You can configure Identity Manager to work with NetIQ Access Manager using SAML 2.0 authentication. This capability enables you to use a technology that is not password-based to log in to the identity applications through Access Manager. For example, users can log in through a user (client) certificate, such as from a smart card.
Access Manager interacts with OSP to map the user to a DN in the Identity Vault. When a user logs in to the identity applications through Access Manager, Access Manager can inject a SAML assertion (with the user’s DN as the identifier) into an HTTP header and forward the request to the identity applications. The identity applications use the SAML assertion to establish the LDAP connection with the Identity Vault.
Accessory portlets that allow single sign-on authentication based on passwords do not support single sign-on when SAML assertions are used for identity application authentication.