Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual page 180

ID: (Optional) Specify an alphanumeric value that identifies the card. If you need to reference
this card outside of the Administration Console, you need to specify a value here. If you do not
assign a value, the Identity Server creates one for its internal use.
Text: Specify the text that references the profile when more than one profile has been defined.
Issuer: From the drop-down list, select one of the following:
Any Trusted or Untrusted Provider or Personal Card: Specifies that the issuer of the
card can be a managed card from any provider or a personal card. This option allows all
cards in the card selector to be highlighted.
Personal Card: Specifies that the issuer must be a personal card from a card selector.
Any Trusted Provider or Personal Card: Specifies that the card can be either a personal
card or a managed card from any trusted provider. A trusted provider is a provider that is
listed in the trusted provider list. See
page
This option allows all cards in the card selector to be highlighted. The Identity Server
enforces the trusted provider requirement when the card is sent.
<Provider Name>: Specifies that the card must be a managed card from the specified
provider. To add a trusted provider, see
page
Token Type: SAML 1.1 is displayed as the token type for the assertion.
If you are using CardSpace to allow access to Access Gateway protected resources, you must
ensure that the contract specified for a protected resource is satisfied by an authentication
profile.
4 Click Next, then specify the attributes for the card profile.
Attribute set: Select the CardSpace attribute set.
Required attributes: From the Available attribute list, move the attributes that you want the
card to return to the Required attribute list.
Move Common First Name and Personal Private Identifier to the Required attribute list.
Optional attributes: From the Available attribute list, move the attributes that the card can
return, but is not required to return, to the Optional attribute list.
5 Click Next, then specify the user identification method.
Satisfied contracts: (Optional) Move the contract that you want this profile to satisfy from the
list of available contracts to the Satisfied contract list.
Allow federation: Allows the CardSpace card to be linked with a user account. If you do not
select this option, the user is always prompted for credentials.
User Identification Methods: If you enable federation, the user identification method
determines how the card is linked to a user account and allows the association to be saved. If
you do not enable federation, a user identification method allows the card to be linked with an
account, but the association is not saved. Select one of the following methods:
Do nothing: Select this option to allow the user to authenticate without creating an
association with a user account. This option cannot be used when federation is enabled.
180 Novell Access Manager 3.1 SP1 Identity Server Guide
181.
181.
Section 6.6.2, "Defining a Trusted Provider," on
Section 6.6.2, "Defining a Trusted Provider," on