Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 116

 "Users Are Receiving Invalid Credential Messages" on page 117
"Secrets Aren't Stored in the LDAP Directory" on page 117

Secrets Aren't Stored in Novell SecretStore
When you use Novell SecretStore to store the secrets, the schema on the eDirectory server must be
extended, and specific SAML objects and certificates must be created.
To verify that the schema was extended and the objects were created on the eDirectory server:
1 Open an LDAP browser and connect to the eDirectory server.
2 Browse to the Security container.
3 Look for objects similar to the following:
AuthorizedLogin Methods
If the schema has been extended correctly, you can find a SAML Assertion object in the
Authorized Login Methods container. The SAML_Assertion object contains an alphanumeric
generated name for a SAML affiliate object. This object has four attributes.
The SAML affiliate object name is used to generate another container in the Security container.
This new container is the <AffiliateObjectName> Trusted Root container that contains public
key signing certificate.
4 Complete one of the following:
If these objects do not exist, verify the following, then continue with

116 Novell Access Manager 3.1 SP2 Identity Server Guide
eDirectory Tree
Security
<AffiliateObjectName> Trusted Root
SAML Assertion
<SAML_Affiliate_Object>
authsamlCertContainerDN
authsamlTrustedCertDN
authsamlValidAfter
authsamlValidBefore
authsamlProviderID
The admin user for the user store has sufficient rights to extend the schema and add

these objects to the Security container.
Certificates
Step 5: