Username token capabilities for identity mapping

For web services, you can map an identity by using a username token.

Identity mapping from a username identity token to a mapped username identity token is supported only in the following configurations:

Capability

Policy Enforcement Point (PEP) and direction

In (provider)
- SOAPInput node
Configured with a security policy and binding that defines that a username taken is present. You can use the default policy and binding WSS10Default; see Default policy set and bindings.

Configured with a security profile defining the external Policy Decision Point (PDP); see the PDP section that follows.

Trust store or PDP

WS-Trust v1.3 STS
Configured by using a WS-Trust v1.3 STS security profile that specifies identity mapping; see Creating a security profile for WS-Trust V1.3 (TFIM V6.2).
TFIM V6.1
Configured by using a TFIM security profile that specifies identity mapping; see Creating a security profile for TFIM V6.1.