Logging In; Additional Ws Federation Configuration Options - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual
Identity server guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010:
- Manual (264 pages) ,
- User manual (58 pages) ,
- Manual (30 pages)
Table of Contents
Advertisement
For the display name, specify the DNS name of the Identity Server.
For the Federation Services URI, enter the following:
https://<DNS_Name>:8443/nidp/wsfed/
Replace <DNS_Name> with the name of your Identity Server.
This is the base URL of your Identity Server with the addition of
For the Federation Services endpoint URL, specify the following:
https://<DNS_Name>:8443/nidp/wsfed/spassertion_consumer
Replace <DNS_Name> with the name of your Identity Server.
This is the base URL of your Identity Server with the addition of
spassertion_consumer
Select Federated Web SSO.
The Identity Server is outside of any forest, so do not select Forest Trust.
Select the E-mail claim.
Select the Pass all E-mail suffixes through unchanged option.
4 Enable this resource partner.
5 Finish the wizard.
6 To test the configuration, continue with
10.2.3 Logging In
1 In a client browser, enter the base URL of your Identity Server.
2 From the list of cards, select the Adatum contract.
3 (Conditional) If you are not joined to the Adatum domain, enter a username and password in
the browser pop-up. Use a name and a password that are valid in the Adatum domain.
If you are using the client that is joined to the Adatum domain, the card uses a Kerberos ticket
to authenticate to the ADFS identity provider (resource partner).
4 When you are directed back to the Identity Server for Federation User Identification, log in to
the Identity Server with a username and password that is valid for the Identity Server (the
service provider).
5 Verify that you are authenticated.
6 Close the browser.
7 Log in again.
This time you are granted access without entering credentials at the service provider.
10.2.4 Additional WS Federation Configuration Options
You can enable the sharing of attribute information from the Identity Server to the ADFS server.
This involves creating an attribute set and enabling the sending of the attributes at authentication.
See
Section 10.4.2, "Configuring the Attributes Obtained at Authentication," on page
For other options that can be modified after you have created the trusted identity server
configuration, see
Section 10.4, "Modifying a WS Federation Identity Provider," on page
at the end.
Section 10.2.3, "Logging In," on page
at the end.
/wsfed/
/wsfed/
267.
270.
269.
Configuring WS Federation 267
Advertisement
Table of Contents
Troubleshooting
