How to configure smart card login in sunray 2fs??

Similar Messages

• How to CAC (Smart Card) enable the server within JDev

  I need to know how to CAC (Smart Card) enable the server within JDev, or if it is even possible.

  Kamran,
  you are definitely thinking in the right direction.
  1) Would I need to export or enter all the existing users of the system presently available through an internal database to the SSO Repository or there is a different way of getting the users to the OID when they first run the url or our Oracle Forms App?
  You have a choice: pre-load (probably using LDIF) or create what I call a self-registration process. Pre-load will require the arduous task of gathering the CAC user CN's in advance. This is technically easy but logistically a nightmare.
  I created a self-registration JSP which is invoked by a failure to lookup a user in OID. Registration involves requiring a user to enter valid database credentials, testing the credentials (by making a connection) and binding the database userid/password to the CAC identity.
  2) How would I get the CAC Certificate CN from the Browser or CAC Card so I can make the comparison to the OID CN?
  When you configure the SSO for certificate authentication, the HTTP_Server will pass the SSL variables (which include the CAC certificate which was authenticated in the SSL handshake) to the sso/web application deployed in the OC4J_SECURITY container. You can install your own plug-in that the SSO will invoke where you can retrieve the authenticated certificate and get any of the information therein from Java.
  I recommend you get very acquainted with the SSO Admin Guide (esp. Cert authentication chapter), as well as, the Forms Deployment Guide (esp. SSO chapter).
  There is too much to fit here. Things would be a lot easier if Forms Server supported enterprise users for authentication to database. Forms apps are relegated to the whole business of RADs and such which gives you X.509 certificate (and thus CAC) authentication but is rather convoluted IMHO (password in the clear in the RAD, orclResourceViewer permission for Forms Server, userid/password login in the background) but that is a different discussion.
  Good Luck.
  regards,
  tt

• Smart card login

  Hi Guys,
  I have just enabled smart card login to my mac but want to disable the password login option (i.e. I can login with smart card but if I don't plugin the card reader/card, I am prompted for password login). How can I enforce smart card only login?
  Many Thanks
  Michael

  Are you getting all user icons, plus the smartcard icon, or just the smartcard icon and "Other..." ?
  If the latter, then disable root user (which displays the "Other..." prompt on the login window, even if smartcards login is enabled).

• Disabling normal login and only using smart card login?

  I've managed to setup login using BELPIC (Belgian Identity Card (smart card). However I can still login using username/password. Is it possible to restrict the system only using smart card login? (maybe via tweaking the authorize file?)
  Thanks

  The problem isn't with the provider part of the code - it has to do with security privleges. Java code running from the command line has full access to the file-system. Servlets running inside a container do not.
  In order to access cryptographic keystores, the JVM must allow the servlet code to access local files (and through them, the device drivers to the crypto token). Servlet code running inside a web/application server container, by design, are restricted in their ability to access local files on the servlet container machine (other than configuration files and application code under the servlet context root).
  In order to continue with my project, I had to temporarily provide the servlet full access to the machine's file-system in the java.policy file for your JVM, along the lines of the following:
  grant {
  permission java.security.SecurityPermission "authProvider.SunPKCS11-NSS", "getSignerPrivateKey";
  I hope to go back and restrict this access so that only the specific security grants are available to the servlet to access the private key (the above is too lenient).
  You will need to do something similar to your JVM's java.policy to allow the servlet to access the private key. Substitute the "authProvider.SunPKCS11-NSS" with the driver for your own token.

• Cisco ISE Guest portal - smart card login

  Does anyone know if Cisco ISE support smart card login to the guest portal page?                    

  No it doesn't, you can test the same , while editing the wireless SSID profile, opting authentication method as smart card other than PEAP/EAP.

• How to configure Java Card 3 in eclipse ?

  How to configure Java Card 3 in eclipse ? I have already configured Java Card2.2.2 by following
  1) http://eclipse-jcde.sourceforge.net/user-guide.htm
  And
  2)http://eclipse-jcde.sourceforge.net/
  the above two links.B ut for Java Card 3 when i am configuring window->preference->Java Card Home I am getting error as "Converter.jar" not found. i checked the lib and i didnt found these jar. I copied 2.2.2 converter.jar , then that jar file not matching. So please tell me how to configure this.
  Thanks in advance
  Anoop Michael

  there are many changes between 2.2.2 and 3.0.1. Folders and files are not same. EclipseJCDE is not going to work with JCDk3.0.1. Some one needs to update that plugin :).
  There is a NetBeans plugin in progress and you can try downloading latest NetBeans 6.7.1
  Some intro about the plugin can be found here http://weblogs.java.net/blog/2009/05/10/sneak-preview-java-card-tools-netbeans-67
  You can try Netbeans 6.8 nightly builds for latest changes, but it may be a while until the plugin is stable.
  -Anki.N

• TACACS+ and Smart Card login

  We are currently using Cisco ACS 5.3 integrated with Active Directory for authentication to our Cisco devices. We are looking to move to smart card logins and trying to find out if this is possible to authenticate to the console/ssh on the router/switch using a smart card.

