For web services, you can map an identity by using an X.509 certificate token.
The integration node supports Identity mapping from an X.509 certificate token in an incoming SOAP message header to username tokens in the following configurations:
Capability
Configured with a policy set and binding defining the certificate Authentication.
Configured with a security profile defining an external Policy Decision Point (PDP); see the PDP section that follows.
Configured by using a TFIM security profile specifying identity mapping; for details, see Creating a security profile for TFIM V6.1.
Configured by using a WS-Trust v1.3 STS security profile specifying identity mapping; for details, see Creating a security profile for WS-Trust V1.3 (TFIM V6.2).
Username tokens only can be propagated.