X.509 module

Edit online

The X.509 module is called X509STSModule.

Validates X.509 security tokens with a token type of:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-
  wss-x509-token-profile-1.0#X509
http://docs.oasis-open.org/wss/2004/01/oasis-200401-
  wss-x509-token-profile-1.0#X509v3
http://docs.oasis-open.org/wss/2004/01/oasis-200401-
  wss-x509-token-profile-1.0#X509PKIPathv1
The module uses the IBM Verify Identity Access KESS to validate the X.509 certificate path.
Deployment scenarios for this module type
  • Custom trust chains
Supported modes
  • Validate
Configuration properties
Enable X.509 certificate validation
Specifies whether validation of X.509 certificates must be enforced. By default, this check box is selected. When this box is cleared, the certificate is not validated. This option can be used in deployments where the certificate has already been validated by another entity.
X.509 default value type
If an X.509 BinarySecurityToken does not have the ValueType attribute specified, this configuration value is used as the default ValueType.
Include Subject DN
If enabled, the X.509 Subject Distinguished Name is added to the STSUniversalUser AttributeList.
Include Issuer DN
If enabled, the X.509 Issuer distinguished name is added to the STSUniversalUser AttributeList.
Include Not Before
If enabled, the X.509 NotBefore date is added to the STSUniversalUser AttributeList. This date indicates the earliest date from which the X.509 is valid.
Include Not After
If enabled, the X.509 NotAfter date is added to the STSUniversalUser AttributeList. This date indicates the latest date for which the X.509 is valid.
Include Serial Number
If enabled, the X.509 serial number is added to the STSUniversalUser AttributeList.
Include Type
If enabled, the X.509 type is added to the STSUniversalUser AttributeList.
Include Version
If enabled, the X.509 version is added to the STSUniversalUser AttributeList.
Include Basic Constraints
If enabled, the X.509 Basic Constraints are added to the STSUniversalUser AttributeList.
Please enter a list of Object Identifiers to read from the certificate
Use this text area to add custom Object Identifiers to the STSUniversalUser AttributeList. Put each unique OID on a new line in the text area. Each value is a hexadecimal representation of the octet string.