Configuring Communication Security - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

 Authentication Card: See
Provider," on page
You can modify the following features of a service provider:
 Communication Security: See
page 196.
 Attributes to Send in the Response: See
Authentication," on page
Intersite Transfer Service: See

Service Provider" on page
Metadata: See

 Authentication Response: See
Service Provider," on page

7.5 Configuring Communication Security

The communication security settings control the direct communication between the Identity Server
and a trusted provider across the SOAP back channel. You can secure this channel with one of three
methods:
Message Signing: This is the default method, and the Identity Server comes with a test signing
certificate that is used to sign the back-channel messages. We recommend replacing this test signing
certificate with a certificate from a well-known certificate authority. This method is secure, but it is
CPU intensive. For information on replacing the default certificate, see
the Keys, Certificates, and Trust Stores," on page
Mutual SSL: This method is probably the fastest method, and if you are fine-tuning your system for
performance, you should select this method. However, it requires the exchange of trusted root
certificates between the Identity Server and the trusted provider. This exchange of certificates is a
requirement for setting up the trust relationship between the two providers. To verify that you have
exchanged certificates, see
page 29.
Basic Authentication: This method is as fast as mutual SSL and the least expensive because it
doesn't require any certificates. However, it does require the exchange of usernames and passwords
with the administrator of the trusted provider, which might or might not compromise the security of
the trusted relationship.
If your trusted provider is another Identity Server, you can use any of these methods, as long as your
Identity Server and the trusted Identity Server use the same method. If you are setting up a trusted
relationship with a third-party provider, you need to select a method supported by that provider.
For configuration information, see the following sections:
 Section 7.5.1, "Configuring Communication Security for Liberty and SAML 1.1," on page 197
Section 7.5.2, "Configuring Communication Security for a SAML 2.0 Identity Provider," on

page 197
 Section 7.5.3, "Configuring Communication Security for a SAML 2.0 Service Provider," on
page 199
196 Novell Access Manager 3.1 SP2 Identity Server Guide
Section 7.10, "Managing the Authentication Card of an Identity
216.
Section 7.5, "Configuring Communication Security," on
201.
"Configuring an Intersite Transfer Service Target for a
221.
Section 7.7, "Managing Metadata," on page
Section 7.9, "Configuring an Authentication Response for a
212.
Section 1.3.3, "Managing the Keys, Certificates, and Trust Stores," on
Section 7.6.2, "Configuring the Attributes Sent with
203.
Section 1.3.3, "Managing
29.