Why and when to perform this task
Use this task to configure identity assertion authentication. The purpose of identity assertion is to assert the authenticated identity of the originating client from a Web service to a downstream Web service. Do not attempt to configure identity assertion from a pure client.
For the downstream Web service to accept the identity of the originating client (user name only), you must supply a special trusted BasicAuth credential that the downstream Web service trusts and can authenticate successfully. You must specify the user ID of the special BasicAuth credential in a trusted ID evaluator on the downstream Web service configuration. For more information on trusted ID evaluators, see Trusted ID evaluator. The server side passes the special BasicAuth credential into the trusted ID evaluator, which returns a true or false response that this ID is trusted. Once it is trusted, the user name of the client is mapped to the credential, which is used for authorization.
Complete the following steps to validate the identity assertion authentication information:
Steps for this task
com.ibm.wsspi.wssecurity.auth.callback.WSCallbackHandlerFactoryImpl
This implementation creates the correct callback handler for the default implementations.
For example: trustedId_0 = user1, trustedId_1 = user2. The previous example means that both user1 and user2 are trusted. user1 and user2 must be listed in the configured user registry
.What to do next
You must specify how the server handles the identity assertion authentication method. See Configuring the server to handle identity assertion authentication if you have not previously specified this information.Related concepts
Trusted ID evaluator
Related tasks
Configuring the server to handle identity assertion authentication
Configuring the server security bindings using an assembly tool
Securing Web services for version 5.x applications using identity assertion
authentication