Table of Contents
Advertisement
Creating an Attribute Set for WS Federation
The CardSpace attribute set is not in the correct namespace for WS Federation. The WS Federation
namespace is http://schemas.xmlsoap.org/claims. Also, CardSpace has a defined set of claims. With
WS Federation, you need to decide which attributes you want to shared during authentication. This
scenario uses the LDAP mail attribute and the All Roles attribute.
1 On the Identity Servers page, click Shared Settings.
2 To create a new attribute set, click New, then fill in the following fields:
Set Name: Specify a name that identifies the purpose of the set, for example, wsfed_attributes.
Select set to use as template: Select <None>.
3 Click Next > New, fill in the following fields, then click OK:
Local attribute: Select LDAP Attribute:mail [LDAP Attribute Profile].
Remote attribute: Specify emailAddress. This is the attribute that this scenario uses for user
identification.
Remote nanespace: Select the radio button by the text box, then specify the following
namespace:
http://schemas.xmlsoap.org/claims
4 To add a mapping for the All Roles attribute, click New, fill in the following fields, then click
OK:
Local attribute: Select All Roles.
Remote attribute: Specify group. This is the name of the attribute that is used to share roles.
Remote nanespace: Select http://schemas.xmlsoap.org/claims.
5 Click Finish.
6 Continue with
Enabling the Attribute Set
Because the WS Federation protocol uses STS, you must enable the attribute set for STS in order to
use it in an WS Federation relationship.
1 On the Identity Servers page, click Servers > Edit > STS.
2 Move the WS Federation attribute set to the Attribute set list.
3 Select the WS Federation attribute set and use the up-arrow to make it first in the Attribute set
list.
4 Click OK, then update the Identity Server.
Creating a WS Federation Service Provider
In order to establish a trusted relationship with the ADFS server, you need to set up the Trey
Research site as a service provider. The trusted relationship allows the service provider to trust the
Identity Server for user authentication credentials.
Trey Research is the default name for the ADFS resource server. If you have used another name,
substitute it when following these instructions. To create a service provider, you need to know the
following about the ADFS resource server.
190 Novell Access Manager 3.1 SP1 Identity Server Guide
"Enabling the Attribute Set" on page
190.
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
Related Products for Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009