Creating A Managed Card Template - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

The options displayed allow you to select the format for the name identifier that is returned in
the SAML assertion. The selected attribute sets (Identity Servers > Edit > STS > Attribute Sets)
determine the values that are available for the formats.
6 Select a format and value.
If you select a format without a value type, a random one-time identifier is sent.
If no attributes are listed for the value type, you need to set up an attribute set. See
None: Indicates that the SAML assertion does not contain a name identifier.
Unspecified: Specifies that the SAML assertion contains an unspecified name identifier. For
the value, select the attribute that the relying party and the identity provider have agreed to use.
E-mail: Specifies that the SAML assertion contains the user's e-mail address for the name
identifier. For the value, select an e-mail attribute.
X509: Specifies that the SAML assertion contains an X.509 certificate for the name identifier.
For the value, select an X.509 attribute.
7 Click Apply, then restart the Identity Server:
7a On the Identity Servers page, select the server, then click Stop > OK.
7b When the health turns red, select the server, then click Start.

8.5.3 Creating a Managed Card Template

1 In the Administration Console, click Devices > Identity Servers > Edit > Card Space >
Managed Card Templates > New, then fill in the following fields:
Name: Specify a display name for the template.
Description: Specify the text to be displayed on the card. This can contain information about
how the card can be used or the type of resource that can be accessed with the card.
Image: Specify the image to be displayed on the card. Select the image from the drop-down
list. To add an image to the list, click Select local image.
Require Identification of Relying Party in Security Token: Select this option to require the
relying party to provide identification when it requests a security token.
Allow Users to Back a Managed Card Using a Personal Card: Select this option if you
want to allow users to back a managed card with a personal card.
When a managed card is backed by a personal card, the user enters the required credentials

once, and thereafter only the card is needed for authentication.
When a managed card is not backed by a personal card, the user must always enter the

required credentials on authentication.
When the Allow User to Back a Managed Card Using a Personal Card option is selected, the
user is presented with the option to back the managed card with a personal card. When it is not
selected, the option to back the managed card with a personal card is removed from the user
interface.
2 Click Next, then fill in the following fields:
Attribute set: From the list of available sets, select an attribute set. A default attribute set,
named CardSpace, is available for CardSpace claims.
Selected claims: From the list of available claims, select the attributes for the managed card
and move them to the list of selected claims.
Step 2.
Configuring CardSpace 241