Federation Enhancements: The following features are enhanced in the SAML and Liberty protocols:
NIDP Principal Consistency:
Allows you to set the identity provider session timeout, configure assertion validity time, overwrite the temporary user, and identify real users. For more information, see Configuring Authentication Methods
and Configuring the Attribute Matching Method for SAML 1.1
in the Novell Access Manager 3.1 SP3 Identity Server Guide.
Whitelist of Target URLs:
Allows you to access only the target URL which is available in the domain list. For more information, see Configuring Whitelist of Target URLs
in the Novell Access Manager 3.1 SP3 Identity Server Guide.
Local Method Execution Post Federation:
This feature authenticates the user as the local service provider after the remote password authentication. This features also configures the assertion validity time and overwrites the temporary user and real user identifications. For more information, see Defining User Identification for Liberty and SAML 2.0
in the Novell Access Manager 3.1 SP3 Identity Server Guide.
Mapping Between Types and Contracts:
The Identity Server is contract-based and this setting permits an association to be made between a contract and the external provider assertion. For more information, see Modifying the Authentication Card for Liberty or SAML 2.0
in the Novell Access Manager 3.1 SP3 Identity Server Guide.
Password Fetch Class Extensions:
The Novell Access Manager supports password retrieval of the users who are mapped based on the CN of the user object and attribute value of the user object in different ways. For more information see, Configuring Password Retrieval
in the Novell Access Manager 3.1 SP3 Identity Server Guide.
SP Brokering:
The Novell Access Manager Identity Service acts as a federation gateway or a service provider broker (SP Broker). This feature is used along with the Intersite Transfer Service of the identity provider, which enables authentication at a trusted service provider. The SP Broker feature helps control the authentication flow between several identity providers and service providers in a federation circle by allowing the administrator to configure policies that control Intersite Transfers. For example, an administrator can configure a policy with SP Broker that allows only certain users from an identity provider to be authenticated at a given service provider.For more information, see SP Brokering
in the Novell Access Manager 3.1 SP3 Identity Server Guide.
A-Select Feature Enhancements: The following sections provides information about A-Select feature.
Defining Session Synchronization forLiberty or SAML 2.0:
You need to configure the properties for the session synchronization between the service provider and the target identity provider. For more information, see Defining Session Synchronization for the A-Select SAML 2.0 Identity Provider
in the Novell Access Manager 3.1 SP3 Identity Server Guide.
Defining Options for Liberty or SAML 2.0:
According to Single Logout Profile in OASIS SAML V2.0 profiles, the session users can use a front channel binding. This profile is initiated to maximize the successful logout to all users which is propagated by the session authority. For more information, see Defining Options for Liberty or SAML 2.0
in the Novell Access Manager 3.1 SP3 Identity Server Guide.
Configuring Liberty or SAML 2.0 SessionTimeout:
You can configure the web.xml parameter in the ESP (Embedded Service Provider). When timeout is reached, the ESP creates a SAML 2.0 logout request to remote Identiy Provider over SOAP backchannel. For more information, see Configuring the Liberty or SAML 2.0 Session Timeout
in the Novell Access Manager 3.1 SP3 Identity Server Guide.