Hello Tim,
Which Web Services stack are you using?
Depending of the stack the configuration of WS-Security can vary, the integration of SAML too.
I am working for Oracle so I will talk about our stack but you can, as you have seen with the previous post, do the same with Netbeans.
So within OracleAS Web Service stack we have build it WS-Security, with SAML, in a declarative way; this is build in the stack. And you can do that from the administrative console, or the development tools (Oracle JDeveloper)
But one of the challenges is when you have define your security, how can you ensure that the same policy, in your case with SAML, is applied to all the services you need to (even if they are from different stacks) and how you can integrate that to your global identity management solutions are also some question
you should ask and put in your project analysis when you talk about Web Services Security. The solution that we have within Oracle is part of our Fusion Middleware:
Oracle Web Services Manager (OWSM) Regards
Tugdual Grall