Solved! I was missing the "sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once"; in the <sp:InitiatorToken> and <sp:RecipientToken> elements.
Cheers, Gabriel -- View this message in context: http://cxf.547215.n5.nabble.com/KeyIdentifier-used-instead-of-wsse-Reference-tp5723795p5723810.html Sent from the cxf-user mailing list archive at Nabble.com.
