Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 258
Identity server guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010:
- Manual (264 pages) ,
- User manual (58 pages) ,
- Manual (192 pages)
Table of Contents
Advertisement
Enabling E-mail as a Claim Type
There are three types of claims for identity that can be enabled on an ADFS server. They are
Common Name, E-mail, and User Principal Name. The ADFS step-by-step guide specifies that you
do everything with a User Principal Name, which is an Active Directory convention. Although it
could be given an e-mail name that looks the same, it is not. This scenario selects to use E-mail
instead of Common Name because E-mail is a more common configuration.
1 From the Administrative Tools, open the Active Directory Federation Services tool.
2 Navigate to the Organizational Claims by clicking Federation Service > Trust Policy > My
Organization.
3 Verify that E-mail is in this list. If it isn't, move it to the list.
4 Navigate to your Token-based Application and enable e-mail by right-clicking the application,
editing the properties, and clicking the Enabled box.
5 Navigate to your Claims-aware Application and repeat the process.
6 Continue with
Creating an Account Partners Configuration
WS Federation requires a two-way trust relationship. Both the identity provider and the service
provider must be configured to trust the other provider. This task sets up the trust between the ADFS
server and the Identity Server.
1 In the Active Directory Federation Services console, navigate to the Account Partners by
clicking Federation Services >Trust Policy > Partner Organizations.
2 Right-click Partner Organizations, then select New > Account Partner.
3 Supply the following information in the wizard:
You do not have an account partner policy file.
For the display name, specify the DNS name of the Identity Server.
For the Federation Services URI, specify the following:
https://<DNS_Name>:8443/nidp/wsfed/
Replace <DNS_Name> with the DNS name of the Identity Server.
This URI is the base URL of your Identity Server with the addition of
For the Federation Services endpoint URL, specify the following:
https://<DNS_Name>:8443/nidp/wsfed/ep
Replace <DNS_Name> with the DNS name of the Identity Server.
This URL is the base URL of your Identify Server with the addition of
end.
For the verification certificate, import the trusted root of the signing certificate on your
Identity Server.
If you have not changed it, you need the Organizational CA certificate from your
Administration Console. This is the trusted root for the test-signing certificate.
Select Federated Web SSO.
The Identity Server is outside of any forest, so do not select Forest Trust.
Select the E-mail claim.
258 Novell Access Manager 3.1 SP2 Identity Server Guide
"Creating an Account Partners Configuration" on page
258.
on the end.
/wsfed/
at the
/wsfed/ep
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010
Related Products for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 and is the answer not in the manual?