Novell Access Manager 3.1 SP1 Identity Server Guide

Novell Access Manager 3.1 SP1 Identity Server Guide

Configuring an Identity Server

Managing a Cluster Configuration

Customizing Identity Server Messages

Customizing the Identity Server Login Page

Customizing the Identity Server Logout Page

Enabling Role-Based Access Control

Using netHSM for the Signing Key Pair

Configuring Secure Communication on the Identity Server

Security Considerations

Configuring Local Authentication

Configuring Identity User Stores

Creating Authentication Classes

Configuring Authentication Methods

Configuring Authentication Contracts

Using a Password Expiration Service

Specifying Authentication Defaults

Managing Direct Access to the Identity Server

Configuring Advanced Local Authentication Procedures

Configuring for RADIUS Authentication

Configuring Mutual SSL (X.509) Authentication

Creating an ORed Credential Class

Configuring for Kerberos Authentication

Configuring Access Manager for NESCM

Defining Shared Settings

Configuring Attribute Sets

Editing Attribute Sets

Configuring User Matching Expressions

Adding Custom Attributes

Adding Authentication Card Images

Configuring SAML and Liberty Trusted Providers

Understanding the Trust Model

Configuring General Provider Options

Creating a Trusted Provider

Modifying a Trusted Provider

Configuring CardSpace

Overview of the CardSpace Authentication Process

Prerequisites for CardSpace

Authenticating with a Personal Card

Authenticating with a Managed Card

Authenticating with a Managed Card Backed by a Personal Card

Configuring the Identity Server as a Relying Party

Configuring the Identity Server as an Identity Provider

Using CardSpace Cards for Authentication to Access Gateway Protected Resources

Configuring WS Federation

Using the Identity Server as an Identity Provider for ADFS

Using the ADFS Server as an Identity Provider for an Access Manager Protected Resource

Modifying a WS Federation Identity Provider

Modifying a WS Federation Service Provider

Configuring User Identification Methods for Federation

Selecting a User Identification Method for Liberty or SAML 2.0

Selecting a User Identification Method for SAML 1.1

Configuring the Attribute Matching Method

Defining the User Provisioning Method

User Provisioning Error Messages

Configuring Communication Profiles

Configuring a Liberty Profile

Configuring a SAML 1.1 Profile

Configuring a SAML 2.0 Profile

Configuring Liberty Web Services

Configuring the Web Services Framework

Enabling Web Services and Profiles

Editing Web Service Descriptions

Configuring Credential Profile Security and Display Settings

Configuring Service and Profile Details

Customizing Attribute Names

Editing Web Service Policies

Configuring the Web Service Consumer

Mapping LDAP and Liberty Attributes

Maintaining an Identity Server

Managing an Identity Server

Editing Server Details

Configuring Component Logging

Configuring Session-Based Logging

Monitoring the Health of an Identity Server

Monitoring Identity Server Statistics

Enabling Identity Server Audit Events

Monitoring Identity Server Alerts

Viewing the Command Status of the Identity Server

Troubleshooting the Identity Server and Authentication

Useful Networking Tools for the Linux Identity Server

Troubleshooting 100101043 and 100101044 Liberty Metadata Load Errors

Authentication Issues

Translating the Identity Server Configuration Port

Problems Reading Keystores after Identity Server Re-installation

Sample Custom Login Pages

Modified login.jsp File for Credential Prompts

Custom nipd.jsp File with Custom Credentials

Custom 3.1 login.jsp File

Custom 3.0 login.jsp File

Understanding How Access Manager Uses SAML

Attribute Mapping with Liberty

Trusted Provider Reference Metadata

Identity Federation

Authorization Services

What's New in SAML 2.0?

Identity Provider Process Flow

SAML Service Provider Process Flow

Data Model Extension XML

Elements

Writing Data Model Extension XML