176 Novell Access Manager 3.1 SP1 Identity Server Guidenovdocx (en) 19 February 20106.4.4 Configuring the Relying Party to Trust an IdentityProviderTo configure a trusted relationship, you need to create a trusted provider configuration for theidentity provider. You also need to either modify an existing authentication profile or create a profilethat includes the trusted provider as an issuer of security tokens.To create a trusted provider configuration for the Identity Server acting as the identity provider, youneed to know the base URL of the Identity Server and have a file containing the public key of thesigning certificate of the Identity Server.1 To obtain the public key certificate of the identity provider, log in to the AdministrationConsole of the identity provider.1a Click Security > Certificates.1b Click the certificate you have created for the Identity Server to use for SSL and signing.1c On the certificate page, click Export Public Certificate > DER File, then save thecertificate to a file.1d Copy this file to a location available to the Administration Console for the relying party.2 To create a trusted provider configuration for the identity provider, log in to the AdministrationConsole for the relying party.2a Click Devices > Identity Servers > Edit > CardSpace.2b Click Trusted Providers > New, then fill in the following fields:Name: Specify a display name for the identity provider. This name appears in the list oftrusted providers that you can select for an authentication card profile. You might want touse part of the DNS name of the identity provider.Source: This line specifies that the Provider ID is entered manually.Provider ID: Specify the issuer ID of the trusted provider. For an Identity Server clusterconfiguration, the issuer ID is the base URL of the Identity Server plus the following path:/sts/services/TrustFor example, if the base URL is https://test.lab.novell.com:8443/nidp, the Provider ID isthe following value:https://test.lab.novell.com:8443/nidp/sts/services/TrustIdentity Provider: Click Browse to browse for and find the certificate that you exportedfor the identity provider.2c Click Next > Finish to confirm the signing certificate.3 To create a profile that allows this trusted provider to be an issuer of security tokens, clickAuthentication Card.The following steps explain how to create a new profile for the trusted provider. This allowsyou to see how a CardSpace authentication card can be configured for multiple profiles.3a Click New, then fill in the following fields:Name: Specify a display name for the profile that indicates which trusted provider isgoing to use the profile.ID: (Optional) Leave this field blank.