Why and when to perform this task
Use this task to configure identity assertion authentication. The purpose of identity assertion is to assert the authenticated identity of the originating client from a Web service to a downstream Web service. Do not attempt to configure identity assertion from a pure client.
For the downstream Web service to accept the identity of the originating client (user name only), you must supply a special trusted BasicAuth credential that the downstream Web service trusts and can authenticate successfully. You must specify the user ID of the special BasicAuth credential in a trusted ID evaluator on the downstream Web service configuration. For more information on trusted ID evaluators, see Trusted ID evaluator. The server side passes the special BasicAuth credential into the trusted ID evaluator, which returns true or false that this ID is trusted. Once it is trusted, the user name of the client is mapped to the credential, which is used for authorization.
Complete the following steps to configure the server to handle identity assertion authentication information:
Steps for this task
You can select multiple login configurations, which means that different types of security information can be received at the server. The order in which the login configurations are added determines the processing order when a request is received. Problems can occur if you have multiple login configurations added that have common security tokens. For example, ID assertion contains a BasicAuth token, which is the trusted token. For ID assertion to work properly, you must list ID assertion ahead of BasicAuth in the list or BasicAuth processing overrides ID assertion processing.
What to do next
For more information on getting started with the Web Services Editor within an assembly tool, see Configuring the server security bindings using an assembly tool.After you specify how the server handles identity assertion authentication information, you must specify how the server validates the authentication information. See Configuring the server to validate identity assertion authentication information for more information.
Related concepts
Trusted ID evaluator
Related tasks
Configuring the server to validate identity assertion authentication
information
Configuring the server security bindings using an assembly tool
Securing Web services for version 5.x applications using identity assertion
authentication