Thanks Axel, that sure would have solved my problem the hard way :-)
In the meantime I also found another solution I'd like to share with SCN:
Our WS provider didn't provide the policy in the WSDL as well, so I just added it manually into the WSDL file and did the logical port generation with it.
In the WSDL, you need to:
1. Add the Policy definition (ask your provider for the configuration details, or try to use an example from https://www.oasis-open.org/, or just google "WS-SecurityPolicy Examples")
2. Add the required namespaces to the WSDL definition (xmlns:wsp, xmlns:wsu, ...)
3. Add/change the Policy-reference in the (in my case) binding-node
Then, do the logical port generation with the (fixed) WSDL file - that's how it worked for me.