Just few more details for your investigation
1> It’s pretty important to use the current IS core fix and the current WSS fix, because together they fix several SOAP and web service security issues.
2> Are their any policy files involved in your scenarios like “X509Authentication_Signature” policy, Username_Over_Transport policy.
3> Kindly involve SAG global support, may be its time for them to suggest you an idea :idea:
#webMethods#API-Management#soa