Thanks, That's unfortunate because Oracle's *oracle/wss11_username_token_with_message_protection_service_policy* and *oracle/wss11_message_protection_service_policy* don't behave themselves and come up with an error: BSP:R5215: Any SECURITY_TOKEN_REFERENCE to a PKIPATH_TOKEN MUST contain a wsse11:TokenType attribute with a value of "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1";
(the response contains <wsse:SecurityTokenReference TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";> ) -- View this message in context: http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749957.html Sent from the cxf-user mailing list archive at Nabble.com.
