See information about the latest product version
X.509 certificate token capabilities for identity mapping
For Web services, you can map an identity by using an X.509 certificate token.
The broker supports Identity mapping from an X.509 certificate token in an incoming SOAP message header to username tokens in the following configurations:
Capability
- Identity mapping
- In (provider)
Configured with a policy set and binding defining the certificate Authentication.
Configured with a security profile defining an external Policy Decision Point (PDP); see the PDP section that follows.
- TFIM V6.1
Configured by using a TFIM security profile specifying identity mapping; for details, see Creating a security profile for TFIM V6.1.
- WS-Trust v1.3 STS (TFIM V6.2)
Configured by using a WS-Trust v1.3 STS security profile specifying identity mapping; for details, see Creating a security profile for WS-Trust V1.3 (TFIM V6.2).
Username tokens only can be propagated.