Specifying A Target - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

Also, make sure you modify the default contract to match a card that is displayed. In the
Administration Console, click Devices > Identity Servers > Edit > Local > Defaults.
If you display multiple cards, users can use different credentials to authenticate multiple times by
selecting another authentication card and entering the required credentials. This is only useful if the
credentials grant the user different roles or authorize access to different resources.
If you have configured the Identity Server to be a service provider and have established a trusted
relationship with one or more identity providers, the cards of these trusted identity providers appear
in the Authentication Cards section. Your users can use the identity provider's authentication card to
federate their account at the identity provider with their account at the service provider. When they
federate an account, they are telling the service provider to trust the authentication established at the
identity provider. This enables single sign-on between the providers. The card can also be used to
defederate the accounts. On the authentication card, click Card Options, then select Defederate.
If you have configured the Identity Server to be an identity provider for service providers, a
Federation page is accessible after login. From this page, users can federate and defederate their
accounts with trusted service providers.

3.6.2 Specifying a Target

You need to specify a target for the following conditions:
 You want to direct the users to a specific URL after the users log in to the Identity Server.
You do not want users to have access to the User Portal page.

Use one of the following methods to specify the target:
 Specify a Target in the URL: You can have your users access the Identity Server with a URL
that contains the desired target. For example:
https://<domain.com>:8443/nidp/app?target=http://www.novell.com
where <domain.com> is the DNS name of your Identity Server. In this example, the users
would see the Novell Web site after logging in.
Specify a Hidden Target on your Form: If you have your own login form to collect

credentials and are posting these credentials to the Identity Server, you can add a hidden target
to your login form. When authentication succeeds, the user is directed to this target URL. This
entry on your form should look similar to the following:
<input type="hidden" target="http://www.novell.com">
These methods work only when the user's request is for the
redirected authentication request for a protected resource, the protected resource is the target and
cannot be changed.
134 Novell Access Manager 3.1 SP2 Identity Server Guide
. If the user's request is a
/nidp/app