X.509 module
The X.509 module is called X509STSModule. Validates X.509 security tokens with a token type of:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1
The module uses the IBM Security Verify Access KESS to validate the X.509 certificate path.
- Deployment scenarios for this module type
- Custom trust chains
- Supported modes
- Validate
- Configuration properties
- Enable X.509 certificate validation
- Whether validation of X.509 certificates must be enforced. By default, this check box is selected. When this box is cleared, the certificate is not validated. This option can be used in deployments where the certificate has already been validated by another entity.
- X.509 default value type
- If an X.509 BinarySecurityToken does not have the ValueType attribute specified, this configuration value is used as the default ValueType.
- Include Subject DN
- If enabled, the X.509 Subject Distinguished Name is added to the STSUniversalUser AttributeList.
- Include Issuer DN
- If enabled, the X.509 Issuer distinguished name is added to the STSUniversalUser AttributeList.
- Include Not Before
- If enabled, the X.509 NotBefore date is added to the STSUniversalUser AttributeList. This date indicates the earliest date from which the X.509 is valid.
- Include Not After
- If enabled, the X.509 NotAfter date is added to the STSUniversalUser AttributeList. This date indicates the latest date for which the X.509 is valid.
- Include Serial Number
- If enabled, the X.509 serial number is added to the STSUniversalUser AttributeList.
- Include Type
- If enabled, the X.509 type is added to the STSUniversalUser AttributeList.
- Include Version
- If enabled, the X.509 version is added to the STSUniversalUser AttributeList.
- Include Basic Constraints
- If enabled, the X.509 Basic Constraints are added to the STSUniversalUser AttributeList.
- Please enter a list of Object Identifiers to read from the certificate
- Use this text area to add custom Object Identifiers to the STSUniversalUser AttributeList. Put each unique OID on a new line in the text area. Each value is a hexadecimal representation of the octet string.
Parent topic: Supported module types