Use the Authentication Card page to manage the card assigned to a CardSpace authentication card.
In the Administration Console, click
> > > > .Configure the following fields:
ID: (Optional) Specify an alphanumeric value that identifies the card. If you need to reference this card outside of the user interface, you must specify a value here. If you do not assign a value, the Identity Server creates one for its internal use.
Text: Specify the text that is displayed on the card to the user.
Image: Specify the image to be displayed on the card. Select the image from the drop-down list. To add an image to the list, click
.Show Card: Determine whether the card is shown to the user, which allows the user to select and use the card for authentication. If this option is not selected, the card is only used when a service provider requests the card.
Select from the following actions:
New: To create a new profile, click Section 8.9.1, Configuring the General Details of a Card Profile.
For configuration information, seeA card profile allows you to provide different authentication options for the same card. When creating a profile, you select the type of provider that can issue the card, the claims that must have values in the card, and the method that is used to identify the user.
To create an authentication card profile, you must have at least one attribute set available that contains the claims you want to use for the card. To create an attribute set, click
> > .Modify: To modify an existing profile, click the name of the profile. For configuration information, see Section 8.9.1, Configuring the General Details of a Card Profile.
Make Default: To make a profile the default, select the profile, then click
.Delete: To delete a profile, select the profile, then click
.Click
, then update the Identity Server if you have changed the configuration.Use the Card Profile page to create a new card profile or to modify an existing profile.
In the Administration Console, click
> > > > > .Configure the following fields:
Name: Specify a display name for the profile.
ID: (Optional) Specify an alphanumeric value (no spaces) that identifies the card. If you need to reference this card outside of the user interface, you must specify a value here. If you do not assign a value, the Identity Server creates one for its internal use.
Text: Specify the text that is displayed on the card to the user.
Issuer: From the drop-down list, select the issuer for the card.
Any Trusted or Untrusted Provider or Personal Card: Specifies that the card can be either a personal card or a managed card from both trusted and untrusted providers.
Personal Card: Specifies that the card must be a personal card.
Any Trusted Provider or Personal Card: Specifies that the card can be either a personal card or a managed card from any trusted provider.
<Provider Name>: Specifies that the card must be a managed card from the specified provider. To add a trusted provider, click
> > > > .Token Type: Indicates that the authentication credential is a SAML 1.1 token.
Select one of the following actions:
If you are creating a profile, click Section 8.9.2, Configuring Attribute Claims.
. Continue withIf you have finished modifying the profile, click
twice, then update the Identity Server.To modify the profile attributes, click Section 8.9.2, Configuring Attribute Claims.
. Continue withTo modify the user identification methods, click Section 8.9.3, Configuring User Identification.
. Continue withUse the Attributes page to specify the attributes (claims) that must have values.
In the Administration Console, click
> > > > > > .Configure the following fields:
Attribute Set: From the drop-down list, select the attribute set from which you want to select required and optional attributes. These attributes must match the claims that have been defined for personal cards. If you need to create an attribute set, select Section 6.1, Configuring Attribute Sets.
. SeeRequired Attributes: From the list of available attributes, select an attribute and move it to the
list. If the managed card is going to be backed by a personal card, make sure the attribute is selected.Optional Attributes: From the list of available attributes, select an attribute and move it to the
list.Select one of the following actions:
If you are creating a profile, click Section 8.9.3, Configuring User Identification.
. Continue withIf you have finished modifying the profile, click
twice, then update the Identity Server.To modify the user identification methods, click Section 8.9.3, Configuring User Identification).
. Continue withUse this page to specify the user identification methods. The options on this page determine whether the user can use the card for single sign-on.
In the Administration Console, click
> > > > > > .Configure the following fields:
Satisfied Contracts: From the list of available contracts, select a contract and move it to the
list. Select one or more.If you are using CardSpace to allow access to Access Gateway protected resources, you must ensure that all contracts specified for a protected resource are satisfied by an authentication profile.
Allow Federation: Select this option to enable account federation. Enabling this option assumes that a user account exists at the provider or that a method is provided to create an account that can be associated with the user on subsequent logins. If you do not use this feature, authentication is permitted but is not associated with a particular user account.
Select one of the following user identification methods for associating the accounts:
Do nothing: Allows the user to authenticate without creating an association with a user account. This option cannot be used when federation is enabled.
Authenticate: Select this option when you want to use login credentials. This option prompts the user to log in to the service provider.
Allow ‘Provisioning’: Select this option to allow users to create an account when they have no account on the service provider.
This option requires that you specify a user provisioning method.
Provision Account: Select this option when the users on the identity provider do not have accounts on the service provider. This option allows the service provider to trust any user that has authenticated to the trusted identity provider.
This option requires that you specify a user provisioning method.
Attribute matching: Select this option when you want to use attributes to match an identity server account with a service provider account. This option requires that you specify a user matching method.
Prompt for password on successful match: Select this option to prompt the user for a password when the user’s name is matched to an account, to ensure that the account matches.
(Conditional) If you selected a user identification method that requires a matching method or a provision setting, configure the required method.
Provisioning Settings: Allows you to select or create a user provisioning method. See Section 11.3, Defining the User Provisioning Method. For user provisioning error messages, see Section 11.4, User Provisioning Error Messages.
Attribute Matching Settings: Allows you to select or create a user matching method. See Configuring the Attribute Matching Method for Liberty or SAML 2.0.
If you are creating a new profile, click
, or if you are modifying a profile, click .Click
, then update the Identity Server.