Enabling And Disabling Protocols; Modifying The Base Url - Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual

1.1.6 Enabling and Disabling Protocols

You can control which protocols can be used for authenticating with an Identity Server
configuration. A protocol must be enabled and configured before users can use the protocol for
authentication. For tight security, consider disabling the protocols that you are not going to use for
authentication.
When disabling a protocol, updating the Identity Server configuration is not enough. You must stop
and start the Identity Server.
1 In the Administration Console, click Devices > Identity Servers > Edit.
2 In the Enabled Protocols section, select the protocols to enable
3 To disable a protocol, deselect it.
4 Click OK.
5 (Conditional) If you have enabled a protocol, update the Identity Server.
6 (Conditional) If you have disabled a protocol, updating the Identity Server is not enough.
6a Select the Identity Server, then click Stop.
6b When the health turns red, select the Identity Server, then click Start.
6c Repeat the process for each Identity Server in the cluster.

1.1.7 Modifying the Base URL

When configuring an Identity Server, you must carefully determine your settings for the base URL,
protocol, and domain. Changing the base URL invalidates the trust model and requires a reimport of
the provider's metadata, and a restart of the affected Embedded Service Providers. It also changes
the ID of the provider and the URLs that others use for access.
When you change the base URL of the Identity Server, you invalidate the following trusted
relationships:
The trusted relationships that the Identity Server has established with each Access Manager
device that has been configured to use the Identity Server for authentication
The trusted relationship that each Access Manager device has established with the Identity
Server when the Identity Server configuration was selected.
The trusted relationships that the Identity Server has established with other service providers.
The sessions of any logged in users are destroyed and no user can log in and access protected
resources until the trust relationships are reestablished.
To modify the base URL and re-establish trust relationships:
1 In the Administration Console, click Devices > Identity Servers > Edit.
2 Change the protocol, domain, port, and application settings, as necessary.
3 Click OK.
4 On the Identity Servers page, click Update.
This re-creates the trusted Identity Server configuration to use the new Base URL and
metadata.
24 Novell Access Manager 3.1 SP1 Identity Server Guide