With identity assertion authentication, the client generates a security token, based on user name, distinguished name (DN), or X.509 certificate, and imbeds it in the SOAP message. The server then extracts the token and validates it by using a Java Authentication and Authorization Service (JAAS) login module. For more information about identity assertion, see Identity assertion and Identity authentication method.
Identity assertion uses a trusted ID evaluator to determine if the name that is provided in the request message is to be trusted. You can use a default trusted ID evaluator, or you can develop your own. For more information, see Trusted ID evaluator.
Note: To use the identity assertion authentication mechanism for Web services, you must configure WebSphere global security. For more information, see Configure global security in the Security topic.
To configure the identity assertion authentication mechanism for your Web service, perform the following steps: