Configuring A Saml 1.1 Profile; Configuring A Saml 2.0 Profile - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual

Register Name: Specifies the communication channel to use when the provider supplies a
different name to register for the user. Typically, you select both of these options, which
enables the identity provider or service provider to accept both HTTP and SOAP requests.
SOAP is the default setting if the service provider has not specified a preference.
 HTTP: Uses HTTP 302 redirects to communicate federation termination requests from
this server.
 SOAP: Uses SOAP back channel over HTTP messaging to communicate logout requests
from this server.
3 Click OK, then update the Identity Server.
4 (Conditional) If you have set up trusted providers and have modified the profile, these
providers need to reimport the metadata from this Identity Server.

12.2 Configuring a SAML 1.1 Profile

Profiles control what methods of communication are available at the server for the SAML 1.1
protocol. These settings affect the metadata for the server and should be determined prior to
publishing to other sites. If you have set up trusted providers, and then modify these profiles, the
trusted providers need to reimport the metadata from this Identity Server.
1 In the Administration Console, click Devices > Identity Servers > Edit > SAML 1.1 > Profiles.
2 Configure the following fields:
Login: Specifies the communication channel when the user logs in. Select one or more of these
methods for the identity provider and the identity consumer:
 The Artifact binding provides an increased level of security by using the back channel for
communication between the two servers during authentication.
 The Post method uses HTTP redirection to accomplish communication between servers.
Source ID: Displays the hexadecimal ID generated by the Identity Server for the SAML 1.1
service provider. This is a required value when establishing trust with a service provider.
3 Click OK, then update the Identity Server.
4 (Conditional) If you have set up trusted providers and have modified the profile, these
providers need to reimport the metadata from this Identity Server.

12.3 Configuring a SAML 2.0 Profile

Profiles control the methods of communication that are available for SAML 2.0 protocol requests
and responses sent between trusted providers. These settings affect the metadata for the server and
should be determined prior to publishing to other sites. The identity provider uses the incoming
metadata to determine how to respond.
All available profile bindings are enabled by default. SOAP is used when all are enabled (or if the
service provider has not specified a preference), followed by HTTP Post, then HTTP Redirect.
1 In the Administration Console, click Devices > Identity Servers > Edit > SAML 2.0 > Profiles.
2 Configure the following fields for identity providers and identity consumers (service
providers):
Artifact Resolution: Specify whether to enable artifact resolution for the identity provider and
identity consumer.
288 Novell Access Manager 3.1 SP2 Identity Server Guide