Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 233

https://test.lab.novell.com:8443/nidp/sts/services/Trust
Identity Provider: Click Browse to browse for and select the certificate that you exported
for the identity provider.
2d Click Next > Finish.
3 To create a profile that allows this trusted provider to be an issuer of security tokens, click
Authentication Card.
The following steps explain how to create a new profile for the trusted provider. This allows
you to see how a CardSpace authentication card can be configured for multiple profiles.
3a Click New, then fill in the following fields:
Name: Specify a display name for the profile that indicates which trusted provider is
going to use the profile.
ID: (Optional) Leave this field blank.
Text: Specify the text that is displayed on the card to the user for this profile. If the user
knows about the identity provider, this should help the user identify the provider.
Issuer: From the drop-down list, select the name of the trusted provider.
Token Type: SAML 1.1 is displayed as the token type for the assertion.
3b Click Next, then specify the attributes for the personal card.
Attribute set: Select the CardSpace attribute set.
Required attributes: From the Available attribute list, select the attributes that you want
the card to return and move them to the Required attribute list.
For this scenario, move Common First Name and Personal Private Identifier to the
Required attribute list. The Personal Private Identifier attribute should always be in the
required list.
Optional attributes: From the Available attribute list, select the attributes that the card
can return, but is not required to return, and move them to the Optional attribute list. For
this scenario, do not select any optional attributes.
3c Click Next, then specify the user identification method.
Satisfied contract: (Optional) For this scenario, do not select a contract.
Allow federation: Enable this option so that the managed card can be linked with the
user's account. If you do not enable this option, the user is always prompted for
credentials.
Authenticate: Select Authenticate for the user identification method. This prompts the
user for a name and a password the first time the card is used for authentication.
4 To add a trusted root to a trust store, click Security > Certificates.
The Certificates page is displayed.
4a Click Trusted Roots > Auto-Import From Server.
In the pop-up dialog box, fill in the following fields:
Server IP/DNS: Specify the server IP address or DNS name for the identity provider.
Server Port: Specify 8443 for the server port number.
Certificate name: Specify a name for the certificate.
4b Click OK.
4c Select the imported certificate, then click Add Trusted Roots to Trust Stores.
Configuring CardSpace 233