Sign In
Upload
Manuals
Brands
NOVELL Manuals
Software
ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manuals
Manuals and User Guides for NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER. We have
1
NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER manual available for free PDF download: Manual
NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual (324 pages)
Identity Server Guide
Brand:
NOVELL
| Category:
Software
| Size: 4 MB
Table of Contents
Legal Notices
2
Table of Contents
5
About this Guide
11
Additional Documentation
12
1 Configuring an Identity Server
13
Managing a Cluster Configuration
13
Creating a Cluster Configuration
14
Assigning an Identity Server to a Cluster Configuration
19
Configuring Session Failover
19
Removing a Server from a Cluster Configuration
20
Managing a Cluster with Multiple Identity Servers
21
Enabling and Disabling Protocols
24
Modifying the Base URL
24
Customizing Identity Server Messages
25
Customizing Messages
25
Customizing the Branding of the Error Page
27
Customizing Tooltip Text for Authentication Contracts
29
Customizing the Identity Server Login Page
30
Selecting the Login Page and Modifying It
31
Configuring the Identity Server to Use Custom Login
42
Troubleshooting Tips for Custom Login
47
Customizing the Identity Server Logout Page
48
Rebranding the Logout Page
48
Replacing the Logout Page with a Custom Page
48
Enabling Role-Based Access Control
49
Using Nethsm for the Signing Key Pair
49
Server
50
Configuring the Identity Server for Nethsm
52
Configuring Secure Communication on the Identity Server
66
Viewing the Services that Use the Signing Key Pair
67
Viewing Services that Use the Encryption Key Pair
68
Managing the Keys, Certificates, and Trust Stores
68
Security Considerations
71
Federation Options
71
Authentication Contracts
72
Forcing 128-Bit Encryption
72
2 Configuring Local Authentication
75
Configuring Identity User Stores
76
Using more than One LDAP User Store
76
Configuring the User Store
77
Configuring an Admin User for the User Store
80
Configuring a User Store for Secrets
80
Creating Authentication Classes
88
Creating Basic or Form-Based Authentication Classes
88
Specifying Common Class Properties
90
Configuring Authentication Methods
92
Configuring Authentication Contracts
94
Using a Password Expiration Service
96
URL Parameters
97
Forcing Authentication after the Password Has Changed
97
Grace Logins
98
Federated Accounts
98
Specifying Authentication Defaults
98
Managing Direct Access to the Identity Server
99
Logging in to the User Portal
100
Specifying a Target
101
Blocking Access to the WSDL Services Page
101
3 Configuring Advanced Local Authentication Procedures
105
Configuring for RADIUS Authentication
105
Configuring Mutual SSL (X.509) Authentication
106
Setting up Mutual SSL Authentication
111
Creating an Ored Credential Class
111
Configuring for Kerberos Authentication
113
Prerequisites
114
Configuring Active Directory
115
Configuring the Identity Server
117
Configuring the Clients
123
Configuring the Access Gateway for Kerberos Authentication
124
Upgrading from Access Manager 3.0 SP4 or 3.1
124
Configuring Access Manager for NESCM
125
Prerequisites
125
Creating a User Store
125
Creating a Contract for the Smart Card
127
Assigning the NESCM Contract to a Protected Resource
131
Verifying the User's Experience
131
Troubleshooting
132
4 Defining Shared Settings
133
Configuring Attribute Sets
133
Editing Attribute Sets
135
Configuring User Matching Expressions
136
Adding Custom Attributes
137
Creating Shared Secret Names
137
Creating LDAP Attribute Names
138
Adding Authentication Card Images
140
5 Configuring SAML and Liberty Trusted Providers
141
Understanding the Trust Model
141
Identity Providers and Consumers
141
Embedded Service Providers
142
High-Level Steps
143
Configuring General Provider Options
144
Configuring the General Identity Provider Options
144
Configuring the General Identity Consumer Options
145
Creating a Trusted Provider
145
Modifying a Trusted Provider
148
Configuring Communication Security Settings
148
Using the Intersite Transfer Service
150
Selecting Attributes for a Trusted Provider
155
Managing Metadata
156
Configuring an Authentication Request for an Identity Provider
159
Configuring an Authentication Response for a Service Provider
162
Managing the Authentication Card of an Identity Provider
165
6 Configuring Cardspace
167
Overview of the Cardspace Authentication Process
167
Prerequisites for Cardspace
168
Enabling High Encryption
169
Configuring the Client Machines for Cardspace
169
Authenticating with a Personal Card
171
Authenticating with a Managed Card
174
Prerequisite
174
Configuring a Cardspace Identity Provider
174
Creating and Installing a Managed Card
175
Configuring the Relying Party to Trust an Identity Provider
176
Logging in with the Managed Card
177
Authenticating with a Managed Card Backed by a Personal Card
178
Configuring the Identity Server as a Relying Party
179
Defining an Authentication Card and Profile
179
Defining a Trusted Provider
181
Cleaning up Identities
183
Defederating after User Portal Login
183
Configuring the Identity Server as an Identity Provider
183
Replacing the Signing Certificate
183
Configuring STS
184
Creating a Managed Card Template
185
Using Cardspace Cards for Authentication to Access Gateway Protected Resources
186
7 Configuring WS Federation
