I'm developing a new website (ASP.Net, VB codebehind pages, .Net 3.5) to replace a "Classic ASP" site. Some of the pages are 'public' and the rest require authentication - in this case it's done by reading DoD-issued CAC cards through the keyboard. Now, for 'production', they configure IIS so that it does the authentication challenge (...
I'm bascially looking for someplace to start learning how to interface with a government CAC card using java. Ultimately, my goal is to find out how to use CAC card authentication (by PIN number) to authorize access to a website hosted using a Tomcat/J2EE server. But I'll need somewhere to start. So I figure I'd start by writing a smal...
I have figured out all the necessary steps to get DOD CAC card based client certificate authentication working in Apache, but am now struggling to pull a good GUID for the user from the certificate I am receiving. Is there a GUID available on the certificate that will not change when the CAC card is renewed? I was thinking of using the...
I need to write a java program to connect to a HTTPS server (DoD website). The website requires CAC (DoD common access card) authentication. If you access this site via browser, you insert your CAC first, and then enter a PIN. I need to accomplish the authentication process programmatically in java (kind of acting like browser). How do ...
How does one implement Apache (within Linux) authentication using Department of Defense CAC cards? I've heard it can be done but have not come across any details. Currently we use Windows Active directory for Apache authentication but only using Logins/Passwords. Soon the requirement will to be use CAC cards only. Any hints would be a...
Having an issue with random individuals trying to access an intranet site with a security certificate. Most users are able to simply select their Smartcard/CAC certificate, enter the pin number and then are granted access to the site's pages. However, random individuals enter their pin and then are immediately re-prompted by the IE aler...
We have one browser-based application where we want to make the user reauthenticate when they enter it. So when they access that URL we want them to be presented with the PIN prompt so they have to reauthenticate. Is there a reasonable way to do that? Added info: This is for a CAC card and the workstations have ActivIdentity and Tumble...
I can open as many instances of IE7 as I want and I get prompted for a cert each time (but no PIN). However, if I close any of the instances of IE7, then on the next open I get the PIN prompt. So it seems to me that the IE7 program is doing something when it is closed to tell the smart card to "expire" the current PIN. I would like to ...
I'm attempting to enable SSL communication from a web service client (Axis2) using the certificate on the user's CAC card. Works like a charm....UNTIL the web server is CAC enabled. At that point the SSL connection is rejected with the error message that the other certificates in the chain were not included. I have ensured that the pr...
I am building a python application to pull data from a website. The application has to authenticate(HTTPS/SSL) with a CAC card and pin in order to make requests. Am I correct in my assumptions that you can't retrieve the private key from a CAC card, and am therefore stuck using a PKCS #11 Wrapper like PyKCS? Any tips or resources for g...
ENVIRONMENT: In an active directory environment we are using ActivClient to copy a digital signing certificate from a smart card to the current user store upon smart card insertion. The smart card certificate is equipped only with digital signature, non-repudiation purposes. PROBLEM: After the certificate is copied from the smart car...
Users are getting sporadic "Server not found" errors after idling in the browser. We have a HTTPS web application (Apache/Tomcat) using NSS for authentication on the server. The error occurs when a user opens the application and later lets it sit idle/untouched for 15 minutes. When they try to access the application they can get a "Ser...
Folks, I'm working on a certificate authentication app that will authenticate user based on CAC inserted. How do I know when the CAC is inserted / removed? I'll be "catching" that event in C++ or Java. Thanks. ...
I'm developing a CAC authentication app. I'm running RHEL 5.5 and have a card reader attached to my machine. When I insert a smart card/CAC, there is a popup notification that comes on the upper right hand side on the window where the clock is and the "Smart Card Manager" GUI is accessible clicking on the icon (card with lock on it) tha...
I need to support DoD issued CAC-based authentication in my web application deployed in JBoss. Could someone give me pointers on where to start, the steps involved, etc? Also, which JCE provider should I go with (OpenSSO, BountyCastle, etc)? I tried to google for a list of (active/current) providers but couldn't really find it. Is there...
I'm using nss libraries to read certificates off a smart card/CAC. This is for an app on red hat linux. Bascially I need to get the list of certificates from the CAC and present to the user in a gui (using wxWidgets) allowing the user to pick the certificate to use for authentication. For that, I need to present the certificate list in a...
Hi All, I am trying to run a java client with 2way SSL which uses CAC card as keystore for the client. I have addded the following system property in my client program to make it work and change the java.security file to add pcks11 provider. System.setProperty("javax.net.ssl.keyStoreType", "pkcs11"); System.setProperty("javax.net.debug...
Hi All, I am trying to run a java client with 2way SSL which uses CAC card as keystore for the client. I have addded the following system property in my client program to make it work and change the java.security file to add pcks11 provider. System.setProperty("javax.net.ssl.keyStoreType", "pkcs11"); System.setProperty("javax.net.debug...
Hi - I work on an IIS6/ASP.NET website that must "require client certificates" in the form of a smart card (specifically a Common Access Card). I need to create a few services to access various URLs on a timer to do things like update search indices, warm up Sharepoint pages, and other tasks. How can this be done, given that the sit...
We're trying to enable our rich client C++ Windows application to utilise DoD CAC cards. We're using a third party library to secure our client/server communication using SSL, and it recognises/handles generic smart cards, but only if the certificate was created by its own, bundled application. Why? Isn't a certificate a certificate? H...