Novell Access Manager 3.1 SP5 Identity Server Guide

  Novell Access Manager 3.1 SP5 Identity Server Guide
    Configuring an Identity Server
      Managing a Cluster Configuration
      Enabling Role-Based Access Control
      Configuring Secure Communication on the Identity Server
      Security Considerations
      Translating the Identity Server Configuration Port
      Using netHSM for the Signing Key Pair
    Customizing Login Pages, Logout Pages, and Messages
      Customizing the Identity Server Login Page
      Customizing the Identity Server Logout
      Customizing Identity Server Messages
      Sample Custom Login Pages
    Configuring Local Authentication
      Configuring Identity User Stores
      Creating Authentication Classes
      Configuring Authentication Methods
      Configuring Authentication Contracts
      Specifying Authentication Defaults
      Managing Direct Access to the Identity Server
    Configuring Advanced Local Authentication Procedures
      Configuring for RADIUS Authentication
      Configuring Mutual SSL (X.509) Authentication
      Creating an ORed Credential Class
      Configuring for OpenID Authentication
      Configuring Password Retrieval
      Mapping Transient Identifier to Local User
      Configuring Access Manager for NESCM
    Configuring for Kerberos Authentication
      Configuring Active Directory
      Configuring the Identity Server
      Configuring the Clients
      Configuring the Access Gateway for Kerberos Authentication
    Defining Shared Settings
      Configuring Attribute Sets
      Editing Attribute Sets
      Configuring User Matching Expressions
      Adding Custom Attributes
      Adding Authentication Card Images
      Creating an Image Set
    Configuring SAML and Liberty Trusted Providers
      Understanding the Trust Model
      Configuring General Provider Options
      Managing Trusted Providers
      Modifying a Trusted Provider
      Configuring Communication Security
      Selecting Attributes for a Trusted Provider
      Managing Metadata
      Configuring an Authentication Request for an Identity Provider
      Configuring an Authentication Response for a Service Provider
      Managing the Authentication Card of an Identity Provider
      Using the Intersite Transfer Service
    Configuring CardSpace
      Overview of the CardSpace Authentication Process
      Prerequisites for CardSpace
      CardSpace Configuration Scenarios
      Configuring the Identity Server as a Relying Party
      Configuring the Identity Server as an Identity Provider
      Using CardSpace Cards for Authentication to Access Gateway Protected Resources
      Managing CardSpace Trusted Providers
      Managing Card Templates
      Configuring Authentication Cards
      Cleaning Up Identities
    Configuring STS
      Configuring STS Attribute Sets
      Configuring Authentication Methods
      Configuring the Authentication Request
    Configuring WS Federation
      Using the Identity Server as an Identity Provider for ADFS
      Using the ADFS Server as an Identity Provider for an Access Manager Protected Resource
      Managing WS Federation Providers
      Modifying a WS Federation Identity Provider
      Modifying a WS Federation Service Provider
    SP Brokering
      Configuring the SP Broker
      Creating and Viewing Brokering Groups
      Generating the Brokering URLs by Using an ID and Target in the Intersite Transfer Service
    Configuring User Identification Methods for Federation
      Defining User Identification for Liberty and SAML 2.0
      Defining User Identification for SAML 1.1
      Defining Options for Liberty or SAML 2.0
      Defining Session Synchronization for the A-Select SAML 2.0 Identity Provider
      Configuring the Liberty or SAML 2.0 Session Timeout
      Defining the User Provisioning Method
      User Provisioning Error Messages
    Configuring Communication Profiles
      Configuring a Liberty Profile
      Configuring a SAML 1.1 Profile
      Configuring a SAML 2.0 Profile
    Configuring Liberty Web Services
      Configuring the Web Services Framework
      Managing Web Services and Profiles
      Configuring Credential Profile Security and Display Settings
      Customizing Attribute Names
      Configuring the Web Service Consumer
      Mapping LDAP and Liberty Attributes
    Maintaining an Identity Server
      Managing an Identity Server
      Editing Server Details
      Configuring Component Logging
      Configuring Session-Based Logging
      Monitoring the Health of an Identity Server
      Monitoring Identity Server Statistics
      Enabling Identity Server Audit Events
      Monitoring Identity Server Alerts
      Viewing the Command Status of the Identity Server
      Tuning the Identity Server for Performance
    Troubleshooting the Identity Server and Authentication
      Useful Networking Tools for the Linux Identity Server
      Troubleshooting 100101043 and 100101044 Liberty Metadata Load Errors
      Authentication Issues
      Problems Reading Keystores After Identity Server Re-installation
      After Setting Up the User Store to Use SecretStore, Users Report 500 Errors
      When Multiple Browser Logout Option Is Enabled User Is Not Getting Logged Out From Different Sessions
      302 Redirect to RelayState URL After Receiving a SAML Response Is Being Sent to an Incorrect URL
      Enabling Secure or HTTPOnly Flags for Cluster Cookies
    About Liberty
    Understanding How Access Manager Uses SAML
      Attribute Mapping with Liberty
      Trusted Provider Reference Metadata
      Identity Federation
      Authorization Services
      What's New in SAML 2.0?
      Identity Provider Process Flow
      SAML Service Provider Process Flow
    Data Model Extension XML
      Writing Data Model Extension XML
    Legal Notices