can you verify the following?
from the service side, confirm that there is a certificate that can be used by the service and that the trust store contains the issuing certificate authority for the certificate used by the client
from the client side, confifrm that there is a certificate that can be used by the client and that the trust store contains the issuing certificate authority for the certificate used by the service
from login-config.xml of jboss, what does UserCertPolicy look like? the @SecurityDomain ties the security context back to the login-config.xml, useful for http authentication but I'm not sure what effect it would have for you, because you are trying to do message level authentication, not transport. I'd suggest commenting that out and trying again
And what does this class look like? what does it do?
br.com.myapp.jaas.spi.SubjectMapper