186 Novell Access Manager 3.1 SP1 Identity Server Guidenovdocx (en) 19 February 20106.8 Using CardSpace Cards for Authentication toAccess Gateway Protected ResourcesThe protected resources on an Access Gateway are designed to rely on contracts for authentication.The CardSpace protocol uses cards for authentication. Therefore, to use the CardSpace protocol asthe authentication authority for protected resources, you need to associate an authentication cardprofile with the authentication contract you are using for the protected resources.1 In the Administration Console, click Devices > Identity Servers > Edit > Local > Contracts.2 Click the name of the contract you are using for protected resources.3 Verify that the Satisfiable by External Provider option is enabled, then click AuthenticationCard.4 Disable the Show Card option, then click OK.5 Click CardSpace > Authentication Card, then in the Profiles section, select the profile you wantto use with protected resources.If you select a profile that is configured only for a personal card, the user must supply apersonal card to log in.If you select a profile that is configured for a managed card, the user can supply a managedcard to log in.6 Click User Identification, then configure the following fields:Satisfies contract: Select the contract that is used by the protected resource.Allow federation: Select this option so that the personal private identifier of the card can beassociated with a user in the Identity Server’s user store.Authenticate: Select this method for federation.7 Click OK twice, then update the Identity Server.8 (Optional) Verify the configuration by requesting access to a protected resource configured touse the contract you have enabled for CardSpace.