Configuring General Provider Options; Configuring The General Identity Provider Options - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

 Enabling the profiles that you are using. See
Profiles," on page
Enabling the Always Allow Interaction option on the Web Service Consumer page. See

Section 13.5, "Configuring the Web Service Consumer," on page
6. (Conditional) If you are setting up SAML 1.1 federation, the protocol does not allow the target
link after federation to be automatically configured. You must manually configure this setting.
See "Specifying the Intersite Transfer Service URL for the Login URL Option" on page
NOTE: For a tutorial that explains all the steps for setting up federation between two Novell
Identity Servers, see

7.2 Configuring General Provider Options

The following options are global because they affect any identity providers or identity consumers
(service providers) that the Identity Server has been configured to trust:
Section 7.2.1, "Configuring the General Identity Provider Options," on page 186

Section 7.2.2, "Configuring the General Identity Consumer Options," on page 187

 Section 7.2.3, "Configuring the Introductions Class," on page 188
Section 7.2.4, "Configuring the Trust Levels Class," on page 189


7.2.1 Configuring the General Identity Provider Options

The following options affect all identity providers that the Identity Server has been configured to
trust.
1 In the Administration Console, click Devices > Identity Servers > Edit > Identity Providers.
2 To specify identity provider settings, fill in the following fields:
Show logged out providers: Displays logged-out providers on the identity provider's logout
confirmation page.
Require Signed Authentication Requests: Specifies that for the Liberty 1.2 and SAML 2.0
protocols, authentication requests from service providers must be signed. When you enable this
option for the identity provider, you must also enable the Sign Authentication Requests option
under the Identity Consumer heading on this page for the external trusted service provider.
Use Introductions (Publish Authentications): Enables single sign-on from the service
provider to the identity provider. The service provider determines the identity providers that
users are already logged into, and then selectively and automatically asks for authentication
from one of the identity providers. Introductions are enabled only between service and identity
providers that have agreed to a circle of trust, which means that they have agreed upon a
common domain name for this purpose.
After authenticating a user, the identity provider accesses a service at the service domain and
writes a cookie to the common part of the service domain, publishing that the authentication
has occurred.
Service Domain (Local and Common): Enables a service provider to access a service at

the service domain prior to authenticating a user. This service reads cookies obtained at
this domain and discovers if any identity providers have provided authentication to the
186 Novell Access Manager 3.1 SP2 Identity Server Guide
292.
"Setting Up Federation" in the
Section 13.2, "Managing Web Services and
303.
Novell Access Manager 3.1 SP2 Setup
219.
Guide.