Configuring Communication Profiles; Configuring A Liberty Profile - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual
Identity server guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010:
- Manual (264 pages) ,
- User manual (58 pages) ,
- Manual (192 pages)
Table of Contents
Advertisement
Configuring Communication
1 2
Profiles
You can configure the methods of communication that are available at the server for requests and
responses sent between providers. These settings affect the metadata for the server and should be
determined prior to publishing to other sites.
Section 12.1, "Configuring a Liberty Profile," on page 287
Section 12.2, "Configuring a SAML 1.1 Profile," on page 288
Section 12.3, "Configuring a SAML 2.0 Profile," on page 288
12.1 Configuring a Liberty Profile
The profile specifies what methods of communication are available at the server for the Liberty
protocol. These settings affect the metadata for the server and should be determined prior to
publishing to other sites. If you have set up trusted providers, and then modify these profiles, the
trusted providers need to reimport the metadata from this Identity Server.
1 In the Administration Console, click Devices > Identity Servers > Edit > Liberty > Profiles.
2 Configure the following fields for identity providers and service providers:
Login: Specifies whether to support Artifact or Post binding for login. Select one or more of
the following for the identity provider and the service provider:
The Artifact binding provides an increased level of security by using a back channel
means of communication between the two servers during authentication.
The Post method uses HTTP redirection to accomplish communication between the
servers.
Single Logout: Specifies the communication method to use when the user logs out. Typically,
you select both of these options, which enables the identity provider or service provider to
accept both HTTP and SOAP requests. SOAP is used if both options are selected, or if the
service provider has not specified a preference.
HTTP: Uses HTTP 302 redirects or HTTP GET requests to communicate logout requests
from this identity site to the service provider.
SOAP: Uses SOAP over HTTP messaging to communicate logout requests from this
identity provider to the service provider.
Federation Termination: Specifies the communication channel to use when the user selects to
defederate an account. Typically, you select both of these options, which enables the identity
provider or service provider to accept both HTTP and SOAP requests. SOAP is the default
setting if the service provider has not specified a preference.
HTTP: Uses HTTP 302 redirects to communicate federation termination requests from
this server.
SOAP: Uses SOAP back channel over HTTP messaging to communicate logout requests
from this server
Configuring Communication Profiles
12
287
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 and is the answer not in the manual?