WS-Security UsernameToken headers do not propagate to SOAP reference binding in SwitchYard

Issue

• We have a SwitchYard web service with SOAP binding. This service will call another service defined as reference service in this SwitchYard project, but its implementation is deployed as a separate SwitchYard project.
• Both services require WS-Security UsernameToken headers. The first service get the Security information from the user request. Now I have to propagate that WS-Security headers to the remote reference service.
• For that I wrote a custom MessageComposer at the reference binding that adds the required WS-Security headers in the SOAPMessage to be sent to the reference service. I have printed the SOAPMessage and it is showing the correct headers and complete message. I even sent that message directly to the referece service using SoapUI and it worked without any issue.
• But for some reason SwitchYard is not even calling the reference service and failing on this exception:

04:45:52,430 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-/0.0.0.0:8080-2) Interceptor for {http://www.example.com/soap/SampleService.wsdl/v1}SampleService#{http://cxf.apache.org/jaxws/dispatch}Invoke has thrown exception, unwinding now: org.apache.cxf.ws.policy.PolicyException: No username available

• WSDL for the reference binding has a wsp:PolicyReference entry to declare the WS-Security Policy. When I removed the wsp:PolicyReference entry from the WSDL without changing anything on the other endpoint, it worked and I could send the message on the other end.