Tivoli Federated Identity Manager integration (deprecated)

The DataPower® Gateway integrates with IBM® Tivoli® Federated Identity Manager through the exchange of WS-Trust SOAP messages. Integration with Federated Identity Manager is deprecated.

The configuration of the Federated Identity Manager endpoint centralizes endpoint configuration and prevents parameter duplication between the map credential and the postprocessing phases in an AAA policy. During the map credential phase, an authenticated identity can be mapped to the identity for authorization. During the postprocessing phase, an authorized identity can be mapped to the output AAA identity.

When you integrate with Federated Identity Manager, the provided input credentials must be able to be expressed in the request token format for the endpoint. For example, a WS-Security UsernameToken request token cannot be created when the available user credential is an X.509 certificate.