Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 143
Identity server guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010:
- Manual (264 pages) ,
- User manual (58 pages) ,
- Manual (110 pages)
Table of Contents
Advertisement
Show certificate errors: Displays an error page when a certificate error occurs. This option is
disabled by default.
Auto Provision X509: Enables using X.509 authentication for automatic provisioning of
users. This option allows you to activate X.509 for increased security, while using a less secure
way of authentication, such as username/password. Extra security measures can even include
manual intervention to activate X.509 authentication by adding an extra attribute that is
checked during authentication.
An example of using this option is when a user authenticates with an X.509 certificate, a
lookup is performed for a matching SASallowableSubjectNames with the name of the user
certificate. When no match is found, and Auto Provision X509 is enabled, the user is presented
with a custom error page specifying to click a button to provide additional credentials, such as
a username and password, or to start an optional Identity Manager workflow. If the
authentication is successful, then the user's SASallowableSubjectNames attribute is filled in
with the certificate name of the user certificate.
When Auto Provision X509 is enabled, and the attribute that is used for subject name mapping
is changed from the default sasAllowableSubjectNames, you need to ensure that the LDAP
attribute that is used can store string values with a length as long as the longest client certificate
subject name. For example, if you use the LDAP attribute title (which has an upper bound of 64
characters) the Auto Provision X509 fails the provisioning part of the authentication if the client
certificate subject name is longer 64 characters. The authentication works if a valid name and
password is given. However, provisioning fails.
Attributes: The list of attributes currently used for matching. If multiple attributes are
specified, the evaluation of these attributes should resolve to only one user in the user store.
The evaluation first does a DN lookup for subject name or directory name mapping. If this
fails, the rest of the mappings are looked up in a single LDAP query.
Available attributes: The available X.509 attributes. To use an attribute, select it and move it
to the Attributes list. When the attribute is moved to the Attributes list, you can modify the
mapping name in the Attribute Mappings section. The mapped name must match an attribute in
your LDAP user store.
Configuring Advanced Local Authentication Procedures 143
Advertisement
Table of Contents
Troubleshooting
Subscribe to Our Youtube Channel
Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010
Related Products for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 and is the answer not in the manual?
Questions and answers