Before you start:
Before you
can configure a message flow to perform identity mapping, you need to check
that an appropriate security profile exists, or create a new security profile.
See Configuring a security profile.
To enable an existing message flow to perform identity mapping:
- On the Security tab for each input node,
select a security profile that has mapping enabled:
Ensure
that TFIM is selected in the security profile as the mapping provider.
- Configure TFIM to map the incoming security token (and, if required,
to authenticate and authorize it). The security token is the X.509
certificate, username, and username+password.
To configure TFIM to map
the incoming security token, you need to create a custom module chain in TFIM,
which performs the security operations. The TFIM configuration controls the
token type that is returned from the mapping. For information on how to configure
TFIM, see the IBM Tivoli Federated Identity
Manager information center.