Superpat posted here that there is now a new opensso extension that enables opensso to be an information card relying party.
Patrick Petit (pictured) who wrote this extension uses the xmldap library to process the xmltoken. Great. Note to self: be carefull when changing the xmldap codebase. Don't break this opensso extension.
Another (simpler) SUN access manager login module is described here. I am glad that Patrick improved my demo-grade login module to opensso quality. Thank you.