Setting Up Mutual Ssl Authentication; Creating An Ored Credential Class - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

4.2.2 Setting Up Mutual SSL Authentication

SSL provides the following security services from the client to the server:
 Authentication and nonrepudiation of the server, using digital signatures
Data confidentiality through the use of encryption

Data integrity through the use of authentication codes

Mutual SSL provides the same things from the server to the client as SSL. It provides authentication
and nonrepudiation of the client, using digital signatures.
1 Set up Access Manager certificates for security, and import them into the Access Manager
system. (See "Creating
Console Guide.)
2 Create an X.509 authentication class. (See
Authentication," on page
3 Create an authentication method using this class. (See
Authentication Methods," on page
4 Create an authentication contract using the X.509 method. (See
Authentication Contracts," on page
5 Update the Identity Server cluster configuration. (See
Server Configuration," on page
6 Update any associated Access Gateways to read the new authentication contract.
7 Assign the contract to protect resources.
See "Configuring Protected
Gateway Guide.
8 Update the Access Gateway.

4.3 Creating an ORed Credential Class

Access Manager includes a class that can be configured to accept any combination of name/
password, X.509, or RADIUS credentials. When this class executes as part of a contract, users can
select and enter their preferred type of credential.
For example, if a name/password credential is ORed with an X.509 credential, the user can select to
use a certificate or to enter a name and password. As an administrator, you have decided that both
credentials are equally secure for the protected resource the contract is protecting.
To create an ORed credential class:
1 In the Administration Console, click Devices > Identity Servers > Edit > Local > Classes.
2 Click New, then fill in the following fields:
Display name: Specify a name for the class.
Java class: Select NPOrRadiusOrX509Class.
3 Click Next, then select the types of classes you want to OR. You must select at least one of the
following:
Use Name/Password: Select this option if you want the PasswordClass to be one of the
authentication options available to the user.
Certificates" in the Novell Access Manager 3.1 SP2 Administration
Section 4.2, "Configuring Mutual SSL (X.509)
140.)
122.)
124.)
318.)
Resources" in the Novell Access Manager 3.1 SP2 Access
Configuring Advanced Local Authentication Procedures 145
Section 3.3, "Configuring
Section 3.4, "Configuring
Section 14.1.1, "Updating an Identity