Configuring Communication Profiles
12
287
n
ov
do
cx (e
n)
16
Ap
ril 20
10
12
Configuring Communication
Profiles
You can configure the methods of communication that are available at the server for requests and
responses sent between providers. These settings affect the metadata for the server and should be
determined prior to publishing to other sites.
Section 12.1, “Configuring a Liberty Profile,” on page 287
Section 12.2, “Configuring a SAML 1.1 Profile,” on page 288
Section 12.3, “Configuring a SAML 2.0 Profile,” on page 288
12.1 Configuring a Liberty Profile
The profile specifies what methods of communication are available at the server for the Liberty
protocol. These settings affect the metadata for the server and should be determined prior to
publishing to other sites. If you have set up trusted providers, and then modify these profiles, the
trusted providers need to reimport the metadata from this Identity Server.
1
In the Administration Console, click
Devices > Identity Servers > Edit > Liberty > Profiles
.
2
Configure the following fields for identity providers and service providers:
Login:
Specifies whether to support Artifact or Post binding for login. Select one or more of
the following for the identity provider and the service provider:
The
Artifact
binding provides an increased level of security by using a back channel
means of communication between the two servers during authentication.
The
Post
method uses HTTP redirection to accomplish communication between the
servers.
Single Logout:
Specifies the communication method to use when the user logs out. Typically,
you select both of these options, which enables the identity provider or service provider to
accept both HTTP and SOAP requests. SOAP is used if both options are selected, or if the
service provider has not specified a preference.
HTTP:
Uses HTTP 302 redirects or HTTP GET requests to communicate logout requests
from this identity site to the service provider.
SOAP:
Uses SOAP over HTTP messaging to communicate logout requests from this
identity provider to the service provider.
Federation Termination:
Specifies the communication channel to use when the user selects to
defederate an account. Typically, you select both of these options, which enables the identity
provider or service provider to accept both HTTP and SOAP requests. SOAP is the default
setting if the service provider has not specified a preference.
HTTP:
Uses HTTP 302 redirects to communicate federation termination requests from
this server.
SOAP:
Uses SOAP back channel over HTTP messaging to communicate logout requests
from this server
Summary of Contents for ACCESS MANAGER 3.1 SP2 - README 2010
Page 4: ...4 Novell Access Manager 3 1 SP2 Identity Server Guide novdocx en 16 April 2010...
Page 12: ...12 Novell Access Manager 3 1 SP2 Identity Server Guide novdocx en 16 April 2010...
Page 158: ...158 Novell Access Manager 3 1 SP2 Identity Server Guide novdocx en 16 April 2010...
Page 172: ...172 Novell Access Manager 3 1 SP2 Identity Server Guide novdocx en 16 April 2010...
Page 182: ...182 Novell Access Manager 3 1 SP2 Identity Server Guide novdocx en 16 April 2010...
Page 290: ...290 Novell Access Manager 3 1 SP2 Identity Server Guide novdocx en 16 April 2010...
Page 362: ...362 Novell Access Manager 3 1 SP2 Identity Server Guide novdocx en 16 April 2010...
Page 374: ...374 Novell Access Manager 3 1 SP2 Identity Server Guide novdocx en 16 April 2010...