Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual page 51

2 Select the protocol (Liberty, SAML 1.1, or SAML 2.0), then click the name of an identity
provider or service provider.
3 Click Access.
4 View the Security section. If the Message Signing option is selected, signing is enabled for the
SOAP back channel.
Profiles
Any of the Web Service Provider profiles can be enabled for signing by configuring them to use
X.509 for their Security Mechanism.
To view your current configuration:
1 In the Administration Console, click Devices > Identity Servers > Edit > Liberty > Web Service
Provider.
2 Click the name of a profile, then click Descriptions.
3 Click the Description Name.
4 If either Peer entity = None, Message=X509 or Peer entity = MutualTLS, Message=X509 has
been selected as the security mechanism, signing has been enabled for the profile.
Understanding the Interaction of the netHSM Server with Access Manager
Figure 1-6 outlines one of the basic flows that might occur during single sign-on to the Identity
Server when authentication requests have been configured for signing.
Basic Flow for an Authentication Request Using netHSM
Figure 1-6
4
2
4
1
Browser
1. The user requests the Access Gateway to provide access to a protected resource.
2. The Access Gateway redirects the user to the Identity Server, which prompts the user for a
username and password.
3. The Identity Server authenticates the user. If signing is enabled, the payload is signed by the
netHSM server through the Java JSSE security provider.
Identity Server
and netHSM Client
3
(out-of-band)
5
6
Access Gateway
netHSM Server
Remote File System
and netHSM Client
7
Web Server Web Page
Configuring an Identity Server 51