Some users have been hitting this bug with JDK 6. It has already been fixed in the
Apache XMLSec implementation (see https://issues.apache.org/bugzilla/show_bug.cgi?id=39273)
but needs to be patched in JDK 6.