106 Novell Access Manager 3.1 SP1 Identity Server Guidenovdocx (en) 19 February 20105 Click New to add an IP address for the RADIUS server. You can add additional servers forfailover purposes.6 Click OK.7 Fill in the following fields:Port: The port of the RADIUS server.Shared Secret: The RADIUS shared secret.Reply Time: The total time to wait for a reply in millisecondsResend Time: The time to wait in milliseconds between requests.Server Failure Retry: The time in milliseconds that must elapse before a failed server isretried.JSP: Specify the name of the login page if you want to use something other than the defaultpage. The filename must be specified without the JSP extension. The default page is used ifnothing is specified. Require Password: Select to require the user to also specify an LDAP password.8 Click Finish.To use an authentication class, the class must have one or more associated methods, and themethods need to be associated with a contract. For information on these tasks, see thefollowing:. Section 2.3, “Configuring Authentication Methods,” on page 92 Section 2.4, “Configuring Authentication Contracts,” on page 943.2 Configuring Mutual SSL (X.509)AuthenticationMutual authentication is used when a user is issued an X.509 certificate from a trusted source, andthe certificate is then used to identify the user. To ensure the validity of the certificates, AccessManager supports both Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol(OCSP) methods of verification.To configure X.509 authentication, you need to create an authentication class that lets youauthenticate users using X.509 certification. The class needs to be associated with a method thatidentifies the user stores that contain the user certificates.1 Log in to the Administration Console.2 Import the trusted root certificate or certificate chain of the Certificate authority into theIdentity Server trusted root store. See “Importing Public Key Certificates (Trusted Roots)” inthe Novell Access Manager 3.1 SP1 Administration Console Guide.The Identity Server must trust the Certificate authority that created the user certificates.3 To create the X.509 authentication class, click Devices > Identity Servers > Edit > Local >Classes.4 Click New.