WS-Security header with Username Token not accepted at backend