Configuring Communication Security For Liberty And Saml 1.1; Configuring Communication Security For A Saml 2.0 Identity Provider - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

7.5.1 Configuring Communication Security for Liberty and
SAML 1.1
Liberty and SAML 1.1 have the same security options for the SOAP back channel for both identity
and service providers. You cannot configure the trust relationship of the SOAP back channel for the
Identity Server and its Embedded Service Providers.
1 In the Administration Console, click Devices > Identity Servers > Edit > [Protocol].
For the protocol, select either Liberty or SAML 1.1.
2 Click the name of a provider.
3 On the Trust page, fill in the following field:
Name: Specify the display name for this trusted provider. The default name is the name you
entered when creating the trusted provider.
For an Embedded Service Provider, the Name option is the only available option on the Trust
page.
The Security section specifies how to validate messages received from trusted providers over
the SOAP back channel. Both the identity provider and the service provider in the trusted
relationship must be configured to use the same security method.
4 Select one of the following security methods:
Message Signing: Relies upon message signing using a digital signature.
Mutual SSL: Specifies that this trusted provider provides a digital certificate (mutual SSL)
when it sends a SOAP message.
SSL communication requires only the client to trust the server. For mutual SSL, the server must
also trust the client. For the client to trust the server, the server's certificate authority (CA)
certificate must be imported into the client trust store. For the server to trust the client, the
client's CA certificate must be imported into the server trust store.
Basic Authentication: Specifies standard header-based authentication. This method assumes
that a name and password for authentication are sent and received over the SOAP back channel.
Send: The name and password to be sent for authentication to the trusted partner. The

partner expects this password for all SOAP back-channel requests, which means that the
name and password must be agreed upon.
 Verify: The name and password used to verify data that the trusted provider sends.
5 Click OK twice.
6 Update the Identity Server.
7.5.2 Configuring Communication Security for a SAML 2.0
Identity Provider
The security settings control the direct communication between the Identity Server and the identity
provider across the SOAP back channel.
1 In the Administration Console, click Devices > Identity Servers > Edit > SAML 2.0.
Configuring SAML and Liberty Trusted Providers 197