This is for ARS 6.3 on Windows
To use the AREA plugin:
Turn on Cross Reference Blank Password from the admin tool
add the following lines to ar.cfg
Now the hard part. You have to take the areasamp.c program that is supplied with the api and modify the function AREAVerifyLoginCallback to call a module that you develop (using sockets, I believe) or you get from your infrastructure people. Your module will take the user id and passcode from the login screen (which ARS makes conveniently available to the function) and return whether it is a Good User or a Bad User. After you compile it, you copy the areasamp.dll to your AR System folder where it will be run.
Caveats: This is not SSO. BMC was working on an areasso.c to use instead of areasamp.c. I don't know how far they got with this.
Julie
At 10:03 AM 10/6/2006, you wrote:
**
Julie:
Inquiring minds would like to know HOW you did this.
James McKenzie
L-3 GSI
-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Julie Rockwood
Sent: Friday, October 06, 2006 8:37 AM
To: [email protected]
Subject: Re: Authenticate an ARS user using a certificate stored on a smart card
Hi Rebecca,
Maybe you have something more advanced than we have, but we've customized areasamp.c to take the user supplied login id and passcode and call a module to authenticate it. It works great for both the WUT and mid-tier.
Let me know if you have any questions.
Julie
At 08:45 PM 10/5/2006, Rebecca Hammond wrote:
>Nothing, yet. Based on research, seems that it can't be done - you can
>set up a "trust" (which our security people get indignant at calling it
>that) - meaning, if you want to "trust" that just because someone got
>on to a machine with a smart card, you could grab the user name get
>them into the system that way. But you can't have the AR Server and
>the client communicate with certificates.
>
>However, on the mid-tier, we can use certificates, as we'll do all of
>the authentication work using SiteMinder...
>
>-----Original Message-----
>From: Action Request System discussion list(ARSList)
>[ mailto:[email protected]] On Behalf Of Davis, David CTR
>NAVSURFWARCENDIV Crane, Code 0552
>Sent: Thursday, October 05, 2006 1:24 PM
>To: [email protected]
>Subject: Re: Authenticate an ARS user using a certificate stored on a
>smart card
>
>Rebecca
>
>Have you been able to integrated ARS authentication with the PKI
>SmartCard yet? If so, what tools did you use.
>
>Thanks,
>Dave Davis
>Software Systems Engineer - SAIC
>
>
>-----Original Message-----
>From: Action Request System discussion list(ARSList)
>[ mailto:[email protected]] On Behalf Of Rebecca Hammond
>Sent: Wednesday, September 13, 2006 13:39
>To: [email protected]
>Subject: Re: Authenticate an ARS user using a certificate stored on a
>smart card
>
>Am I the only one who isn't totally confused by the white paper? I'm
>just not clear on how I'm supposed to write an Authenticator of my own,
>that handles PKI or SmartCard technology.
>
>Is it just because with SSO, it pulls the information from your OS?
>
>Does anyone have any samples of what these Authenticators might look
>like?
>
>Thanks in advance!
>
>-Rebecca Hammond
>
>On Fri, 11 Aug 2006 14:11:45 -0700, Easter, David
><[EMAIL PROTECTED]>
>wrote:
>
> >Daniel,
> >
> > You may want to take a look at the "Integrating BMC Remedy Action
> >Request System with Single Sign-On (SSO)" white paper that was
> >updated for AR System 7.00.00. It also applies to other client-side
> >login intercept technologies like smart cards or PKI.
> >
> >It is available on http://supportweb.remedy.com in the Documents
> >section.
> >
> >David J. Easter
> >Sr. Product Manager - BMC Software
> >
> >-----Original Message-----
> >From: Action Request System discussion list(ARSList)
> >[mailto:[email protected]] On Behalf Of CONDREA, Daniel
> >Sent: Thursday, August 10, 2006 10:53 PM
> >To: [email protected]
> >Subject: Authenticate an ARS user using a certificate stored on a
> >smart
>
> >card
> >
> >Hi All,
> >
> >Can anybody suggest a way to authenticate an ARS user using a
> >certificate stored on a smart card?
> >
> >The end user can not authenticate with a username and a password.
> >He/she can only authenticate using the certificate stored in the
>smartcard.
> >
> >Best regards,
> >Daniel Condrea
> >
> >--
> >
> >*****DISCLAIMER*****
> >
> >The information contained in this communication is confidential and
> >may
>
> >be legally privileged. It is intended solely for the use of the
> >individual or entity to whom it is addressed and others authorized to
> >receive it. If you are not the intended recipient you are hereby
> >notified that any disclosure, copying, distribution or taking action
> >in
>
> >reliance of the contents of this information is strictly prohibited
> >and
>
> >may be unlawful. Orange Romania S.A. is neither liable for the
> >proper, complete transmission of the information contained in this
> >communication nor any delay in its receipt.
> >
> >*****END OF DISCLAIMER*****
> >
> >_____________________________________________________________________
> >__
> >_
> >_______
> >UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
> >
> >_____________________________________________________________________
> >__
> >____
>____
> >UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
> >=====================================================================
> >==
> >=
>
>_______________________________________________________________________
>_
>_______
>UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
>
>_______________________________________________________________________
>_____
>___
>UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
>
>_______________________________________________________________________
>________ UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at http://www.wwrug.org
__20060125_______________________This posting was submitted with HTML in it___
-------------------------------------------------------
Julie Rockwood
Los Alamos National Laboratory
IST-APPS3 Remedy Technical Lead
(505) 667-9846
__20060125_______________________This posting was submitted with HTML in it___
