Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual page 121

11 Fill in the following fields:
Display name: Specify a name that you can use to identify this method.
URI: Specify a value that uniquely identifies the contract from all other contracts.
The URI cannot begin with a slash, and it must uniquely identity the contract. For example:
kerberos/contract
Methods: From the list of Available methods, move your Kerberos method to the Methods list.
You do not need to configure the other contract options.
12 Click Finish.
13 (Optional) To use the procedure that verifies the authentication configuration, you need to
make the Active Directory user store the default user store. In the Local page, click Defaults.
13a Fill in the following fields:
User Store: Select the name of your Active Directory user store.
Authentication Contract: Select the name of your Kerberos contract.
13b Click OK.
This allows you to log in directly to the Identity Server using the Kerberos contract. If you
have already logged in to the Active Directory domain on the Windows machine, single
sign-on is enabled and you are not prompted to log in to the Identity Server.
14 On the Identity Servers page, click Update.
Wait until the Health icon turns green. Click Refresh to update the page.
15 If you have Access Gateways or J2EE Agents that you want to configure to use the Kerberos
contract, update these devices so that the Kerberos contract is available.
16 Continue with "Creating the bcsLogin Configuration File" on page 122.
Configuring Advanced Local Authentication Procedures 121