Configuring SAML and Liberty
5
Trusted Providers
This section discusses configuring trust so that two user accounts can be associated with each other
without the sites exchanging data. It explains how to use the Liberty, SAML 1.1, and SAML 2.0
protocols to set up the trust with internal and external identity providers, service providers, and
Embedded Service Providers (ESPs).
Section 5.1, "Understanding the Trust Model," on page 141
Section 5.2, "Configuring General Provider Options," on page 144
Section 5.3, "Creating a Trusted Provider," on page 145
Section 5.4, "Modifying a Trusted Provider," on page 148
About SAML and Liberty
For information about how Access Manager uses SAML, see
Access Manager Uses SAML," on page
For conceptual information about Liberty, see
For troubleshooting information, see
Authentication," on page
5.1 Understanding the Trust Model
Setting up trust involves system administrators agreeing on how to establish a secure method for
providing and consuming authentication assertions between their Identity Servers. An Identity
Server is always installed as an identity provider, which is used to provide authentication to trusted
service providers and Embedded Service Providers (ESPs).
Section 5.1.1, "Identity Providers and Consumers," on page 141
Section 5.1.2, "Embedded Service Providers," on page 142
Section 5.1.3, "High-Level Steps," on page 143
5.1.1 Identity Providers and Consumers
An Identity Server can be configured as an identity consumer (service provider), which enables the
Identity Server to consume authentication assertions from trusted identity providers.
depicts how two Identity Servers can be configured in a trust model using the SAML and Liberty
protocols to provide authentication for an Access Gateway ESP.
313.
Appendix B, "About Liberty," on page
Chapter 12, "Troubleshooting the Identity Server and
275.
Appendix C, "Understanding How
Configuring SAML and Liberty Trusted Providers
5
311.
Figure 5-1
141