SOAP web services access control

Hello everyone,
I am currently trying to communicate two java applications belonging to two security domains with SOAP web services. Both of these applications are used by users in different roles. Soap messages are sent on behalf of users for invoking services. Users must be authenticated and authorized during these calls. The identity of the users is transmitted using the SAML (holder-of-key) tokens obtained from an STS indicated by the service.

I first tried Metro Glassfish (JAX-WS-RI), but his documentation on SAML token interception is not enough. I am then moving to Apache CXF. The implementation of cxf interceptors requires a lot of configurations that make me trailed for weeks.

Do you have any ideas or proposals for tools for implementing SOAP web services access control?