Security Considerations; Federation Options - Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual

3b Specify the server IP address and port.
The auto-import displays the certificate chain, which you can select for import.
3c Click OK, then click Close.
4 Restart Tomcat.
The system prompts you with a dialog box to restart Tomcat. This is necessary whenever
security changes are made to the Identity Server.
For more information about enabling security for a basic Access Manager configuration, see
"Enabling SSL Communication" in the
For additional information about managing certificates, see
in the Novell Access Manager 3.1 SP1 Administration Console

1.8 Security Considerations

By default, all Access Manager components (Identity Server, Access Gateway, SSL VPN, and
J2EE* Agents) trust the certificates signed by the local CA. We recommend that you configure the
Identity Server to use an SSL certificate signed externally, and that you configure the trusted store of
the service provider for each component to trust this new CA. See
Manager Devices" in the
Be aware of the following security issues:
Section 1.8.1, "Federation Options," on page 71
Section 1.8.2, "Authentication Contracts," on page 72
Section 1.8.3, "Forcing 128-Bit Encryption," on page 72

1.8.1 Federation Options

When you set up federation between an identity provider and a service provider, you can select
either to exchange assertions with a post method or to exchange artifacts. An artifact is a randomly
generated ID, it contains no sensitive data, and only the intended receiver can use it to retrieve
Novell Access Manager 3.1 SP1 Setup
Novell Access Manager 3.1 SP1 Administration Console
Guide.
"Security and Certificate
Guide.
"Assigning Certificates to Access
Guide.
Configuring an Identity Server
Management"
71