Server - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual
Identity server guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010:
- Manual (264 pages) ,
- User manual (58 pages) ,
- Manual (110 pages)
Table of Contents
Advertisement
Access Manager allows you to use netHSM to store and manage the signing key pair of the Identity
Server. You must use the Administration Console to store and manage the other Access Manager
certificates. Access Manager uses the Java Security provider of the netHSM server to interact with
the netHSM server.
This section describes the following about the netHSM implementation:
Section 1.6.1, "Understanding How Access Manager Uses Signing and Interacts with the
netHSM Server," on page 42
Section 1.6.2, "Configuring the Identity Server for netHSM," on page 44
1.6.1 Understanding How Access Manager Uses Signing and
Interacts with the netHSM Server
The netHSM server provides a signing certificate that is used instead of the one provided by Access
Manager. Requests, responses, assertions, or payloads can be signed when there are interactions
during single sign-on or during attribute queries between service providers and identity providers
using any of the SAML1.1, SAML2, Liberty ID-FF, Liberty ID-WSF, or ID-SIS protocols.
"Access Manager Services That Use the Signing Certificate" on page 42
"Understanding the Interaction of the netHSM Server with Access Manager" on page 43
Access Manager Services That Use the Signing Certificate
The following services can be configured to use signing:
"Protocols" on page 42
"SOAP Back Channel" on page 42
"Profiles" on page 43
Protocols
The protocols can be configured to sign authentication requests.
To view your current configuration:
1 In the Administration Console, click Devices > Identity Servers > Edit.
2 In the Identity Provider section, view the setting for the Require Signed Authentication
Requests option. If it is selected, all authentication requests from identity providers are signed.
3 In the Identity Consumer section, view the settings for the Require Signed Assertions and Sign
Authentication Requests options. If these options are selected, assertions and authentication
requests are signed.
SOAP Back Channel
The SOAP back channel is the channel that the protocols use to communicate directly with a
provider. The SOAP back channel is used for artifact resolutions and attribute queries for the
Identity Web Services Framework.
To view your current configuration for the SOAP back channel:
1 In the Administration Console, click Devices > Identity Servers > Edit.
42
Novell Access Manager 3.1 SP2 Identity Server Guide
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 and is the answer not in the manual?
Questions and answers