Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 236

Image: Select the image from the drop-down list. For CardSpace, you can use the default
CardSpace image or any other image in the list. To add a new image, click Select local image.
For more information on how to add an image, see
Images," on page
Show Card: Select this option when you want the Identity Server to display the card as a login
option. Deselect this option when you want to prevent users from using this card and any of its
authentication profiles.
3 In the Profiles section, click New, then fill in the following fields:
Name: Specify a display name for the profile.
ID: (Optional) Specify an alphanumeric value that identifies the card. If you need to reference
this card outside of the Administration Console, you need to specify a value here. If you do not
assign a value, the Identity Server creates one for its internal use.
Text: Specify the text that references the profile when more than one profile has been defined.
Issuer: From the drop-down list, select one of the following:
 Any Trusted or Untrusted Provider or Personal Card: Specifies that the issuer of the
card can be a managed card from any provider or can be a personal card. This option
allows all cards in the card selector to be selected.
Personal Card: Specifies that the issuer must be a personal card from a card selector.

 Any Trusted Provider or Personal Card: Specifies that the card can be either a personal
card or a managed card from any trusted provider. A trusted provider is a provider that is
listed in the trusted provider list. See
page
This option allows all cards in the card selector to be selected. The Identity Server
enforces the trusted provider requirement when the card is sent.
<Provider Name>: Specifies that the card must be a managed card from the specified

provider. To add a trusted provider, see
page
Token Type: SAML 1.1 is displayed as the token type for the assertion.
If you are using CardSpace to allow access to Access Gateway protected resources, you must
ensure that the contract specified for a protected resource is satisfied by an authentication
profile.
4 Click Next, then specify the attributes for the card profile.
Attribute set: Select the CardSpace attribute set.
Required attributes: From the Available attribute list, select the attributes that you want the
card to return and move them to the Required attribute list.
Move Common First Name and Personal Private Identifier to the Required attribute list.
Optional attributes: From the Available attribute list, select the attributes that the card can
return, but is not required to return, and move them to the Optional attribute list.
5 Click Next, then specify the user identification method.
Satisfied contracts: (Optional) Move the contract that you want this profile to satisfy from the
list of available contracts to the Satisfied contract list.
Allow federation: Allows the CardSpace card to be linked with a user account. If you do not
select this option, the user is always prompted for credentials.
236 Novell Access Manager 3.1 SP2 Identity Server Guide
180.
237.
237.
Section 6.5, "Adding Authentication Card
Section 8.4.2, "Defining a Trusted Provider," on
Section 8.4.2, "Defining a Trusted Provider," on