Re: DoD CAC authentication
I'm getting an empty string on the cgi.cert_subject. This was working but I guess a change occurred on the server and now it is not. I've been trying to troubleshoot within IIS but no luck. The cgi.auth_user value is filled in, but I need the cgi.cert_subject. Can you offer any advice. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:345517 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: DoD CAC authentication
I'm getting an empty string on the cgi.cert_subject. This was working but I guess a change occurred on the server and now it is not. I've been trying to troubleshoot within IIS but no luck. The cgi.auth_user value is filled in, but I need the cgi.cert_subject. Can you offer any advice. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:345518 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: DoD CAC authentication
I'm getting an empty string on the cgi.cert_subject. This was working but I guess a change occurred on the server and now it is not. I've been trying to troubleshoot within IIS but no luck. The cgi.auth_user value is filled in, but I need the cgi.cert_subject. Can you offer any advice. Well, generally CF doesn't really have a lot to do with CGI variables provided by the web server. But to verify it's not a CF problem, I recommend you create an ASP.NET page and see if that can read CERT_SUBJECT. If that reads it and CF can't, you may have some sort of connector problem (and will probably need to involve Adobe support). If that doesn't read it, you need to talk to whoever manages the IIS server and see what changed. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or ons ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:345520 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: DoD CAC authentication
One way... CFSET usersCert = GetPageContext().getRequest().getAttribute(javax. servlet.request.X509Certificate)/ CFSET usersEmail = usersCert[1].getSubjectAlternativeNames() / Are there a way to select the part of the usersEmail data as email? I have tried but there are 4 different results. one of the results is reversed ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343520 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: DoD CAC authentication
Do you know how to get the email from the CAC? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343348 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: DoD CAC authentication
One way... CFSET usersCert = GetPageContext().getRequest().getAttribute(javax.servlet.request.X509Certificate)/ CFSET usersEmail = usersCert[1].getSubjectAlternativeNames() / ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343349 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: DoD CAC authentication
Mike Very basic: When you go into IIS(what we use) and make the selection to accept/require certificates. You will then get the CGI.Cert_subject variable filled in ([empty string] when not accepting client certs). We broke this out into for variables we use: Cert_name, Cert_number, Cert_type,Cert_CACType cfset Cert_Name = ListGetAt(CGI.Cert_subject, ListContainsNoCase(CGI.Cert_subject, CN=)) cfset Cert_Number = ListLast(Cert_Name, .) cfset Cert_Name = ListDeleteAt(ListDeleteAt(Cert_Name, ListLen(Cert_Name,.),.),1,=) cfset Cert_Type = ListDeleteAt(ListGetAt(ListDeleteAt(ListDeleteAt(CGI.Cert_subject,ListCo ntainsNoCase(CGI.Cert_subject,OU=)),ListContainsNoCase(CGI.Cert_subjec t,OU=)),ListContainsNoCase(CGI.Cert_subject, OU=)),1,=) cfset Cert_CACType = ListGetAt(CGI.Cert_Issuer, ListContainsNoCase(CGI.Cert_Issuer, CN=)) Gets something like: Cert_name = USERLASTNAME.USERFIRSTNAME.MI (MILLER.MIKE.X) Cert_Number = 1234567891 (10 digit number) called DOD EDI Person Identifier. Cert_type = CN=DOD CLASS 3 EMAIL CA-9, CN=DOD CLASS 3 CA-10 etc Cert_CACType = USA, CONTRACTOR (USA is Govt Civ, Contractor is just that). Really all you need to map the CAC is the DOD EDI, the rest is for info and cross checking. Once we activated the certs, the user just had to log in once with password, this mapped their CAC to their account. For new users, they were given a temp password valid for 1 log in, to map their CAC to their account. Probly easier ways to get the information, but that's our way. Does any of this help? Rodney -Original Message- From: Mike Miller [mailto:[EMAIL PROTECTED] Sent: Monday, July 30, 2007 2:05 PM To: CF-Talk Subject: DoD CAC authentication I'm thinking of using CAC to provide a means of authenitcating users to a role controlled application. I've found little to cover this on the web over basic IIS accept client certs and wonder if anyone in community has worked on something similar. Best, Michael Miller ~| Download the latest ColdFusion 8 utilities including Report Builder, plug-ins for Eclipse and Dreamweaver updates. http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:286887 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
DoD CAC authentication
I'm thinking of using CAC to provide a means of authenitcating users to a role controlled application. I've found little to cover this on the web over basic IIS accept client certs and wonder if anyone in community has worked on something similar. Best, Michael Miller ~| Download the latest ColdFusion 8 utilities including Report Builder, plug-ins for Eclipse and Dreamweaver updates. http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:284864 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
