You can configure supported message flow input nodes or SecurityPEP nodes to perform identity authentication or security token validation using a WS-Trust v1.3 compliant Security Token Service (STS), such as Tivoli® Federated Identity Manager (TFIM) V6.2.
Before you can configure identity authentication or token validation, you need to check that an appropriate security profile exists, or create a new security profile. See Creating a security profile for WS-Trust V1.3 (TFIM V6.2).
When the security profile is configured to use WS-Trust V1.3 STS for authentication, the integration node security manager issues trust requests and processes trust responses according to the WS-Trust V1.3 standard.
For more information about these parameters, see:Authentication, mapping, and authorization with TFIM V6.2 and TAM .
http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html
.Steps for enabling WS-Trust v1.3 authentication:
For a SOAPInput node to use the identity in the WS-Security header (rather than an underlying transport identity) an appropriate policy set and bindings must also be defined and specified. For more information, see Policy sets.
If the message identity (or security token) does not contain enough information for authentication, the information must be taken from the message body. For example, if a password is required for authentication but the message came from WebSphere® MQ with only a username, the password information must be taken from the message body. For more information, see Configuring the extraction of an identity or security token.