Fixed - I needed this line in the client deployment
descriptor "doAllSender" section:
<
parameter name="signatureKeyIdentifier" value="DirectReference" />I guess that in order to do encryption I still need the server certicicate loaded into the client keystore, thus needing a line like the following in the client deploy.wsdd "doAllSender" section:
<
parameter name="encryptionUser" value="my_server_alias" />Cheers,
Mark B
