Configuring Mutual Ssl (X.509) Authentication - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

5 Click New to add an IP address for the RADIUS server. You can add additional servers for
failover purposes.
6 Click OK.
7 Fill in the following fields:
Port: The port of the RADIUS server.
Shared Secret: The RADIUS shared secret.
Reply Time: The total time to wait for a reply in milliseconds
Resend Time: The time to wait in milliseconds between requests.
Server Failure Retry: The time in milliseconds that must elapse before a failed server is
retried.
JSP: Specify the name of the login page if you want to use something other than the default
page. The filename must be specified without the JSP extension. The default page is used if
nothing is specified.
Require Password: Select to require the user to also specify an LDAP password.
8 Click Finish.
9 Create a method for this class.
For instructions, see
10 Create a contract for the method:
For instructions, see
If you want the user's credentials available for Identity Injection policies and you did not
enable the Require Password option, add the password fetch method as a second method to the
contract. For more information about this class and method, see
Password Retrieval," on page
11 Update the Identity Server.
4.2 Configuring Mutual SSL (X.509)
Authentication
Mutual authentication is used when a user is issued an X.509 certificate from a trusted source, and
the certificate is then used to identify the user. To ensure the validity of the certificates, Access
Manager supports both Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol
(OCSP) methods of verification.
To configure X.509 authentication, you need to create an authentication class, then configure the
validation and attribute mapping options.
1 Log in to the Administration Console.
2 Import the trusted root certificate or certificate chain of the Certificate authority into the
Identity Server trusted root store.
For information on how to import trusted roots, see
(Trusted
The Identity Server must trust the Certificate authority that created the user certificates.
3 To create the X.509 authentication class, click Devices > Identity Servers > Edit > Local >
Classes.
140 Novell Access Manager 3.1 SP2 Identity Server Guide
Section 3.3, "Configuring Authentication Methods," on page
Section 3.4, "Configuring Authentication Contracts," on page
148.
Roots)" in the Novell Access Manager 3.1 SP2 Administration Console
Section 4.5, "Configuring
"Importing Public Key Certificates
122.
124.
Guide.