Configuring identity mapping with TFIM V6.1
Configure Tivoli® Federated Identity Manager (TFIM) V6.1 to map the incoming security token and, if required, to authenticate and authorize it.
Before you begin
Before you can configure a message flow to perform identity mapping, you need to check that an appropriate security profile exists, or create a new security profile. For information about security profiles, see Creating a security profile.
About this task
To configure TFIM V6.1 to map the incoming security token, you need to create a custom module chain in TFIM, which performs the security operations. The TFIM configuration controls the token type that is returned from the mapping.
- Issuer = Properties.IdentitySourceIssuedBy
- AppliesTo = The fully qualified name of the flow: integrationNodeName.Integration Server Name.Message Flow Name
- Token = Properties.IdentitySourceToken
The security manager invokes the security provider only once, even if it is set for additional security operations (such as authentication or authorization). As a result, when you are using TFIM V6.1, you must configure a single module chain to perform all the required authentication, mapping, and authorization operations.
For information on how to configure TFIM, see the IBM Tivoli Federated Identity Manager product documentation online.
Follow these steps to enable an existing message flow to perform identity mapping.
Procedure
- In the IBM Integration Toolkit, right-click the BAR file, then click .
- Click the Manage and Configure tab.
- Click the flow or node on which you want to set the
security profile. The properties that you can configure for the message flow or for the node are displayed in the Properties view.
- In the Security Profile Name field, enter the name of a security profile that has mapping enabled.
- Save the BAR file.