Thanks Colm for your reply. I included what you had suggested. Now the policy looks like
I do not see any change in the response which we get back from the server. However on the server I have enabled detailed logging and I see the following Do I need to add something more as part of the request, E.g. InitiatorEncryptionToken. Does cxf extract the client certificate info from the server trust store or from the request? Can I enable any additional logging to find out why this fails? Since the policy reference is at binding level, the assumption is that it applies to request and response? Is this assumption correct or do we need to mention something specific for the response? How can we force cxf to encrypt/sign the 'Body' part of the response. Thanks again for your prompt reply. Rajesh -- View this message in context: http://cxf.547215.n5.nabble.com/Response-not-getting-encrypted-tp5753247p5753328.html Sent from the cxf-user mailing list archive at Nabble.com.
