Table of Contents
Advertisement
Figure 5-1
Novell Identity
Servers
Access Gateway
As an administrator, you determine whether your server is to be used as the identity provider or
service provider in the trust relationship. You and the trusted partner agree to exchange Identity
Server metadata, and then you create references to the trusted partner's Identity Server in your
Identity Server configuration. You can obtain metadata via a URL or an XML document, then enter
it in the system when you create the reference.
5.1.2 Embedded Service Providers
In addition to setting up trust with internal or external service providers, you can reference
Embedded Service Providers (ESPs) in your enterprise. An ESP uses the Liberty protocol and does
not require metadata entry, because this exchange happens automatically. The ESP comes with
Access Manager and is embedded in the Access Gateways, the J2EE agents, and a version of the
SSL VPN server. The ESP facilitates authentication between the Identity Server and the resource
protected by the device, as shown in as shown in
Figure 5-2
Payroll Identity Server (IDP)
Trusted ESP
Access Gateway
The components in this example reside in the same trust store and represent a typical Access
Manager configuration used within an enterprise.
142 Novell Access Manager 3.1 SP1 Identity Server Guide
Identity Server Trust
IDP
Provides Authentication (SAML, SAML 2, Liberty)
SP (Consumes SAML, SAML2, and Liberty Authentication)
IDP (Provides Authentication to ESP (Liberty Only))
ESP
Consumes Authentication (Liberty)
Embedded Service Provider
Figure
5-2.
Protected
Application
Advertisement
Table of Contents
Troubleshooting
