Defining A Trusted Provider - Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual

Authenticate: Select this option when you want to use login credentials. This option
prompts the user to log in to the service provider.
Allow 'Provisioning': Select this option to allow users to create an account when
they have no account on the service provider.
This option requires that you specify a user provisioning method, which defines the
required attributes for setting up a user account. See
Provisioning Method," on page
Provision Account: Select this option when the users on the identity provider do not have
accounts on the service provider. This option allows the service provider to trust any user
that has authenticated to the trusted identity provider.
This option requires that you specify a user provisioning method, which defines the
required attributes for setting up a user account. See
Provisioning Method," on page
Attribute matching: Select this option when you want to use attributes to match an
identity server account with a service provider account. This option requires that you
specify a user matching method. See
Method," on page
Prompt for password on successful match: Select this option to prompt the user
for a password when the user's name is matched to an account, to ensure that the
account matches.
6 (Conditional) If you have selected a method that requires account provisioning or attribute
matching, click the icon for Provisioning Settings or Attribute Matching Settings. For
instructions, see Section 8.4, "Defining the User Provisioning Method," on page 214
Section 8.3, "Configuring the Attribute Matching Method," on page
7 Click Finish > OK.
8 Restart the Identity Server. Stopping and starting the Identity Server also updates its
configuration:
8a On the Identity Servers page, select the server, then click Stop > OK.
8b When the health turns red, select the server, then click Start.
9 Continue with Section 6.6.2, "Defining a Trusted Provider," on page

6.6.2 Defining a Trusted Provider

You need to create a trusted provider for each server you want to explicitly trust as an identity
provider. If your users are going to use only personal cards for authentication or explicit trust in not
required, you do not need to create a trusted provider configuration.
The authentication profile allows you to select an option to trust any provider, including untrusted
providers. For a secure system, you need to identify the providers you want to trust and create a
configuration for them. To create a trusted provider, you need to obtain the issuer ID of the provider
and the public key certificate for signing certificate from the provider's administrator.
For an Identity Server cluster, the issuer ID is the base URL of the Identity Server plus the following
path:
/sts/services/Trust
214.
214.
Section 8.3, "Configuring the Attribute Matching
213.
Section 8.4, "Defining the User
Section 8.4, "Defining the User
213.
181.
Configuring CardSpace 181
or