Table of Contents
Advertisement
2.7.1 Logging In to the User Portal
Users can log directly in to the Identity Server when they enter the Base URL of the Identity Server
in their browsers. For example, if your base URL is http://doc.provo.novell.com:8080/nidp, entering
this URL prompts the user to authenticate with the credentials required for the default contract.
User Portal
Figure 2-3
When users log directly into the Identity Server, the users need to use the default card for
authentication. This is the card that appears in the top left frame, and the credentials it requires are
displayed in the top right frame.
On a newly installed system, cards for all the authentication contracts that are installed with the
system are displayed. To avoid confusing your users, you need to disable the Show Card option for
the contracts you do not want your users to use. In the Administration Console, click Devices >
Identity Servers > Edit > Local > Contracts > [Name of Contract] > Authentication Card.
Also, make sure you modify the default contract to match a card that is displayed. In the
Administration Console, click Devices > Identity Servers > Edit > Local > Defaults.
If you display multiple cards, users can use different credentials to authenticate multiple times by
selecting another authentication card and entering the required credentials. This is only useful if the
credentials grant the user different roles or authorize access to different resources.
If you have configured the Identity Server to be a service provider and have established a trusted
relationship with one or more identity providers, the cards of these trusted identity providers appear
in the Authentication Cards section. Your users can use the identity provider's authentication card to
federate their account at the identity provider with their account at the service provider. When they
federate an account, they are telling the service provider to trust the authentication established at the
identity provider. This enables single sign-on between the providers. The card can also be used to
defederate the accounts. On the authentication card, click Card Options, then select Defederate.
If you have configured the Identity Server to be an identity provider for service providers, a
Federation page is accessible after log in. From this page, users can federate and defederate their
accounts with trusted service providers.
100 Novell Access Manager 3.1 SP1 Identity Server Guide
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER and is the answer not in the manual?