To enable a message flow to perform identity propagation, the input nodes must extract the identity and the output node must propagate it.
Before you can configure a message flow to perform identity propagation, you must check that an appropriate security profile exists, or create a new security profile. See Creating a security profile.
To enable a message flow to perform identity propagation, complete the following steps.
For a SOAPRequest or SOAPAsyncRequest node, you can define an appropriate policy set and bindings to specify how the propagated identity is placed in the WS-Security header (rather than the underlying transport headers). For more information, see Policy sets.
On SOAPRequest and SOAPAsyncRequest nodes, only Username and SAML tokens can be propagated. However, on the SOAPRequest and SOAPAsyncRequest nodes with a Kerberos policy set and bindings, a Username and password token can be propagated into the node to provide the Kerberos client credentials.
For the SAPRequest node, you can propagate only the user name and password. For the CICSRequest and IMSRequest nodes, you can propagate the user name, or the user name and password.