9.3.1 Creating Indexes in eDirectory To improve User Application performance, the eDirectory Administrator should create indexes for the manager, ismanager and srvprvUUID attributes. Without indexes on these attributes, User Application users can experience impeded performance, particularly in a clustered environment. These indexes can be created automatically during installation if you select Create eDirectory Indexes on the Advanced tab of the User Application Configuration Panel (described in ), or refer to the Novell eDirectory Administration Guide for directions on using Index Manager to create indexes. • Go to the iManager View Objects >Browse tab and find your new affiliate object in the SAML Assertion.Authorized Login Methods.Security container. • Select the new affiliate object, then select Modify Object.

• Add an authsamlProviderID attribute to the new affiliate object. This attribute is used to match an assertion with its affiliate. The contents of this attribute must be an exact match with the Issuer attribute sent by the SAML assertion. • Click the OK. • Add authsamlValidBefore and authsamlValidAfter attributes to the affiliate object. These attributes define the amount of time, in seconds, around the IssueInstant in an assertion when the assertion is considered valid. A typical default is 180 seconds.

• Select the Security container, then select Create Object to create a Trusted Root Container in your Security Container. • Create a Trusted Root objects in the Trusted Root Container. • Return to Roles and Tasks >Directory Administration then select Create Object.

• Select Show all object classes again. • To create a Trusted Root object for the certificate that your affiliate will use to sign assertions.

You must have a der encoded copy of the certificate to do this. • Create new trusted root objects for each certificate in the signing certificate's chain up to the root CA certificate. • Set the Context to the Trusted Root Container created earlier, then click OK.

Garmin World Speedcams May 2011 here. Novell Modular Authentication Service (NMAS) is a component of Novell eDirectory™ that enables you to centrally manage. NMAS provides the pcProx login method. Install NMAS SAML method enabled on the User store defined per Identity Server configuration Situation Formfill policy defined that reads and writes secrets to a remote eDirectory LDAP user store.

• Return to the Object Viewer. • Add an authsamlTrustedCertDN attribute to your affiliate object, then click OK. This attribute should point to the 'Trusted Root Object' for the signing certificate that you created in the previous step. (All assertions for the affiliate must be signed by certificates pointed to by this attribute, or they will be rejected.) • Add an authsamlCertContainerDN attribute to your affiliate object, then click OK. This attribute should point to the 'Trusted Root Container' that you created before. (This attribute is used to verify the certificate chain of the signing certificate.).