When a client is deployed using an issolated classloader the security configuration of the client is not loaded as the wrong classloader is used to load the resource.

This results in a warning being logged and the client sending messages that are not signed / encrypted.