Unfortunately, the WS-Security documentation hasn't helped with the particular problem. It was very helpful in getting the WS-Security set up initially, and working from there I created the following jboss-wsse-client.xml file: | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation="http://www.jboss.com/ws-security/config | http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> | <key-store-file>META-INF/keystores/zcg.keystore</key-store-file> | <key-store-password>zcgstore</key-store-password> | <trust-store-file>META-INF/keystores/zcg.truststore</trust-store-file> | <trust-store-password>zcgstore</trust-store-password> | <config> | <username/> | <sign type="x509v3" alias="bandwidth.com"> | <targets> | <target type="qname">{http://schemas.xmlsoap.org/soap/envelope/}Enve... | </targets> | </sign> | </config> | </jboss-ws-security> Which signs the full SOAP envelope: | <env:Envelope wsu:Id='element-2-1226509117041-2045010446' xmlns:env='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws... | ... | <ds:Reference URI='#element-2-1226509117041-2045010446' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> | But it still lists the Transform Algorithm as XML Exclusive Canonicalization: | <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/> | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188863#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...