About this task
Identity assertion is disabled by default in the outbound CSIv2 attribute layer for a
Liberty server. The server that is acting as a
client supports sending the Principal Name and Anonymous identity assertions to a downstream server
after the identity assertion is enabled through the
identityAssertionEnabled
attribute. You can use the
identityAssertionTypes attribute to specify more or
different identity token types that the server supports for outbound requests. The
trustedIdentity and
trustedPassword attributes can be used to
specify the identity of the client to be verified for trust by the downstream server when the
authentication layer mechanism is GSSUP. The
trustedIdentity attribute can be set
without a
trustedPassword if the authentication mechanism in the authentication
layer is LTPA. You must also configure the upstream server along with enabling the identity
assertion so that the client can assert an identity.