Contracts are the element you can assign to a protect a resource.
Click Devices > Identity Servers > Edit > Local > Contracts > New.
Specify a Display name. For example, Contract-NMAS-NESCM-UserStore1.
Enter a URI. For example, nescm/test/uri.
The URI is used to identify this contract for external providers and is a unique path value that you create.
In Available methods, select the method created in Creating a Method to Use the NMAS Class, then click the left-arrow to move this method into the Methods list.
All other fields can remain in the default state.
(Conditional) If you want the user’s credentials (username and password) to be available for Identity Injection policies, add the password fetch method as a second method for the contract.
For more information, see Section 5.16.4, Password Retrieval.
Click Next and specify the following details to configure a card for the contract:
ID: (Optional) Specify an alphanumeric value that identifies the card. If you need to reference this card outside of Administration Console, you need to specify a value here. If you do not assign a value, Identity Server creates one for its internal use.
Text: Specify the text that is displayed on the card to the user, for example Smart Card.
Image: Select the image to display on the card. You can select the NMAS Biometrics image or you can select the Select local image option and upload an image that your users can associate with using this smart card authentication contract.
Show Card: Determine whether the card is shown to the user, which allows the user to select and use the card for authentication. If this option is not selected, the card is only used when a service provider makes a request for the card.
Click Finish > OK.
Update Identity Server.
Update Access Gateway.
Continue with Assigning the NESCM Contract to a Protected Resource