You can configure a Liberty server to perform identity assertions for outbound CSIv2
requests.
About this task
Identity assertion is disabled by default in the outbound CSIv2 attribute layer for a
Liberty server. The server that is acting as a client supports sending the Principal Name and
Anonymous identity assertions to a downstream server after the identity assertion is enabled through
the
identityAssertionEnabled attribute. You can use the
identityAssertionTypes attribute to specify more or different identity token types
that the server supports for outbound requests. The
trustedIdentity and
trustedPassword attributes can be used to specify the identity of the client to be
verified for trust by the downstream server when the authentication layer mechanism is GSSUP. The
trustedIdentity attribute can be set without a
trustedPassword if
the authentication mechanism in the authentication layer is LTPA. You must also configure the
upstream server along with enabling the identity assertion so that the client can assert an
identity.