For web services, you can complete authentication by using an X.509 certificate token.
The X.509 certificate token Authentication of an incoming SOAP message is supported in the following configurations:
Capability
Configured with a policy set and binding defining the certificate Authentication.
Optionally configured with a security profile defining an external Policy Decision Point (PDP); see the PDP section that follows.
Configured by using a WS-Trust v1.3 STS security profile specifying authentication; see Creating a security profile for WS-Trust V1.3 (TFIM V6.2).
Configured by using a TFIM security profile specifying authentication; for details, see Creating a security profile for TFIM V6.1.
Certificate authentication with an external LDAP PDP is not supported.