I found the answer by myself. A custom inteceptor just needs to override the property:
message.put("security.encryption.username", userAlias);
Then the wss4j interceptor uses the right certificate out of the keystore.
--
View this message in context:
http://cxf.547215.n5.nabble.com/Dynamic-encryption-user-name-tp5761404p5761405.html
Sent from the cxf-user mailing list archive at Nabble.com.
