. I checked the overall XML is valid. I checked other posts but could find any answer.
Any thoughts around this issue, would help.
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_c2658c71-1361-48c6-b733-c95858146230" Version="2.0" IssueInstant="2019-02-10T04:19:45.482Z" Destination="XXXXXXX" InResponseTo="samlrequest_25369109d2af475ebe51e0e94a95967a">
<saml:Issuer>XXXXXXX</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_3c6a8bfd-292a-473f-91b5-fac5352de06a" Version="2.0" IssueInstant="2019-02-10T04:19:45.482Z">
<saml:Issuer>XXXXXXX</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_c2658c71-1361-48c6-b733-c95858146230">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>AYG+ZKBzsXPfpq94EcgFsvRgFLg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">XXXXX#XXXXXXXX.com</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2019-02-10T04:24:45.482Z" Recipient="XXXXXXX" InResponseTo="samlrequest_25369109d2af475ebe51e0e94a95967a"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2019-02-10T04:19:45.482Z" NotOnOrAfter="2019-02-10T04:24:45.482Z">
<saml:AudienceRestriction>
<saml:Audience>XXXXXXX</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2019-02-10T04:19:45.482Z" SessionNotOnOrAfter="2019-02-10T04:24:45.482Z" SessionIndex="9cb0eb45-3a0c-4fcf-90b7-3fab83a855ac">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="Role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">XXXXXXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Gender" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">XXXXXXXXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">XXXXXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">XXXXXXX</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
The reference of your signature refers to the Response element whose id is _c2658c71-1361-48c6-b733-c95858146230 (search for ds:Reference URI="#_c2658c71-1361-48c6-b733-c95858146230"). You need to generate a signature for the Assertion element whose id is _3c6a8bfd-292a-473f-91b5-fac5352de06a.

Saml2SecurityTokenHandler with EncryptedID support

I'm trying to read a security token form a SAMLP 2.0 reponse with unencrypted assertions, but where the attributes are encrypted using EncryptedID.
I'm using the Saml2SecurityTokenHandler to get a secrity token via the ReadToken method. This will eventually call ReadSubject and that one throws the exception: 'Element' is an invalid XmlNodeType.
According to the source Saml2SecurityTokenHandler.cs EncryptedID is not supported. So I've to write my own implementation. Does anyone has experience with this? Or can point me to good code examples.
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">d1fd410b-d485-4956-a9d3-eef9291045c8</saml:NameID>
<saml2:EncryptedID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData Id="_29dbab2c7ef41026f9ae573703ad233b" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_06c497ce9c9142a1f2d425011ddcda17" />
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>EmXVT1jw+uVQWTaAmYBYONRvoHkUDH+zTAJPg0a/AWT9XNjB+weF+NKDa5l9Tm1dNJd9OE8GyOGCrLLAcxCHvJwg9gk5WMUeBhtWltHJutsd94PioWoLFnaRRZUmF/wAJ4YK1AcOgK2cPZ0PH4lt18qkjcf/otmDUePQOSb8qox4JIINAgzlItJ5j4un16jh2tooIoRpklxglhISycv/RI2lTKmhSL4zpSrlTBwJWyBKPq0SEm29USrbVhrQK/z3RfZIO5DPghveT/fiJiuUrA==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey Id="_06c497ce9c9142a1f2d425011ddcda17" Recipient="urn:etoegang:DV:00000003544415870000:entities:0001" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
</xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>B9DC06853C0435DA253F23816E3665BEAE9C4A8E</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>iVTdD2P4k14PgQ6I3YR3M2rw1DmrsgAa2mKLvOD4Jhhwl8W7UDAIX5vc/tAFwyu1tF72WU4h9Oa8EapqaHazBw8c7VedDBwZTm6cIzTndbVDNXTP6iJTbvB2M4HIjo3y5lE4cbWk5fGaAtJ2jnQXoxTGxrC5B0Tllgf+L4oAFxxwKDueAEc9v736l/CoPteZhPp+Je4SYZlDZqq1isNSk40EQikrD9GubAdDuGUG3X22McuaQWi5FGWZLFoRfTOxZgls1TOsjtFiFToZ77/3+HlZYQ+6/25o1Nqvfci+MVR1feerkra1NzVwoScjJS+1BCYd0OyKBF4PvSx7io3R6Q==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_29dbab2c7ef41026f9ae573703ad233b" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml2:EncryptedID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="_3d9c46ba251c38d74901355011391aa4b7712a1c" NotOnOrAfter="2018-07-27T08:47:20.653Z" Recipient="https://eid.digidentity-preproduction.eu/hm/eh111/eb_hm" />
</saml:SubjectConfirmation>
</saml:Subject>
Thanks

Sign SOAP message in java using wss4j and X509KeyIdentifier method

I need to sign a SOAP message in java using X.509 certificate.
I already implemented it using libraries 'com.sun.org.apache.xml.internal.security' and 'java.security'.
This is how my signed SOAP message looks like:
<soapenv:Envelope xmlns:axw="http://www.axway.com" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>/*encoded value*/</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
/*signature value*/
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
/*certificate*/
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
/*other encoded data*/
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
</soapenv:Header>
<soapenv:Body>
/*SOAP message body*/
</soapenv:Envelope>
But I need my SOAP message to include 'wsse:SecurityTokenReference' and 'wsse:KeyIdentifier' instead of 'ds:X509Data' and 'ds:X509Certificate' tag.
Expected signed SOAP message is:
<soapenv:Envelope xmlns:axw="http://www.axway.com" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:Signature Id="SIG-554C045BCDA442589F146244518693410" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="axw soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-554C045BCDA442589F14624451869339">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="axw" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>/**encoded value/</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>/*signature value*/</ds:SignatureValue>
<ds:KeyInfo Id="KI-554C045BCDA442589F14624451869337">
<wsse:SecurityTokenReference wsu:Id="STR-554C045BCDA442589F14624451869338">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
/*certificate*/</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-554C045BCDA442589F14624451869339" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
/*message body*/
</soapenv:Body>
</soapenv:Envelope>
I googled and found that expected signed SOAP message is signed by using wss4j api.
But I am not able to implement this api successfully and get the desired result.
Could anybody please guide how to use wss4j to sign a SOAP message?

Google Apps - This account cannot be accessed because we could not parse the login request

I want to do SSO through SAMLResponse, which is generated after receiving the authrequest from Google. But with outlook, I have found that error:
Google Apps - This account cannot be accessed because we could not parse the login request.
Email address and cert is hide due to security.
SAML response is given below:
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Destination="https://www.google.com/a/dev.authen2cate.com/acs"
ID="gahbmmoclhngahdkmgijdmfnjoajnonpfhojkdii"
InResponseTo="eopmnjkanijnhaooojjipjcfiapacicmgfnkmhmj"
IssueInstant="2014-01-09T07:43:26Z"
Version="2.0"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://debug-ad.authen2cate.com</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>XmexZKht13MLScVBPcrd+Dp1+jw=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Z5u23PrImHZndHYkMbJtj4+n1F7bW3G3GLwogR6wYDLi2vFwt1EzKWSd5ATJjRlTnQT11W8+Wf8P
mlVthcvuQeZY9/jijoOT88y/Li4+B9hgmpnZI6WmgZWtOdRmAUvTvUGF3fR13iUxuttmWCNG+0Bf
bwxj5pnkQOsXVdnDgY0rkN9qe2XxFx3VFuFcoEE3dQVTxLT4xZBsjX+N/ao9b/+tEwQHvdwHsAr7
hDaQWxkSXT5/T8+0Lljtv1NZ4GZHkI59i3f2j8UQ3LR19LfY0EykEvWCHP3x5EdVSarkzYyQOddB
R3480a6KQjJOOw+Hhsu/tL+bWrw2sJ7HpUXVkw==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIEzzCCA7egAwIBAgI............</X509Certificate>
</X509Data>
<KeyValue>
<RSAKeyValue>
<Modulus>wB4Uiws31Hjx0folWTMCJDrGFniKajRUgTgcVjNo8r/MUoWQEEh7lH7fOBPbdcREUQFllBMNLiFX
uSpKIsQPZVzPOwaWkWkBjTTISmG+nz9FCgOsyZnkWc0HFprC8Eg7x6I2TfPWZ1lKJhIiBWOI35m5
z9Xcr/LhleOPrDq66yTeCHABej4xs5kxFRGdgYtm9fdTQ78psHJseJm7hP6DbVCtVlBkesq7AAd6
r7B9Rj8nEQk4ZVtQWoo/4soF+nFwW6u4UyaLKswystI+B40XTizv4pNYQM6U6XZ+eoYJxTGlW2sU
gkeMWvYgM6BbNu5ex2i2DzTq3/lS8VnTpZEMWQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="gahbmmoclhngahdkmgijdmfnjoajnonpfhojkdii"
IssueInstant="2014-01-09T07:43:26Z"
Version="2.0"
>
<saml:Issuer>http://debug-ad.authen2cate.com</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">email_address</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="eopmnjkanijnhaooojjipjcfiapacicmgfnkmhmj"
NotOnOrAfter="2014-01-10T07:43:26Z"
Recipient="https://www.google.com/a/dev.authen2cate.com/acs"
/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-01-09T07:38:25Z"
NotOnOrAfter="2014-01-10T07:43:26Z"
>
<saml:AudienceRestriction>
<saml:Audience>https://www.google.com/a/dev.authen2cate.com/acs</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2014-01-09T07:43:26Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>