WSS4J has some references to TLS in the comments, as security requirements may vary depending on whether a message was received over TLS or not. For example, if a SAML Assertion has a Holder-of-Key requirement, the message must be signed by a Signature using the Assertion's Subject certificate OR client authentication TLS must be used, where the client cert matches that of the SAML Assertion.
However, WSS4J delegates all requirements surrounding how messages are created and received, to the SOAP stack that is is use (CXF/Axis/etc). So if you want information on TLS support, please ask these projects instead.
On Wed, Aug 24, 2016 at 1:39 PM, Martin Gainty <[hidden email]> wrote: