Username token capabilities for authentication and authorization

For web services, you can complete authentication and authorization by using a Web Services Security username token.

For authentication, the Web Services Security username token must include both the username and the optional password.

The Web Services Security username token Authentication and Authorization is supported only in the following configuration:

Capability

  • Authenticate
  • Authorize
Policy Enforcement Point (PEP) and direction
  • In (provider)

    Configured with a security policy and binding that defines that a Web Services Security username token is present for authentication; see Authentication. You can use the default policy and binding WSS10Default; see Default policy set and bindings.

    Configured with a security profile defining the Policy Decision Point (PDP); see the PDP section that follows.

Trust Store or PDP
  • LDAP

    Configured by using an LDAP security profile specifying authentication, authorization, or both; see Creating a security profile for LDAP. For authentication, both a username and password are required.

  • WS-Trust v1.3 STS

    Configured by using a WS-Trust v1.3 STS security profile specifying authentication, authorization or both; see Creating a security profile for WS-Trust V1.3 (TFIM V6.2). For authentication, both a username and password are required.

  • TFIM V6.1

    Configured by using a TFIM security profile specifying authentication, authorization or both; see Creating a security profile for TFIM V6.1. For authentication, both a username and password are required.