...

Auth framework SAML is a little bit of a different flavor than Single Signon Sign On (SSO) SAML - so there isn't a username/password in the exchange SAML.  Unless you are only exchanging with a set of predetermined partners, there is no way to know which users will be attempting to query your exchange.

...

The payload did not convert correct. It should be in base64 encode format from file:///<file path location> . For example:
your encode value should be simliar like this ZmlsZTovLy9jOi9sYXJnZXBheWxvYWQvb3V0Ym91bmQvdGVzdC50eHQ=

Better response codes for invalid requests

The wrong format in subject:role element, that causes the exception to happen. However, when CONNECT catches any exception, it will throw SOAP fault in response message along with 500 error code in header. The SOAP specification under section 6.2 SOAP HTTP Response (https://www.w3.org/TR/2000/NOTE-SOAP-20000508/#_Toc478383510) indicates that requirement.

Validation Suite issues

How to run SoapUI at a remote location?

...