Authenticating incoming requests with WS-Trust v1.3 STS (TFIM V6.2)
You can configure supported message flow input nodes or SecurityPEP nodes to perform identity authentication or security token validation using a WS-Trust v1.3 compliant Security Token Service (STS), such as Tivoli® Federated Identity Manager (TFIM) V6.2.
Before you begin
Before you can configure identity authentication or token validation, you need to check that an appropriate security profile exists, or create a new security profile. See Creating a security profile for WS-Trust V1.3 (TFIM V6.2).
About this task
- RequestType
- Issuer
- AppliesTo
For more information about these parameters, see:Authentication, mapping, and authorization with TFIM V6.2 and TAM .
http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html
.Steps for enabling WS-Trust v1.3 authentication:
Procedure
- In the IBM App Connect Enterprise Toolkit, right-click the BAR file, then click Open with > BAR Editor.
- Click the Manage and Configure tab.
- Click the flow or node on which you want to set the
security profile. The properties that you can configure for the message flow or for the node are displayed in the Properties view.
- In the Security Profile Name field, select a security profile that configures WS-Trust v1.3 STS for authentication.
- Save the BAR file.
What to do next
For a SOAPInput node to use the identity in the WS-Security header (rather than an underlying transport identity) an appropriate policy set and bindings must also be defined and specified.
If the message identity (or security token) does not contain enough information for authentication, the information must be taken from the message body. For example, if a password is required for authentication but the message came from IBM MQ with only a username, the password information must be taken from the message body. For more information, see Configuring the extraction of an identity or security token.