SAML token capabilities for identity mapping
This topic describes the integration node web services capability for identity mapping using a SAML token.
Identity mapping from a SAML identity token to a mapped SAML identity token is supported only in the following configurations:
Capability
- Identity mapping
Policy Enforcement Point (PEP) and direction
- In (provider)
Configured with a security policy set and bindings that specifies a SAML pass-though 1.1 or SAML pass-through 2.0 authentication token.
Configured with a security profile defining the external Policy Decision Point (PDP); see the PDP section that follows.
Trust store or PDP
- WS-Trust v1.3 STS
Configured by using a WS-Trust v1.3 STS security profile that specifies identity mapping; see Creating a security profile for WS-Trust V1.3 (TFIM V6.2).