8.7 Managing CardSpace Trusted Providers

A trusted provider is an issuer of authentication tokens that you want to strongly trust. The provider has given you its issuer ID and its public key for the signing certificate. Tokens issued from this trusted provider are validated by using the public key certificate.

  1. In the Administration Console, click Devices > Identity Servers > Edit > CardSpace > Trusted Providers.

  2. Select from the following actions:

    New: Launches the Create Trusted Identity Provider Wizard. See Section 8.7.1, CardSpace Identity Provider Wizard for more information.

    Delete: Allows you to delete the selected identity provider.

    Enable: Enables the selected identity provider.

    Disable: Disables the selected identity provider. When the provider is disabled, the server does not load the definition. However, the definition is not deleted.

  3. Click OK, then update the Identity Server if you modified the configuration.

8.7.1 CardSpace Identity Provider Wizard

The CardSpace Wizard allows you to create a new identity provider.

  1. In the Administration Console, click Devices > Identity Servers > Edit > CardSpace > Trusted Providers > New.

  2. Configure the following fields:

    Name: Specify a display name for the provider. This name appears in the list of trusted providers that you can select for an authentication card profile.

    Source: Specifies that the Provider ID is entered manually.

    Provider ID: Specify the issuer ID of the trusted provider. For an Identity Server cluster, the issuer ID is the base URL of the Identity Server plus the following path:

    /sts/services/Trust
    

    For example, if the base URL is https://test.lab.novell.com:8443/nidp, the Provider ID is the following value:

    https://test.lab.novell.com:8443/nidp/sts/services/Trust
    

    Identity Provider: Specify the signing certificate of the Identity Server. You need to export the public key certificate to a file and make it available so that you can browse to the location of the file.

  3. Click Next, then click Finish on the certificate page.

  4. Click OK, then update the Identity Server.

8.7.2 Renaming the CardSpace Provider

Use the CardSpace page to modify the display name of the identity provider.

  1. In the Administration Console, click Devices > Identity Servers > Edit > CardSpace > [Name of Identity Provider].

  2. To modify the name, specify a new display name for the trusted provider in the Name text box.

    This name appears in the list of trusted providers that you can select for an authentication card profile.

  3. Click OK twice, then update the Identity Server.

8.7.3 Updating the Metadata of the CardSpace Provider

Use the Metadata page to edit the Provider ID and to reimport the signing certificate.

  1. In the Administration Console, click Devices > Identity Servers > Edit > CardSpace > [Name of Identity Provider] > Metadata.

  2. Verify that the ID value matches the provider ID.

  3. Click Edit.

  4. Modify the following fields as required:

    Provider ID: Modify or specify a new issuer ID for the trusted provider.

    Signing Certificate: Click Browse to find the signing certificate and import it.

  5. Click OK twice, then update the Identity Server.