Using Cardspace Cards For Authentication To Access Gateway Protected Resources; Managing Cardspace Trusted Providers - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

Do not remove the Personal Private Identifier claim.
3 Click Finish.
4 Update the Identity Server.
8.6 Using CardSpace Cards for Authentication to
Access Gateway Protected Resources
The protected resources on an Access Gateway are designed to rely on contracts for authentication.
The CardSpace protocol uses cards for authentication. Therefore, to use the CardSpace protocol as
the authentication authority for protected resources, you need to associate an authentication card
profile with the authentication contract you are using for the protected resources.
1 In the Administration Console, click Devices > Identity Servers > Edit > Local > Contracts.
2 Click the name of the contract you are using for protected resources.
3 Verify that the Satisfiable by External Provider option is enabled, then click Authentication
Card.
4 Disable the Show Card option, then click OK.
5 Click CardSpace > Authentication Card, then in the Profiles section, select the profile you want
to use with protected resources.
If you select a profile that is configured only for a personal card, the user must supply a
personal card to log in.
If you select a profile that is configured for a managed card, the user can supply a managed
card to log in.
6 Click User Identification, then configure the following fields:
Satisfies contract: Select the contract that is used by the protected resource.
Allow federation: Select this option so that the personal private identifier of the card can be
associated with a user in the Identity Server's user store.
Authenticate: Select this method for federation.
7 Click OK twice, then update the Identity Server.
8 (Optional) Verify the configuration by requesting access to a protected resource configured to
use the contract you have enabled for CardSpace.

8.7 Managing CardSpace Trusted Providers

A trusted provider is an issuer of authentication tokens that you want to strongly trust. The provider
has given you its issuer ID and its public key for the signing certificate. Tokens issued from this
trusted provider are validated by using the public key certificate.
1 In the Administration Console, click Devices > Identity Servers > Edit > CardSpace > Trusted
Providers.
2 Select from the following actions:
New: Launches the Create Trusted Identity Provider Wizard. See
Identity Provider Wizard," on page 243
Delete: Allows you to delete the selected identity provider.
Enable: Enables the selected identity provider.
242 Novell Access Manager 3.1 SP2 Identity Server Guide
for more information.
Section 8.7.1, "CardSpace