//
// Create a Derived Key object for signature
//
WSSecDKSign sigBuilder = createDKSign(doc, secRefSaml);
Document securedDocument = sigBuilder.build(doc, secHeader);
//todo remove the following lines when the header ordering no longer does matter...
/*Node firstChild = secHeader.getSecurityHeader().getFirstChild();
secHeader.getSecurityHeader().insertBefore(secRefElement, firstChild);
secHeader.getSecurityHeader().insertBefore(samlTokenElement, secRefElement);*/