Defining User Identification For Saml 1.1; Selecting A User Identification Method For Saml 1.1 - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual
Identity server guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010:
- Manual (264 pages) ,
- User manual (58 pages) ,
- Manual (30 pages)
Table of Contents
Advertisement
Provision account: Assumes that the user does not have an account at the service
provider and creates one for the user. You must create a provisioning method.
6 Click OK.
7 (Conditional) If you selected Provision account when no match is found, select the Provision
settings icon. For information on this process, see
Provisioning Method," on page
8 Click OK twice, then update the Identity Server.
11.2 Defining User Identification for SAML 1.1
Section 11.2.1, "Selecting a User Identification Method for SAML 1.1," on page 280
Section 11.2.2, "Configuring the Attribute Matching Method for SAML 1.1," on page 281
11.2.1 Selecting a User Identification Method for SAML 1.1
Two methods exist for identifying users from an identity provider when using the SAML 1.1
protocol. You can specify that no account matching needs to occur, or you can configure a match
method. You configure a match method when you want to use attributes from the identity provider
to uniquely identify a user on the service provider.
1 In the Administration Console, click Devices > Identity Servers > Edit > SAML 1.1 > [Identity
Provider] > User Identification.
2 In the Satisfies contract option, specify the contract that can be used to satisfy the assertion
received from the identity provider. Because SAML 1.1 does not use contracts and because the
Identity Server is contract-based, this setting permits an association to be made between a
contract and a SAML 1.1 assertion.
Use caution when assigning the contract to associate with the assertion, because it is possible to
imply that authentication has occurred, when it has not. For example, if a contract is assigned to
the assertion, and the contract has two authentication methods (such as one for name/password
and another for X.509), the server sending the assertion might use only name/password, but the
service provider might assume that X.509 took place and then incorrectly assert it to another
server.
3 Select one of the following options for user identification:
Do nothing: Specifies that an identity provider account is not matched with a service
provider account. This option allows the user to authenticate the session without
identifying a user account on the service provider.
280 Novell Access Manager 3.1 SP2 Identity Server Guide
Section 11.3, "Defining the User
282.
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010
Related Products for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 and is the answer not in the manual?
Questions and answers