Configuring Authentication Contracts - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

The Radius classes have the following additional properties that can be set on the method:
RADIUS_LOOKUP_ATTR: Defines an LDAP attribute whose value is read and used as

the ID is passed to the RADIUS server. If not specified, the user name entered is used.
 NAS_IP_ADDRESS: Specifies an IP address used as a RADIUS attribute. You might use
this property for situations in which service providers are using a cluster of small network
access servers (NASs). The value you enter is sent to the RADIUS server.
Property Value: The values associated with the Property Name field.
7 Click Finish.
8 Continue with
To use a method for authenticating a user, each method must have an associated contract.

3.4 Configuring Authentication Contracts

Authentication contracts define how authentication occurs. An Identity Server can have several
authentication contracts available, such as name/password, X.509, or Kerberos. From the available
contracts, you assign a contract to a specific resource or resources. It is access to a resource that
triggers the authentication process. If the user has already supplied the required credentials for the
contract, the user is not prompted for them again.
Each contract is assigned a URI that uniquely identifies it. This URI can be shared with other
providers so that they can identify the type of credentials the Identity Provider is requiring. You can
also restrict a contract so that it can only be used for local authentication and not with other
providers.
1 In the Administration Console, click Devices > Identity Servers > Edit > Local > Contracts.
2 To delete a contract, select the contract, then click Delete.
You cannot delete a contract if it is in use by an Access Gateway or J2EE agent.
3 To create a new contract, click New.
124 Novell Access Manager 3.1 SP2 Identity Server Guide
Section 3.4, "Configuring Authentication Contracts," on page 124.