I have a service that requires X509 endorsing supporting token, but also SAML supporting token although that mustn't be processed. Apparently wss4j processes it anway, but can't because it is missing the OpenSAML module. The result is the same if the SAML supporting token is or not in the WS-SecurityPolicy.
It seems that the saml module should be part of the JBossWS. This isn't a request to implement the SAML Token Profile of ticket JBWS-491, just to add SAML module to activate the SAML support of wss4j.
In JBoss 6,1 this basic SAML support of wss4j was working pritty wel.