187
Using the Identity Server as an Identity Provider for ADFS
187
Configuring the Identity Server
188
Configuring the ADFS Server
193
Logging in
195
Troubleshooting
196
Using the ADFS Server as an Identity Provider for an Access Manager Protected Resource197
197
Configuring the Identity Server as a Service Provider
198
Configuring the ADFS Server to be an Identity Provider
201
Logging in
202
Additional WS Federation Configuration Options
203
Modifying a WS Federation Identity Provider
203
Renaming the Identity Provider
203
Configuring the Attributes Obtained at Authentication
203
Modifying the User Identification Method
204
Managing the Metadata
205
Modifying the Authentication Card
206
Modifying a WS Federation Service Provider
206
Renaming the Service Provider
206
Configuring the Attributes Sent with Authentication
206
Modifying the Authentication Response
207
Managing the Metadata
208
8 Configuring User Identification Methods for Federation
209
Selecting a User Identification Method for Liberty or SAML 2.0
209
Selecting a User Identification Method for SAML 1.1
211
Configuring the Attribute Matching Method
213
Defining the User Provisioning Method
214
User Provisioning Error Messages
217
9 Configuring Communication Profiles
219
Configuring a Liberty Profile
219
Configuring a SAML 1.1 Profile
220
Configuring a SAML 2.0 Profile
220
10 Configuring Liberty Web Services
223
Configuring the Web Services Framework
224
Enabling Web Services and Profiles
224
Editing Web Service Descriptions
225
Configuring Credential Profile Security and Display Settings
226
Configuring Service and Profile Details
228
Customizing Attribute Names
231
Editing Web Service Policies
231
Configuring the Web Service Consumer
234
Mapping LDAP and Liberty Attributes
235
Configuring One-To-One Attribute Maps
236
Configuring Employee Type Attribute Maps
238
Configuring Employee Status Attribute Maps
239
Configuring Postal Address Attribute Maps
240
Configuring Contact Method Attribute Maps
242
Configuring Gender Attribute Maps
243
Configuring Marital Status Attribute Maps
244
11 Maintaining an Identity Server
247
Managing an Identity Server
247
Updating an Identity Server Configuration
248
Restarting the Identity Server
249
Editing Server Details
250
Configuring Component Logging
250
Enabling Component Logging
250
Managing Log File Size
252
Configuring Session-Based Logging
253
Creating the Administrator Class, Method, and Contract
253
Creating the Logging Session Class, Method, and Contract
255
Enabling Basic Logging
256
Responding to an Incident
256
Monitoring the Health of an Identity Server
259
Health States
259
Viewing the Health Details
259
Monitoring Identity Server Statistics
262
Application
263
Authentications
263
Incoming HTTP Requests
264
Outgoing HTTP Requests
265
Liberty
265
Saml 1.1
266
Saml 2
266
WSF (Web Services Framework)
266
Clustering
268
Ldap
269
Enabling Identity Server Audit Events
270
Monitoring Identity Server Alerts
272
Viewing the Command Status of the Identity Server
272
12 Troubleshooting the Identity Server and Authentication
275
Useful Networking Tools for the Linux Identity Server
275
Troubleshooting 100101043 and 100101044 Liberty Metadata Load Errors
275
The Metadata
276
DNS Name Resolution
277
Certificate Names
278
Certificates in the Required Trust Stores
279
Certificates in the Correct Certificate Store
280
Enabling Debug Logging
281
Testing Whether the Provider Can Access the Metadata
283
Manually Creating any Auto-Generated Certificates
283
Authentication Issues
283
Authentication Classes and Duplicate Common Names
284
General Authentication Troubleshooting Tips
284
Slow Authentication
285
Basic Authentication Fails with an Edirectory User Store
285
Federation Errors
285
Mutual Authentication Troubleshooting Tips
285
Browser Hangs in an Authentication Redirect
286
Translating the Identity Server Configuration Port
286
A Simple Redirect Script
287
Configuring Iptables for Multiple Components
289
Problems Reading Keystores after Identity Server Re-Installation
291
A Sample Custom Login Pages
293
Modified Login.jsp File for Credential Prompts
293
Custom Nidp.jsp File with Custom Credentials
296
The Modified Nidp.jsp File
296
The Modified Main.jsp File
302
The Method and the Contract
303
Custom 3.1 Login.jsp File
303
The Modified Login.jsp File
303
The Method and the Contract
306
Custom 3.0 Login.jsp File
306
Modifying the File
307
The Method and the Contract
310
B about Liberty
311
C Understanding How Access Manager Uses SAML
313
Attribute Mapping with Liberty
313
Trusted Provider Reference Metadata
314
Identity Federation
314
Authorization Services
314
What's New in SAML 2.0
314
C.3 Identity Federation
314
C.4 Authorization Services
314
C.5 What's New in SAML 2.0
314
Identity Provider Process Flow
315
C.7 SAML Service Provider Process Flow
316
D Data Model Extension XML
319
D.1 Elements
319
D.2 Writing Data Model Extension XML
322
Advertisement
Advertisement
Related Products
NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
Novell Access Manager 3.1 SP 1
Novell Access Manager 3.1 SP2 Beta 1
Novell Access Manager 3.1 SP 2
NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
NOVELL IFOLDER 3.8 - CROSS-PLATFORM
NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
NOVELL Categories
Software
Server
Desktop
Printer
Recording Equipment
More NOVELL Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL