Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual page 149

3 On the Trust page, fill in the following fields:
Name: Specify the display name for this trusted provider. The default name is the name you
entered when creating the trusted provider.
The Security section specifies how to validate messages received from trusted providers over
the SOAP back channel. Both the identity provider and the service provider in the trusted
relationship must be configured to use the same security method.
Encrypt name identifiers: (SAML 2.0 only) Select this option if you want the name
identifiers encrypted on the wire.
Encrypt assertions: (SAML 2.0 Service Provider only) Specifies that you want the assertions
encrypted on the wire.
Select one of the following security methods:
Message Signing: Specifies no security and relies upon message signing using a digital
signature.
Mutual SSL: Specifies that this trusted provider provides a digital certificate (mutual
SSL) when it sends a SOAP message.
SSL communication requires only the client to trust the server. For mutual SSL, the server
must also trust the client. For the client to trust the server, the server's certificate authority
(CA) certificate must be imported into the client trust store. For the server to trust the
client, the client's certificate authority (CA) certificate must be imported into the server
trust store.
Basic Authentication: Specifies standard header-based authentication. This method
assumes that a name and password for authentication are sent and received over the SOAP
back channel.
Configuring SAML and Liberty Trusted Providers 149