For web services, you can map an identity by using a username token.
Identity mapping from a username identity token to a mapped username identity token is supported only in the following configurations:
Capability
Configured with a security policy and binding that defines that a username taken is present. You can use the default policy and binding WSS10Default; see Default policy set and bindings.
Configured with a security profile defining the external Policy Decision Point (PDP); see the PDP section that follows.
Configured by using a WS-Trust v1.3 STS security profile that specifies identity mapping; see Creating a security profile for WS-Trust V1.3 (TFIM V6.2).
Configured by using a TFIM security profile that specifies identity mapping; see Creating a security profile for TFIM V6.1.