X.509 certificate token capabilities for authentication

For web services, you can complete authentication by using an X.509 certificate token.

The X.509 certificate token Authentication of an incoming SOAP message is supported in the following configurations:


  • Authenticate
Policy Enforcement Point (PEP) and direction
  • In (provider)

    Configured with a policy set and binding defining the certificate Authentication.

    Optionally configured with a security profile defining an external Policy Decision Point (PDP); see the PDP section that follows.

Trust Store or PDP

Certificate authentication with an external LDAP PDP is not supported.