Hi enpasos, thanks for your reply. I did a further test. Taking the request from the SAP system, see a) of my first post, I manually added ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x5... to the <wsse:Reference> element of | ... | <ds:KeyInfo> | <wsse:SecurityTokenReference> | <wsse:Reference URI="#sap-17"/> | </wsse:SecurityTokenReference> | </ds:KeyInfo> | ... | | -----> | | ... | <ds:KeyInfo> | <wsse:SecurityTokenReference> | <wsse:Reference URI="#sap-17" ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x5... | </wsse:SecurityTokenReference> | </ds:KeyInfo> | ... | Using my sniffer tool, I resubmitted this modified request to JBoss and the WSSecurityException("Inavliad message, Reference element is missing a ValueType") of org.jboss.ws.extensions.security.element.DirectReference was gone. But unfortunately, I faced the next exeption: WSSecurityException("Invalid message, BinarySecurityToken is missing an id") of org.jboss.ws.extensions.security.element.X509Token So I modified and resent the same request again by adding xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws... wsu:Id='sap-18' to the line | ... | <wsse:BinarySecurityToken | ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x... | EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws... | ... | | -----> | | ... | <wsse:BinarySecurityToken | xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws... | wsu:Id='sap-18' | ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x... | EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws... | ... | Again, after resubmitting the modified request to JBoss, the exception did not occur any more. However, using this resubmitting method resulted in an expired message error/exception. I am running out of ideas. The only two things that remain is trying out the latest releases of JBoss and JBossWS native 3.0.3 or rebuilding JBossWS 3.0.x from the source after commenting out the "Reference element is missing a ValueType" check of org.jboss.ws.extensions.security.element.DirectReference and the "Invalid message, BinarySecurityToken is missing an id" check of org.jboss.ws.extensions.security.element.X509Token to see what is happening then. Unfortunately, I have no time to do that at the moment :-( View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4174088#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...