Dns Name Resolution - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual
Identity server guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010:
- Manual (264 pages) ,
- User manual (58 pages) ,
- Manual (110 pages)
Table of Contents
Advertisement
3 Click Edit > Reverse Proxies/Authentication.
4 Select an Identity Server configuration for the Identity Server Cluster option, click OK twice,
then update the Access Gateway.
Service Provider Metadata
If you have set up federation with another provider over the Liberty, SAML 1.1, SAML 2.0,
CardSpace, or WS Federation protocol and you change the base URL of the Identity Server, you
need to update the provider with the new metadata to reestablish the trusted relationship. If the
provider is another Identity Server, follow the procedure below to update the metadata; otherwise,
follow the provider's procedures.
1 In the Administration Console of the provider, click Devices > Identity Servers > Edit >
[Protocol] > [Provider] > Metadata.
2 Click Reimport.
3 Follow the steps in the wizard.
For more information, see
15.2.2 DNS Name Resolution
When the service provider tries to access the metadata on the identity provider, it sends the request
to the hostname defined in the base URL configuration of the Identity Server. The base URL in the
Identity Server configuration is used to build all the metadata end points.
To view the metadata of the Identity Server with a DNS name of
enter the following URL:
https://idpcluster.lab.novell.com:8443/nidp/idff/metadata
Scan through the document and notice the multiple references to
idpcluster.lab.novell.com/..
<md:SoapEndpoint>
https://idpcluster.lab.novell.com:8443/nidp/idff/soap
</md:SoapEndpoint>
<md:SingleLogoutServiceURL>
https://idpcluster.lab.novell.com:8443/nidp/idff/slo
</md:SingleLogoutServiceURL>
<md:SingleLogoutServiceReturnURL>
https://idpcluster.lab.novell.com:8443/nidp/idff/slo_return
</md:SingleLogoutServiceReturnURL>
The Embedded Service Provider of the Access Gateway must be able to resolve the
idpcluster.lab.novell.com
command with the hostname of the Identity Server. For example, from the Access Gateway:
ping
ping idpcluster.lab.novell.com
Section 7.7, "Managing Metadata," on page
. You should see lines similar to the following:
hostname of the Identity Server. To test that it is resolvable, send a
Troubleshooting the Identity Server and Authentication 351
203.
idpcluster.lab.novell.com
https://
,
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 and is the answer not in the manual?
Questions and answers