Authenticating With A Managed Card; Prerequisite; Configuring A Cardspace Identity Provider - Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual

6.4 Authenticating with a Managed Card

To use a managed card, you need both a relying party and an identity provider as illustrated in
Figure 6-2 on page
be the identity provider. It also explains how to configure a trusted relationship between the relying
party, so that a user can authenticate to the relying party with a managed card.
Section 6.4.1, "Prerequisite," on page 174
Section 6.4.2, "Configuring a CardSpace Identity Provider," on page 174
Section 6.4.3, "Creating and Installing a Managed Card," on page 175
Section 6.4.4, "Configuring the Relying Party to Trust an Identity Provider," on page 176
Section 6.4.5, "Logging In with the Managed Card," on page 177
These sections describe only a few of options available for configuring the Identity Server as a
CardSpace identity provider. For information about all the available options, see
"Configuring the Identity Server as an Identity Provider," on page

6.4.1 Prerequisite

For CardSpace and managed cards, you need to make sure that the SSL certificate and the signing
certificate of the Identity Server use the same name for the certificate's subject name. When you
configured the Identity Server for SSL, you replaced the default SSL certificate with a certificate
that uses the DNS name of the Identity Server as the subject name. For CardSpace, you need to
replace the default signing certificate. You can use the same certificate for signing as you did for
SSL.
1 In the Administration Console, click Devices > Identity Servers > Edit > Security.
2 In the Keys and Certificate section, click Signing.
3 Click Replace.
4 In the Replace pop-up, click the Select Certificate icon, select the certificate you created for
SSL, then click OK.
5 When the certificate appears in the Certificate box, click OK, then click Close.
6 Update the Identity Server.
7 Complete these steps for both Identity Servers: the relying party and the identity provider.

6.4.2 Configuring a CardSpace Identity Provider

When you configure an Identity Server to be a CardSpace identity provider, you need to create a
managed card template. Users can then use the template to create and install a managed card in their
card selector.
1 In the Administration Console, click Devices > Identity Servers > Edit > CardSpace.
2 Click Managed Card Templates > New, then fill in the following fields:
Name: Specify a display name for the template.
Description: Specify the text to be displayed on the card. This can contain information about
how the card can be used or the type of resource that can be accessed with the card.
174 Novell Access Manager 3.1 SP1 Identity Server Guide
168. The following scenario explains how to set up a second Identity Server to
Section 6.7,
183.