Table of Contents
Advertisement
5.1.3 High-Level Steps
The following high-level steps describe setting up the trust model between an identity provider and
a service provider. These steps assume that both providers are using the Novell
provided with Access Manager.
1. Administrators at each company install and configure the Identity Server.
See
Section 1.1.1, "Creating a Cluster Configuration," on page
familiar with the
Novell Access Manager 3.1 SP1 Installation
2. Administrators at each company must import the trusted root certificate of the other Identity
Server into the NIDP trust store.
Click Devices > Identity Servers > Servers > Edit > Security > NIDP Trust Store, then auto
import the certificate. Use the SSL port (8443) even if you haven't set up the base URL of the
Identity Server to use HTTPS.
3. Administrators must exchange Identity Server metadata with the trusted partner.
Metadata is generated by the Identity Server and can be obtained via a URL or an XML
document, then entered in the system when you create the reference. This step is not applicable
if you are referencing an ESP. When you reference an ESP, the system lists the installed ESPs
for you to choose, and no metadata entry is required.
4. Create the reference to the trusted identity provider and the service provider.
This procedure associates the metadata with the new provider. See
Trusted Provider," on page
5. Configure user authentication.
This procedure defines how your Identity Server interacts with the trusted provider during user
authentication. Access Manager comes with default basic authentication settings already
enabled. See
Chapter 8, "Configuring User Identification Methods for Federation," on
page
209.
Additional important steps for enabling authentication between trusted providers include:
Setting up the necessary authentication contracts. See
Authentication Contracts," on page
Enabling the profiles that you are using. See
Profiles," on page
Enabling the Always Allow Interaction option on the Web Service Consumer page. See
Section 10.8, "Configuring the Web Service Consumer," on page
6. (Conditional) If you are setting up SAML 1.1 federation, the protocol does not allow the target
link after federation to be automatically configured. You must manually configure this setting.
See
"Specifying the Intersite Transfer Service URL for the Login URL Option" on page
NOTE: For a tutorial that explains all the steps for setting up federation between two Novell
Identity Servers, see
"Setting Up
145.
94.
224.
Federation" in the
Novell Access Manager 3.1 SP1 Setup
®
14. (You should already be
Guide.)
Section 5.3, "Creating a
Section 2.4, "Configuring
Section 10.2, "Enabling Web Services and
234.
Configuring SAML and Liberty Trusted Providers 143
Identity Server
151.
Guide.
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
Related Products for Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER and is the answer not in the manual?