Wss4j SAML validation using Sender Vouches subject confirmation and Mutual Auth TLS

[jaminh]

While I can't find a place in the SAML token profile that explicitly states the use of mutually authenticated TLS fulfills the requirement that both the SAML assertion and message body are signed when using Sender-vouches subject confirmaton, it seems reasonable to assume that is the case, and based on the following code it would appear the authors of Wss4j agree https://github.com/apache/ws-wss4j/blob/7923539117127296a65392f4c83ebd885386b7e4/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java#L221. In order to allow this in Spring WS it appears the initialize request data method of the Wss4jInterceptor would need to be updated to set the TtsCerts field of the request data.