The OS doesn't use the card to login nor does the web system trust any
public key for ssl
Shi Yusen wrote:
First, you should know the CAC is a keystore, so it has a keystore
password.
Second, you should enter the CAC password when your browser prompts
password input. When setting up the SSL, your browser will try to read
the keystores in your client until it can find a match one or failed.
More details of your knowledge background and the target scenarios will
help the others to know where you are.
For example:
Does your OS also using this card to login?
Does your web system trust public key got from SSL?
Regards,
Shi Yusen/Beijing Langhua Ltd.
在 2009-07-14二的 16:46 -0700,David Allender写道:
Update:
I solved the problem. I had to add another </bean> at the end of the
added x509check. Now it just prompts for the activeclient password and
if i click cancel enough times, it'll finally redirect me to the cas
login page.
Can it be the deployerConfigContext.xml? or can it be something else.
I believe I'm having troubles with the whole "<property
name="identifier" value="$CN" />" and which class to use...it explains
in http://www.ja-sig.org/wiki/display/CASUM/X.509+Certificates but I'm
still a bit confused.
Theres the keystore ./keystore in my home directory(c:\documents and
settings\username\) and a trust store in both
jdk1.6.0_10\jre\lib\security\cacerts AND jre6\lib\security\cacerts.
I can use keyman to open up the keystores and truststores to see what is
inside them and I sorta get the picture of what is in them. Certificate
Authority is in the trust store, and self signed certificates are in my
./keystore.
now aside from all that, there are the CAC card certificates which I
have to deal with. Can anyone help dumb it down a little so I can try
to see this a different way? Maybe analogies might help? Thank you
again in advance.
-David
Marvin S. Addison wrote:
I'm still trying to figure out how I can use those certificates and
automatically authenticate them using CAS so CAS can just pass the
ticket as soon as they see that there is the certificate there.
You can certainly do this.
http://www.ja-sig.org/wiki/display/CASUM/X.509+Certificates has
excellent instructions.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
