Does WSS4J (1.6.9 ) support SAML 2.0 EncryptedAssertion elements?

My service is receiving an EncryptedAssertion from the STS, and when WSS4J is trying to parse the security token reference, it can't find the Assertion via its ID its encrypted(org.apache.ws.security.str.DerivedKeyTokenSTRParser.parseSecurityTokenReference)

It falls back to the CallbackHandler looking for the secret key(which I clearly won't have).

I was able to manually decrypt the EncryptedAssertion via the opensaml library( following the decryption example here: OSTwoUserManJavaXMLEncryption - OpenSAML 2.x - Confluence ), but I was hoping that WSS4J should be handling this automatically for me and I've just incorrectly set something up.

Thanks for any insight.

OSTwoUserManJavaXMLEncryption - OpenSAML 2.x - Confluence
XML Encryption Encrypting a SAMLObject SAML 2 objects may be encrypted per the SAML 2 profile of the XML Encryption specification. Encryption consists of the following steps:
Preview by Yahoo