Why and when to perform this task
Use this task to configure identity assertion authentication. The purpose of identity assertion is to assert the authenticated identity of the originating client from a Web service to a downstream Web service. Do not attempt to configure identity assertion from a pure client.
For the downstream Web service to accept the identity of the originating client (user name only), you must supply a special trusted BasicAuth credential that the downstream Web service trusts and can authenticate successfully. You must specify the user ID of the special BasicAuth credential in a trusted ID evaluator on the downstream Web service configuration. For more information on trusted ID evaluators, see Trusted ID evaluators. The server side passes the special BasicAuth credential into the trusted ID evaluator, which returns a true or false response that this ID is trusted. Once it is trusted, the user name of the client is mapped to the credential, which is used for authorization.
Complete the following steps to validate the identity assertion authentication information:
Steps for this task
For any of the default authentication methods (BasicAuth, IDAssertion, and Signature), use the callback handler factory default implementation. Enter the following class name for any of the default Authentication methods including IDAssertion:
com.ibm.wsspi.wssecurity.auth.callback.WSCallbackHandlerFactoryImpl
This implementation creates the correct callback handler for the default implementations.
For example: trustedId_0 = user1, trustedId_1 = user2. The previous example means that both user1 and user2 are trusted. user1 and user2 must be listed in the configured user registry
.What to do next
You must specify how the server handles the identity assertion authentication method. See Configuring the server to handle identity assertion authentication if you have not previously specified this information.