ws security - SOAP : Use both kind of token : UsernameToken and EncryptedToken -

we wondering if compliant soap 1.1 use 2 different token in same soap header. in our case using usernametoken authentification , want use x509 encryptedtoken.

the fact not unable identify source of message our x509 token (the distinguish name not usable in our case) want use both token :

-the x509 encrypted token authentification

-the usernametoken carying name of sender application ( used routing)

the message processed ibm datapower gateway

soap extensible protocol hence doesn't restrict doing so.

the tricky part how achieve wanted achieve using datapower.

to need to:

• run custom xslt extract both tokens message , process way want.
• use aaa policy , in extract identity phase should choose 'custom template' , provide xslt extraction of both tokens. in authenticate step can again use custom xslt authenticate identity in way want.