Follow these steps to configure a security provider used to support the X-3GPP-Asserted-Identity header in HTTP requests. Note that one of two providers can be selected, as described in the "Overview":

1. From the Edit Tree of the Remote Console, click Security, and then Realms, and your specific realm, and then Authentication Providers.
2. In the Authentication Providers table, select New.
3. Enter a name for the new provider, and select one of the following options from the Type drop down list:
   • X3gpp Asserted Identity Asserter: Select this option to configure a provider that does not throw an exception when the header is invalid or is received from a non-trusted host.
   • X3gpp Asserted Identity Strict Asserter: Select this option to configure a provider that throws an exception when the header is received from a non-trusted host and is therefore ignored.

   See "Overview" for more information.

4. Click Create.
5. Select the name of the new provider you just created from the Authentication Providers table.
6. In the Active Types chooser list, select the X-3GPP-Asserted-Identity type and use the arrow to move it to the Chosen column.
7. Click Save.
8. Select the Custom Parameters tab.
9. Fill in the fields of the configuration page as follows:
   • Trusted Hosts: Enter one or more host names that the provider will treat as trusted hosts. Note that the provider does not use trusted hosts configured in the sipserver.xml file (see information on sip-security in the Oracle Communications Converged Application Server Administrator's Guide). You can enter a list of IP addresses or DNS names, and wildcards are supported.
   • User Name Mapper Class Name: Enter the name of a custom Java class used to map user names in the X-3GPP-Asserted-Identity header to user names in the default security realm. A custom user name mapper is generally used if user names are received from two or more different domains. In this case additional logic may be required to map user names received from each domain. A custom user name mapper class is required if you want to map usernames to WebLogic usernames, or if you want to logically process multiple usernames specified in the X-3GPP-Asserted-Identity header (rather than using only the first username). See Oracle Fusion Middleware Securing Oracle WebLogic Server for more information.

     Alternatively, leave this field blank to use the default user name mapper. The default mapper simply discards the domain name and takes the first resulting user name to assert the identity. For example, the default user name mapper takes the following header:

     X-3GPP-Asserted-Identity: "user1@oracle.com", "user2@oracle.com"
     

     and asserts the identity "user1."

10. Click Save.
11. Restart the server.