Comments on: DoD CAC and Apache http://www.mattpallotta.com/home/2009/05/07/dod-cac-and-apache Yea, it is Me. Tue, 02 Mar 2010 17:39:40 +0000 hourly 1 http://wordpress.org/?v=abc By: matt http://www.mattpallotta.com/home/2009/05/07/dod-cac-and-apache/comment-page-1#comment-4 matt Tue, 02 Mar 2010 17:39:40 +0000 http://www.mattpallotta.com/home/?p=231#comment-4 I am working on a new post with CRL's. This handles making sure only valid certs are allowed in. Then it is up the applications to handle the authorization. One option is use opensso, there are a few sun.com blogs I have found talking about it. The trick is merging the SSL_CLIENT_S_DN_CN(unique to everyone) in a friendly name. For me this would have to be across applications if there isn't an identity server running for everyone. Backend services can be written to supply common data at application registration. Either way you would have to reach back to an Enterprise service to get "Official" information. I am working on a new post with CRL’s. This handles making sure only valid certs are allowed in. Then it is up the applications to handle the authorization. One option is use opensso, there are a few sun.com blogs I have found talking about it.

The trick is merging the SSL_CLIENT_S_DN_CN(unique to everyone) in a friendly name. For me this would have to be across applications if there isn’t an identity server running for everyone. Backend services can be written to supply common data at application registration.

Either way you would have to reach back to an Enterprise service to get “Official” information.

]]> By: Mario http://www.mattpallotta.com/home/2009/05/07/dod-cac-and-apache/comment-page-1#comment-3 Mario Tue, 23 Feb 2010 16:01:20 +0000 http://www.mattpallotta.com/home/?p=231#comment-3 Hi Have you figured out how to do user authentication with the above configuration? Hi Have you figured out how to do user authentication with the above configuration?

]]>