Cleaning Up Identities; Defederating After User Portal Login; Configuring The Identity Server As An Identity Provider - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

5 To modify the Provider ID or to import a new signing certificate, click Edit.
5a (Optional) To change the Provider ID, enter a new value or modify the current value.
5b (Optional) To import a new signing certificate, click Browse, find the certificate file, click
Open to import it, then click Apply.
6 To view the signing certificate, click Certificates.
7 (Conditional) If you made any modifications, update the Identity Server.

8.4.3 Cleaning Up Identities

When acting as a relying party, you can set limits for how long an identity can remain unused before
the identity is automatically defederated. The default value is 90 days. You can specify a value from
0 to 365 days. To configure this value:
1 In the Administration Console, click Devices > Identity Servers > Edit > CardSpace.
2 Click Configuration.
3 Specify a value for the relying party maximum age.
4 Click Apply, then update the Identity Server.

8.4.4 Defederating after User Portal Login

If you want to remove the federation link on a card so you are prompted for login credentials the
next time you use it, you need to defederate the card.
1 Log in to the user portal.
2 In your authentication card section, select the card you used to authenticate.
3 Click the options icon.
4 To defederate this account, select the defederate option.
8.5 Configuring the Identity Server as an Identity
Provider
When the Identity Server is acting as a CardSpace identity provider, you need to configure the
Identity Server's certificates to support CardSpace, configure the underlying STS to support
CardSpace, and create a managed card template:
 Section 8.5.1, "Replacing the Signing Certificate," on page 240
Section 8.5.2, "Configuring STS," on page 240

Section 8.5.3, "Creating a Managed Card Template," on page 241

Configuring CardSpace 239