Table of Contents
Advertisement
Creating an Account Partners Configuration
WS Federation, unlike CardSpace, requires a two-way trust relationship. Both the identity provider
and the service provider must be configured to trust the other provider. This task sets up the trust
between the ADFS server and the Identity Server.
1 In the Active Directory Federation Services console, navigate to the Account Partners by
clicking Federation Services >Trust Policy > Partner Organizations.
2 Right-click Partner Organizations, then select New > Account Partner.
3 Supply the following information in the wizard:
You do not have an account partner policy file.
For the display name, specify the DNS name of the Identity Server.
For the Federation Services URI, specify the following:
https://<DNS_Name>:8443/nidp/wsfed/
Replace <DNS_Name> with the DNS name of the Identity Server.
This URI is the base URL of your Identity Server with the addition of /wsfed/ on the end.
For the Federation Services endpoint URL, specify the following:
https://<DNS_Name>:8443/nidp/wsfed/ep
Replace <DNS_Name> with the DNS name of the Identity Server.
This URL is the base URL of your Identify Server with the addition of /wsfed/ep at the
end.
For the verification certificate, import the trusted root of the signing certificate on your
Identity Server.
If you have not changed it, you need the Organizational CA certificate from your
Administration Console. This is the trusted root for the test-signing certificate.
Select Federated Web SSO.
The Identity Server is outside of any Forest, so do not select Forest Trust.
Select the E-mail claim.
Add the suffix that you will be using for your e-mail address.
You need to have the e-mail end in what the ADFS server is expecting, such as
@novell.com, which grants access to any user with that e-mail suffix.
4 Enable this account partner.
5 Finish the wizard.
6 Continue with
Enabling ClaimApp and TokenApp Claims
The Active Directory step-by-step guide sets up these roles to be used by the resources. You set
them up to be sent in the All Roles attribute from the Identity Server. You must map these roles into
the Adatum ClaimApp Claim and the Adatum TokenApp Claim.
1 In the Active Directory Federation Services console, click the account partner that you created
for the Identity Server (see
194 Novell Access Manager 3.1 SP1 Identity Server Guide
"Enabling ClaimApp and TokenApp Claims" on page
"Creating an Account Partners Configuration" on page
194.
194).
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
Related Products for Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009