Re: [Fed-Talk] Anyone know of code for performing CAC authentication for a web site
Re: [Fed-Talk] Anyone know of code for performing CAC authentication for a web site
- Subject: Re: [Fed-Talk] Anyone know of code for performing CAC authentication for a web site
- From: Timothy J Miller <email@hidden>
- Date: Tue, 22 Apr 2008 16:55:43 -0500
On Apr 22, 2008, at 3:26 PM, Jim Solderitsch wrote:
Most of us use web sites that seamlessly ask for our CAC pin to
allow our identity to be passed on in support of accessing web
resources. Outlook Web Access works for me this way for my .mil
email access (except for encrypted mail -- can only get that through
a Citrix ICA login on a PC).
I am now faced with the possibility of supporting the implementation
of a web site -- Java based back-end with Javascript for UI support
-- that will authenticate users based on their CAC. Or more
precisely, be able to get the EDIPI number from the CAC when the
user supplies the PIN.
ActiveGold has an SDK which supports Windows and IE. I am looking
for something that is more cross-platform that would allow Mac users
to participate in the web site using their CAC.
You're heading the wrong way. Check your dev environment support for
SSL client authentication support. On the server side you don't need
to concern yourself with the token that holds the certs. This stuff is
built into Apache, IIS, and Tomcat, and is pretty well documented.
Officially speaking, if you're actually under contract you can contact
your service's PKI program office; they'll support you with PK-
enabling documentation. Or you can hit the DoD PKI PMO PK-enabling
pages now hosted on DKO if you're onsite and a CAC holder (don't have
the URL handy ATM, sorry). I can point you to the AF PKI SPO if
you're under an AF contract.
If you're a vendor responding to an RFI, then things get a little more
complicated, if only because much of the documentation currently
available from the service PKI program offices hasn't been cleared for
public release (not that it's not releasable, just that it hasn't been
vetted). This is something that you can address with the office
letting the RFI as part of your response questions; and they should
act as your go-between with the service PKI program office as needed.
Be aware that as part of the RFI process, the answers they get you re:
PK-enabling will be shared with all respondents.
If you're responding to an RFP--well, you can see if the issuing
program will assist you with the service PKI program office, but it's
probably a bit late in the game at that point. :)
-- Tim
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden