Yes we do not support EncryptedParts under SupportingTokens assertion. It is release noted. Especially because when the supporting token is an X509 Token it is supposed to belong to the client (and not the service) and hence cannot be used to encrypt information.
For the other part where you mention that the server certificate is put inside the WSDL and you want the client to use that for Encryption we are in the process of implementing support for that and that would be part of Metro 2.0.
In the mean time you could just use
SymmetricBinding with ProtectionToken as X509 and enable WSS11 and you will actually be able to achieve E2E Encryption. The SAML Token can then be a SignedSupportingToken if that works for you.
See :
http://www.netbeans.org/kb/60/websvc/wsit.html
Look for the profile Username Authentication with SymmetricKeys and the WSDL for that scenario would be very similar (with the UsernameToken replaced by a SAML Token)
Thanks.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=330819