Setting up federation with providers other than Novell Identity Servers requires the same basic tasks as setting up federation with Novell Identity Servers, with some modifications.
When you set up federation with identity providers and service providers that are controlled by a single company, you have access to the Administration Consoles for both Identity Servers and know the admin credentials. When setting up federation with another company, additional steps are required.
You need to negotiate with the other company and gain approval for federation because metadata must be shared and both sites require configuration. You’ll need to negotiate a schedule for these configuration changes.
The other site might not being using Access Manager for its identity or service provider. The basic tasks need to be modified to accommodate how that implementation shares metadata, authentication methods, and roles. Many SAML 1.1 providers do not support a metadata URL, and the data has to be imported manually.
For example, instead of sharing URLs that allow you to import metadata, you might need to share the actual metadata and paste it into the configuration. The Novell Identity Server validates the metadata of another identity provider or service provider; some implementations do not validate it. If the Identity Server determines that the metadata is invalid, you’ll need to negotiate with the provider to send you metadata that has been validated.
For a sample implementation with a third-party provider that explains the modifications that were required to set up the federation, see “SAML 1.1 with Concur”.