you don't explain what is not working :-( CAC should work out of the box: it is a browser feature.
CAC is working. Our requirement is we need to show users a banner before logging in.
Before user being promted by the CAC pin by the user we need to show a message informing the user.
I still don't see how you want to achieve that. What do you have a standard webapp with servlet + jsp? Or are you trying a browser application?
We have standard Jboss based application.
For this application we are trying to support card (CAC) based authenication.
I am able to get CAC authenication working.
But the requirement is to show users of the application a security warning message before browser prompting for active key password.
Basically user types application url in a browser and hits enter then browser prompts the user for active key password.
but before this prompt we want to show a warning message dialog informing the user he/she trying to access secure application.
I don't think that is possible except using the servlet 3.0 programatic login.
Thanks for your reply Clere
One more query I have:
My application after authenticated against CAC card is not timing out.
I tried setting time out parameter
Once we login using active key authenication by keying in password
Browser is not prompting for active key password even after closing the browser.
Is the active key password is cached at browser level or card reader software level.
How to make browser (or my application) prompt for the password whenever user is trying to access the application after keying application url in the browser
Or atleast how to make session time out work, say after 15 min of inactivity of the application, browser should prompt for the active key password.
thanks once again for your reply for my earlier query.
that the way for jbossweb 4.0.x version are you sure you want to use such an old version?
Our product is based on JBoss 4.0.1 only.( JBOSS 6 version of our product is still under development.)
We need to support Card based authenication on JBoss 4.0.1. and in near future even in Jboss 6
the active key password is being prompted by JBoss or Card reading software or operating system.
By removing the password from the above one of the cache I think we can acheive, but not sure about this
I have similar requirement to implement, could you please let me know how did you perform unit testing? I do not have smart card (CAC) with me to test. Is there a way to simulate and test?
Also I'm yet to make changes with respect to the requirement, however you experience in implementing this requirement will be helpful to me.
Kindly share the details.
My employer issues active key(smart card) to login into our company applications. which is of X509 standard. I used the same for unit testing.
Hope things are fine at your end. I am new to Jboss community and its configuration.
I came across one of your questions about Jboss and CAC, reading it I felt you are the right person to help me configure Jboss to use CAC.
Background – We are using Jboss EAP 5.1.2 as Web Serve on Windows server 2008 to run SAS application on it. I need to configure Jboss to use CAC authentication. The windows server on which Jboss is installed (our mid-tier server) does recognize Windows AD users and CAC. I am not familiar with what steps I need to take and in which order.
Help – Can you PLEASE help me with the list of all steps in the order to be performed to configure Jboss with CAC? Such as, do I need to perform any task on Active Directory Domain Control, what are those steps etc..
Can you please help, this is urgent - I have to successfully complete and test this configuration by 2/13/2013. I would really appreciate your help.
Thanks in advance for your time and support.
Connector tag of server.xml has to be modified similar to what i have did (copied in my earlier post)
This makes when you access your jboss though browser prompts for the pin of the certificate of your connected device.
And appropriately change you login module.
I didnt get your context of relating AD and CAC for authenication.
CAC is just authenication module like AD . you can have both CAC and AD authenication in place or only CAC auth. Its up to your requirement.
Thanks Jean-Frederic, I will try and post my results or questions -