Il 18/05/2017 16:33, João Graça ha scritto:
Hello,
I have the following scenario that I need to study and implement if
possible:
- Active Directory Server where users will be created (actually
already there)
- Syncope Server to manage users
- Eventually other databases where the users need to be synchronized
with the help of syncope
- Somehow propagate certificates(root and intermediate certs) to the
AD server and machines to allow later login in the windows machines
with smartcards
So far, I managed to connect syncope with the AD and
create/update/delete users and groups.
I also was able to map a plainschema that i created to the
/altSecutiryIndentities/ property on the user in the active directory,
providing there a string like "X509:<SKI>'here goes the subject key
identifier of the user's cert'
With this configuration i can login with the user smartcard in the
windows client machine, to this login work i had to install the root
and intermediate certs in the active directory server and the clients
machines, but here comes the question...
Is there a way to maintain and propagate to server and clients those
certs (root and intermediate) with syncope?
Syncope provides binary fields to store files.
You can use the CMD connector[1][2] (Powershell scripts) to manage the
certs in Active Directory.
And if possible to automate the process of gathering the
SubjectKeyIdentifier of the user certificate to the plainschema that i
created that maps to the /altSecutiryIndentities/.
yes
Regards
M
[1] https://connid.atlassian.net/wiki/display/BASE/CMD
[2] https://github.com/Tirasa/ConnIdCMDBundle
Best,
João Graça
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
