X.509 certificate token capabilities for signing
For web services, you can use an X.509 certificate token for signing.
X.509 certificate token signing for outgoing SOAP message Integrity is supported in the following configurations:
Capability
- Sign (by using an integration node private key)
Policy Enforcement Point (PEP) and direction
- Out (consumer)
- Out (provider)
Configured with a policy set and binding defining the message Integrity.
Trust Store or Policy Decision Point (PDP)
- Integration node Truststore; for details, see Viewing and setting keystore and truststore runtime properties at integration node level.
Signing is not supported with an external PDP such as TFIM or LDAP.