...
This is a known issue with Spring / CXF. Remove the EAR deployment, restart the server, and redeploy.
How do I set up Authentication in CONNECT?
Auth framework SAML is a little bit of a different flavor than SSO SAML - so there isn't a username/password in the exchange SAML. Unless you are only exchanging with a set of predetermined partners, there is no way to know which users will be attempting to query your exchange.
Suggestion: Develop a set of policies to accept or deny messages based on the information that is in the exchange saml SAML (Subject ID, Subject Organization, Subject Role, Purpose Of Use, Home Community ID, Organization ID, Resource ID (Optional), National Provider Identifier (Optional)), and then implement a custom CONNECT policy engine adapter to enforce these policies. If a message is OK per your policies then you could have some assurances and maybe feel safer about using a single user/pass to communicate with your service.
...