You can configure a Liberty server to claim support for identity assertion for inbound
CSIv2 requests.
About this task
The inbound CSIv2 attribute layer for a Liberty server has identity assertion that is
disabled by default. The server supports Anonymous, Principal Name, X509 Certificate Chain, and
Distinguished Name identity assertions from an upstream server that is acting as a client after the
identity assertion is enabled through the
identityAssertionEnabled attribute. You
can use the
identityAssertionTypes attribute to specify the identity token types
that the server supports. The
trustedIdentities attribute can be used to specify
the identity of the trusted upstream servers that are able to assert an identity to this server.
CAUTION:
Ensure that only trusted entities communicate with the server if presumed trust
is set.