Configuring Sts; Configuring Sts Attribute Sets; Configuring Authentication Methods - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual
Identity server guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010:
- Manual (264 pages) ,
- User manual (58 pages) ,
- Manual (192 pages)
Table of Contents
Advertisement
Configuring STS
9
The STS (Security Token Service) is used to process authentication requests received at the Identity
Server for both the CardSpace and the WS Federation protocols.
Section 9.1, "Configuring STS Attribute Sets," on page 249
Section 9.2, "Configuring Authentication Methods," on page 249
Section 9.3, "Configuring the Authentication Request," on page 250
9.1 Configuring STS Attribute Sets
Use the Attribute Set page to select the attribute set or sets that contain attributes the STS can
provide to a relying party. An attribute set must be created before you can select it.
When creating an attribute set for the STS, you need to know which protocol you are going to use
for the attribute set (CardSpace or WS Federation) and select the attributes and namespace
appropriate for the protocol.
1 In the Administrations Console, click Devices > Identity Servers > Edit > STS > Attribute Sets.
2 To select a set, move the set from the Available attribute sets list to the Attribute sets list.
CardSpace: A CardSpace set uses the
identity/claims
is or modified to match claims you want to share. For more information about CardSpace
claims, see
Understanding Personal Information Cards (http://msdn.microsoft.com/en-us/
library/aa347717.aspx)
To modify this default set, click Identity Servers > Shared Settings > Attribute Sets, then return
to this page.
WS Federation: There is no default attribute set for WS Federation. For information on how to
create the set, see
Section 10.4.2, "Configuring the Attributes Obtained at Authentication," on
page 270
and
Section 10.5.2, "Configuring the Attributes Sent with Authentication," on
page
273.
3 Click OK, then update the Identity Server if you have changed the configuration.
9.2 Configuring Authentication Methods
Use the Authentication Methods page to select the methods that can be used for authentication at the
STS for CardSpace. The methods determine the credentials the user must supply for authentication
and the user store that is used to verify the credentials. The WS Federation protocol does not use
methods for authentication.
1 In the Administrations Console, click Devices > Identity Servers > Edit > STS > Authentication
Methods.
2 To enable a method, move the method from the Available methods list to the Methods list.
http://schemas.xmlsoap.org/ws/2005/05/
namespace. A CardSpace attribute set has been created that can be used as
9
Configuring STS
249
Advertisement
Table of Contents
Troubleshooting
