Embedded Service Providers - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

Identity Servers. The Identity Server at the top of the figure is configured as an identity provider for
SAML 1.1, SAML 2.0, and Liberty authentication. The Identity Server in the middle of the figure is
configured as a service provider, consuming the authentication credentials of the top Identity Server.
This second Identity Server is also configured as an identity provider, providing authentication for
the Embedded Service Provider of the Access Gateway.
Figure 7-1
Novell Identity
Server
Novell Identity
Server
Access
Gateway
As an administrator, you determine whether your server is to be used as the identity provider or
service provider in the trust relationship. You and the trusted partner agree to exchange identity
provider metadata, and then you create references to the trusted partner's identity provider or service
provider in your Identity Server configuration. You can obtain metadata via a URL or an XML
document, then enter it in the system when you create the reference.

7.1.2 Embedded Service Providers

In addition to setting up trust with internal or external service providers, you can reference
Embedded Service Providers (ESPs) in your enterprise. An ESP uses the Liberty protocol and does
not require metadata entry, because this exchange happens automatically. The ESP comes with
Access Manager and is embedded in the Access Gateways, the J2EE agents, and a version of the
SSL VPN server. The ESP facilitates authentication between the Identity Server and the resource
protected by the device, as shown in as shown in
184 Novell Access Manager 3.1 SP2 Identity Server Guide
Identity Server Trust
IDP
Provides Authentication (SAML, SAML2, Liberty)
SP (Consumes SAML, SAML2, and Liberty Authentication)
IDP (Provides Authentication to ESP (Liberty Only)
ESP
Consumes Authentication (Liberty)
Figure 7-2.