Novell ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010 Manual page 68

Authentication Contract: Specifies the type of contract, which determines the information a
user must supply for authentication. By default, you can select from the following
authentication contracts:
Any Contract: If the user has authenticated, allows any contract defined for the Identity
Server to be valid, or if the user has not authenticated, prompts the user to authenticate
using the default contract assigned to the Identity Server configuration.
Name/Password - Basic: Specifies basic authentication over HTTP, using a standard
login pop-up provided by the Web browser.
Name/Password - Form: Specifies a form-based authentication over HTTP, using the
Access Manager login form.
Secure Name/Password - Basic: Specifies basic authentication over HTTPS, using a
standard login pop-up provided by the Web browser.
Secure Name/Password - Form: Specifies a form-based authentication over HTTPS,
using the Access Manager login form.
Embedded Service Provider Base URL: The application path for the Embedded Service
Provider. This URL has the following constituents:
Protocol: Specifies the communication protocol. Specify HTTPS in order to run securely
in SSL mode. Use HTTP only if you do not require security
Domain: The DNS name used to access the SSL VPN server. Using an IP address is not
recommended.
Port: Specifies the port values for the protocol. The port is 8080 for HTTP or 8443 for
HTTPS. If you want to use port 80 or 433, specify the port here, then configure the
operating system to translate the port.
Application: Specifies the SSL VPN server application path.
Redirect Requests from Non-Secure Port to Secure Port: Specify this option to redirect the
browsers to the secure port in order to establish an SSL connection. If this option is not
selected, browsers that connect to the non-secure port are denied service.
SSL VPN Certificate: Configure a certificate for SSL. You can click the icon to select a
certificate. If you have installed the Identity Server and the SSL VPN server on the same
machine, then same certificate is used for both the services.
Embedded Service Provider Certificate: Configure a certificate for the Embedded Service
Provider to communicate with the Identity Server. You can click the icon to select a certificate.
The following URLs are displayed when the Published DNS name is populated:
Login URL: Displays the URL that you need to use for logging users in to the protected
resources.
Logout URL: Displays the URL that you need to use for logging users out of protected
resources.
Metadata URL: Displays the location of the metadata.
Health Check URL: Displays the location of the health check.
4 Restart the Tomcat server when prompted.
5 To save your modifications, click OK, then click Update on the Configuration page.
6 Click Update on the Identity Server Configuration page.
7 (Optional) Proceed with
if you have not already configured the SSL VPN server details.
68 Novell Access Manager 3.1 SP1 SSL VPN Server Guide
Chapter 11, "Configuring the IP Address, Port, and NAT," on page 75,