Node assertionNode = samlAssertion.toDOM(doc);
secHeader.insertSecurityHeader(doc);
secHeader.getSecurityHeader().appendChild(assertionNode);
// Encrypt the SOAP body
WSSecEncrypt builder = new WSSecEncrypt();
builder.setUserInfo("wss40");
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
builder.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
builder.setCustomEKTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
builder.setCustomEKTokenId(samlAssertion.getId());
builder.prepare(doc, userCrypto);
List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
WSEncryptionPart encP =
new WSEncryptionPart(
"add", "http://ws.apache.org/counter/counter_port_type", "Element"
);
parts.add(encP);
Element refElement = builder.encryptForRef(null, parts);
builder.addInternalRefElement(refElement);
builder.appendToHeader(secHeader);
String outputString =
XMLUtils.PrettyDocumentToString(doc);
if (LOG.isDebugEnabled()) {
LOG.debug("Encrypted SAML 1.1 message Key Identifier (holder-of-key):");