Configuration Guides › Policy Server Configuration Guide › Authentication Schemes › WS‑Security Authentication › Choose a WS‑Security Token Type › X509v3 Certificate Token

X509v3 Certificate Token

The X509v3 certificate security token provides the token subject’s X.509v3 certificate in a SOAP document.

When configured to require X509v3 certificate tokens, the WS‑Security authentication scheme provides basically the same functionality as the XML Digital Signature authentication scheme, but without requiring certificate mapping, since the signature and key information are contained in standard header elements.

Using the X509v3 certificate token enables the SOA Agent to do the following:

• Verify the signature
• Ensure that the signature is signed by using a trusted certificate
• Confirm that the document has not been altered.

After the signature is verified, the Policy Server does the following:

• Uses the digital signature and other information in the user store entry to confirm that the XML document is actually from a trusted client.
• Checks that the web service consumer has a valid entry in the user store.

When generating X.509v3 tokens, SOA Security Manager uses the host web service enterprise’s certificate, which it obtains from the Smkeydatabase.

More information:

Smkeydatabase Overview