diff --git a/parent/pom.xml b/parent/pom.xml
index dfe728b01a0..02f79503e1f 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -234,7 +234,7 @@
         <cxf.woodstox.core.version>7.1.0</cxf.woodstox.core.version>
         <cxf.woodstox.stax2-api.version>4.2.1</cxf.woodstox.stax2-api.version>
         <cxf.wsdl4j.version>1.6.3</cxf.wsdl4j.version>
-        <cxf.jakarta.wss4j.version>3.0.4</cxf.jakarta.wss4j.version>
+        <cxf.jakarta.wss4j.version>4.0.0-SNAPSHOT</cxf.jakarta.wss4j.version>
         <cxf.xmlschema.version>2.3.1</cxf.xmlschema.version>
         <cxf.xnio.version>3.8.16.Final</cxf.xnio.version>
         <cxf.zest.version>2.1</cxf.zest.version>
diff --git a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
index 9da501b2d07..27ccf9ebfb7 100644
--- a/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java
@@ -98,7 +98,7 @@ private void validateAudience(Message message, Conditions cs) {
         for (AudienceRestriction ar : restrictions) {
             List<Audience> audiences = ar.getAudiences();
             for (Audience a : audiences) {
-                if (absoluteAddress.equals(a.getAudienceURI())) {
+                if (absoluteAddress.equals(a.getURI())) {
                     return;
                 }
             }
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
index dbc9b32d04a..85c0e0ede96 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
@@ -295,7 +295,7 @@ private boolean matchSaml2AudienceRestriction(
                 if (audienceRestriction.getAudiences() != null) {
                     boolean matchFound = false;
                     for (org.opensaml.saml.saml2.core.Audience audience : audienceRestriction.getAudiences()) {
-                        if (appliesTo.equals(audience.getAudienceURI())) {
+                        if (appliesTo.equals(audience.getURI())) {
                             matchFound = true;
                             oneMatchFound = true;
                             break;
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
index 415aedb3bec..9e9bbad53d5 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlpRequestComponentBuilder.java
@@ -192,7 +192,7 @@ public static AuthnContextClassRef createAuthnCtxClassRef(
                 builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
         }
         AuthnContextClassRef authnCtxClassRef = requestedAuthnCtxClassRefBuilder.buildObject();
-        authnCtxClassRef.setAuthnContextClassRef(authnCtxClassRefValue);
+        authnCtxClassRef.setURI(authnCtxClassRefValue);
 
         return authnCtxClassRef;
     }
diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
index 52e90f32dd0..1b4bb80b52b 100644
--- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
+++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java
@@ -286,7 +286,9 @@ public void testResponseModifiedSignedAssertion() throws Exception {
             DOMUtils.findAllElementsByTagNameNS(policyElement, SAMLConstants.SAML20_NS, "Assertion");
         assertNotNull(assertions);
         assertTrue(assertions.size() == 1);
-        assertions.get(0).setAttributeNS(null, "newattr", "http://apache.org");
+        Thread.sleep(1000L);
+        Instant issueInstant = Instant.now();
+        assertions.get(0).setAttributeNS(null, "IssueInstant", issueInstant.toString());
 
         Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement);
 
@@ -395,7 +397,9 @@ public void testModifiedSignedResponse() throws Exception {
         doc.appendChild(policyElement);
         assertNotNull(policyElement);
 
-        policyElement.setAttributeNS(null, "newattr", "http://apache.org");
+        Thread.sleep(1000L);
+        Instant issueInstant = Instant.now();
+        policyElement.setAttributeNS(null, "IssueInstant", issueInstant.toString());
 
         Response marshalledResponse = (Response)OpenSAMLUtil.fromDom(policyElement);
 
diff --git a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/DefaultXACMLRequestBuilder.java b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/DefaultXACMLRequestBuilder.java
index bf03f55c794..75a345ec104 100644
--- a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/DefaultXACMLRequestBuilder.java
+++ b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/xacml2/DefaultXACMLRequestBuilder.java
@@ -27,7 +27,7 @@
 
 import javax.xml.namespace.QName;
 
-import net.shibboleth.utilities.java.support.xml.DOMTypeSupport;
+import net.shibboleth.shared.xml.DOMTypeSupport;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rt.security.saml.xacml.CXFMessageParser;
 import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java
index de3f660ad1a..3c100181000 100644
--- a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java
+++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/xacml2/RequestComponentBuilderTest.java
@@ -31,7 +31,7 @@
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import net.shibboleth.utilities.java.support.xml.DOMTypeSupport;
+import net.shibboleth.shared.xml.DOMTypeSupport;
 import org.apache.cxf.rt.security.saml.xacml.XACMLConstants;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.opensaml.xacml.ctx.ActionType;
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
index 796b3013b0d..d377361389f 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
@@ -124,14 +124,14 @@ protected List<String> getAudienceRestrictions(SamlAssertionWrapper assertion) {
             for (AudienceRestrictionCondition restriction
                 : assertion.getSaml1().getConditions().getAudienceRestrictionConditions()) {
                 for (org.opensaml.saml.saml1.core.Audience audience : restriction.getAudiences()) {
-                    addresses.add(audience.getUri());
+                    addresses.add(audience.getURI());
                 }
             }
         } else if (assertion.getSaml2() != null) {
             for (org.opensaml.saml.saml2.core.AudienceRestriction restriction
                 : assertion.getSaml2().getConditions().getAudienceRestrictions()) {
                 for (org.opensaml.saml.saml2.core.Audience audience : restriction.getAudiences()) {
-                    addresses.add(audience.getAudienceURI());
+                    addresses.add(audience.getURI());
                 }
             }
         }
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
index 7a7d740f1c1..d7d0d3cdfa5 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
@@ -390,7 +390,7 @@ private boolean matchSaml1AudienceRestriction(
             for (AudienceRestrictionCondition restrCondition : restrConditions) {
                 if (restrCondition.getAudiences() != null) {
                     for (Audience audience : restrCondition.getAudiences()) {
-                        if (appliesTo.equals(audience.getUri())) {
+                        if (appliesTo.equals(audience.getURI())) {
                             return true;
                         }
                     }
@@ -409,7 +409,7 @@ private boolean matchSaml2AudienceRestriction(
             for (AudienceRestriction audienceRestriction : audienceRestrictions) {
                 if (audienceRestriction.getAudiences() != null) {
                     for (org.opensaml.saml.saml2.core.Audience audience : audienceRestriction.getAudiences()) {
-                        if (appliesTo.equals(audience.getAudienceURI())) {
+                        if (appliesTo.equals(audience.getURI())) {
                             return true;
                         }
                     }