Configuring The Trust Levels Class; Managing Trusted Providers - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

4 Return to the Servers page, then update the Identity Server.
5 When you configure this class, you need to also enable the Use Introductions option. Continue
with Section 7.2.2, "Configuring the General Identity Consumer Options," on page

7.2.4 Configuring the Trust Levels Class

The Trust Levels class allows you to specify an authentication level or rank for class types that do
not appear on the Defaults page and for which you have not defined a contract. The level is used to
rank the requested type. Using the authentication level and the comparison context, the Identity
Server can determine whether any contracts meet the requirements of the request. If one or more
contracts match the request, the user is presented with the appropriate authentication prompts. For
more information and other configuration options, see
Defaults," on page 130 and
1 In the Administration Console, click Devices > Identity Server > Servers > Edit > Local >
Classes > Trust Levels.
2 Click Properties > New, then specify the following values.
Property Name: Specify
Property Value: Specify
3 For each class type for which you want to set a level, create a property for that class.
3a Set the Property Name to the name of the class. For example, use one of the following:
urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession
urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol
For additional values, refer to the SAML2 and Liberty Authentication Context
Specifications.
3b Set the Property Value to the security level or rank you want for the class. A level of 2 is
higher than a level of 1.
4 Click OK, then update the Identity Server.

7.3 Managing Trusted Providers

The procedure for establishing trust between providers begins with obtaining metadata for the
trusted provider. If you are using the Novell Identity Server, protocol-specific metadata is available
via a URL.
1 In the Administration Console, click Devices > Identity Servers > Servers > Edit > [Protocol].
For the protocol, select Liberty, SAML 1.1 or SAML 2.0.
2 Select one of the following actions:
New: Launches the Create Trusted Identity Provider Wizard or the Create Trusted Service
Provider Wizard, depending on your selection. See one of the following for more information:.
Section 7.3.1, "Creating a Trusted Provider for Liberty or SAML 2.0," on page 190

Section 7.3.2, "Creating a Trusted Service Provider for SAML 1.1," on page 192

Section 7.3.3, "Creating a Trusted Identity Provider for SAML 1.1," on page 194

Delete: Allows you to delete the selected identity or service provider.
Enable: Enables the selected identity or service provider.
Section 3.5.1, "Specifying Authentication Types," on page 131
SetClassTrustLevels
.
true
Section 3.5, "Specifying Authentication
.
Configuring SAML and Liberty Trusted Providers 189
187.