As of this writing https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUsrManJavaInstall has this to say about JAXP:

"OpenSAML relies heavily on JAXP 1.3 for low-level XML parsing and creation. Some JREs, most notably Sun's, ship with horribly broken JAXP implementations. As such you may (in the Sun JRE case, you must) endorse a different JAXP provider. At the time of this writing, the only known JAXP provider to work is the Apache Xerces & Xalan projects."

In June 2013, it sounds like some re-investigation of the current state of JAXP is warranted:

">I have gathered so far is that direct use of xerces classes in opensaml
>(and possibly IdP) is not a good fit with Glassfish which expects that
>JAXP implementation provided by the JDK to be used. The kludge /
>workaround I list above seems to work though I need
> to test this further. The open question is whether Shib projects can and
>should consider removing the explicit dependency on xerces and instead
>rely on standard JAXP API.

The implementation of JAXP has historically been a broken mess. In the
last few years that may be cleaned up, but we aren't going to spend time
testing that assumption until 3.0." – http://shibboleth.net/pipermail/users/2013-June/010300.html

I was told it's fine to go ahead and create this ticket at http://shibboleth.net/pipermail/users/2013-November/012898.html