174 Novell Access Manager 3.1 SP1 Identity Server Guidenovdocx (en) 19 February 20106.4 Authenticating with a Managed CardTo use a managed card, you need both a relying party and an identity provider as illustrated inFigure 6-2 on page 168. The following scenario explains how to set up a second Identity Server tobe the identity provider. It also explains how to configure a trusted relationship between the relyingparty, so that a user can authenticate to the relying party with a managed card. Section 6.4.1, “Prerequisite,” on page 174 Section 6.4.2, “Configuring a CardSpace Identity Provider,” on page 174 Section 6.4.3, “Creating and Installing a Managed Card,” on page 175 Section 6.4.4, “Configuring the Relying Party to Trust an Identity Provider,” on page 176 Section 6.4.5, “Logging In with the Managed Card,” on page 177These sections describe only a few of options available for configuring the Identity Server as aCardSpace identity provider. For information about all the available options, see Section 6.7,“Configuring the Identity Server as an Identity Provider,” on page 183.6.4.1 PrerequisiteFor CardSpace and managed cards, you need to make sure that the SSL certificate and the signingcertificate of the Identity Server use the same name for the certificate’s subject name. When youconfigured the Identity Server for SSL, you replaced the default SSL certificate with a certificatethat uses the DNS name of the Identity Server as the subject name. For CardSpace, you need toreplace the default signing certificate. You can use the same certificate for signing as you did forSSL.1 In the Administration Console, click Devices > Identity Servers > Edit > Security.2 In the Keys and Certificate section, click Signing.3 Click Replace.4 In the Replace pop-up, click the Select Certificate icon, select the certificate you created forSSL, then click OK.5 When the certificate appears in the Certificate box, click OK, then click Close.6 Update the Identity Server.7 Complete these steps for both Identity Servers: the relying party and the identity provider.6.4.2 Configuring a CardSpace Identity ProviderWhen you configure an Identity Server to be a CardSpace identity provider, you need to create amanaged card template. Users can then use the template to create and install a managed card in theircard selector.1 In the Administration Console, click Devices > Identity Servers > Edit > CardSpace.2 Click Managed Card Templates > New, then fill in the following fields:Name: Specify a display name for the template.Description: Specify the text to be displayed on the card. This can contain information abouthow the card can be used or the type of resource that can be accessed with the card.