X.509 certificate token capabilities for authentication
For web services, you can complete authentication by using an X.509 certificate token.
The X.509 certificate token Authentication of an incoming SOAP message is supported in the following configurations:
Capability
- Authenticate
- In (provider)
Configured with a policy set and binding defining the certificate Authentication.
Optionally configured with a security profile defining an external Policy Decision Point (PDP); see the PDP section that follows.
- Integration node Trust store; for details, see Viewing and setting keystore and truststore runtime properties at integration node level.
- WS-Trust v1.3 STS
Configured by using a WS-Trust v1.3 STS security profile specifying authentication; see Creating a security profile for WS-Trust V1.3 (TFIM V6.2).
- TFIM V6.1
Configured by using a TFIM security profile specifying authentication; for details, see Creating a security profile for TFIM V6.1.
Certificate authentication with an external LDAP PDP is not supported.