  Direct Smart card authentication is not supported for vty / console session on IOS. However, via TACACS to a AAA server (e.g. Cisco ACS) you can turn it to use a two factor-based external authentication store. Even if the Smart card get the PKI cert of some kind to the client PC and then to the terminal emulator like Putty or SecureCRT, AAA with Tacacs + would not be possible as Tacacs is not capable for encapsulating any kind of PKI.
  Jatin Katyal
  - Do rate helpful posts -

• Smart card login and sparsebundle password

  Hi,
  I am using a PIV profiled card to login to my mac. I am using Snow Leopard 10.6.2 and have successfully used the card to login to the machine and do signed and encrypted emails. Every login I get prompted after smart card login for the password for my sparsebundle (I had been using filevault prior to introducing the card) and even though I tick the "save password" option I still am prompted on each login. Does anyone know if there is any way to associate my smartcard login with an existing sparsebundle? Also, is there any way to force the machine to use a smart card login only (i.e. remove the password option)?
  Many thanks
  Michael

  I'm guessing that since you are not entering a password, the sparse bundle is not being unlocked. I don't know of a way to tie it to the smart card login. It sounds similar to when you put a different password on your default keychain. It won't unlock on login because you are not entering its password.

• Smart Card login for ordinary folk

  Hi,
  I used to use the OpenSC project for Smart Card login, but I believe that with changes in OS X 10.8 it's no longer an option.
  What affordable solutions are there for genuine Smart Card login for OS X 10.8?  YubiKey doesn't support anything more than entering a static password pre-stored on the device, and when I last tried Rohos it was abysmal.

  I'm guessing that since you are not entering a password, the sparse bundle is not being unlocked. I don't know of a way to tie it to the smart card login. It sounds similar to when you put a different password on your default keychain. It won't unlock on login because you are not entering its password.

• Issues regarding Smart Card login inside domain and on SmartPhones

  Hi
  i am planning to implemnt at my domain login ONLY with smartcard
  i saw i have some option how to do it , one with GPO that covers all the computers (or some computers with defined groups)
  or i can check the "smart card is  required ...." this could be the easy way but when i check this  box
  the users with the smartphones no longer can authenticate with it to get emails , also the OWA is not availble for them
  is there any solution so the users will have to login with smartcard and still get the emails to the smartphones ?
  thanks
  TK

  Hi Robert Gauthney,
  Could you offer more information about your issue, I found a similar scenario with your issue, if it meet your environment please refer the following KB to fix it, if it not
  meet your scenario please offer us more information such as the error screenshot or related Windows event information:
  Smart card authentication does not work when you use VDI and RD Gateway for RDC client in Windows 7 or in Windows Server 2008 R2
  http://support.microsoft.com/kb/2548538/EN-US
  I’m glad to be of help to you!
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How to use Smart Card API's (OCF) in Web Application

  Hi frnds,
  For our new smart card based project, i have few queries,
  1. Can we choose web based application for smart card based projects?
  2. How servlet will communicate with opencard CTListener class?
  3. While the card insertion and remove how the event will be reflet the servlet?
  4. For that is it needed to design the client UI by using Swing?
  5. Without Swing will servlet give all solution for smart card connection and events?
  Rgrds,
  dhaya.

  I am also looking for smart card Authentication using web. Any info really appreciated

• Don't know how to configure wireless card for internet

  hi i just move to a new place, and i do not know how to set up my mac for wireless connection. i was given the basic information for the internet to work, and it works for my pc but not on mac. i was given
  Network Name (ESS-ID or SSID)
  WEP Key Type (Encryption type)
  WEP Key Format
  WEP Key
  where do i go to fill in these info for internet?
  please teach me what i m missing for i m not familiar with network. thank u.

  Airport is what Apple's trade name is for 802.11 wireless. If you have wireless in the computer, you have Airport. To see if you have Airport, on your menu bar, go under the  and choose "About This Mac." Click on "More Info." About midway down the list on the left, you'll see "Airport." Click on it. That will tell you whether you are wireless-capable or not.
  If you do not have Airport, you will need to tether up to the router directly using an ethernet cable if you want internet access or else upgrade the computer with an Airport Extreme card.
  If you do have Airport, on your menu bar, go under the  and choose System Preferences > Network >Show: > Airport>. Click on Network. If "locked," click on the padlock (lower left corner) to authenticate. Once authenticated, click on Show: and choose Airport. Click on Advanced (lower right corner). Click on "+" below "Preferred Networks" window. Answer the questions that you are asked, which will cover those four items (SSID and WEP info).
  (Texas Mac Man: that link points to a guide for the Airport Express stand-alone wireless access point using /Applications/Utilities/Airport Utility, not for how to configure your Mac's built-in Airport Extreme card via System Preferences > Network. I could be wrong but I think annie.ryu is wanting information to configure the computer's Airport/Airport Extreme card via Sys Prefs' Network panel)

• Smart Card login screen authentication

  Apple don't seem to have updated their documentation on this subject since way back in the Mac OS X Tiger days!
  I would like to have a setup where a user can walk up to a Mac (which is at the login screen), wave an RFID card over a reader connected to that Mac and be able to then login to that Mac. If it is necessary for a PIN/Password to also be entered that might be acceptable. Similarly if the screensaver activates during their login session, waving their RFID card again over the reader should unlock the screensaver.
  An alternative scenerio would be a Mac with a guest login account enabled, and then wanting to use the same card reader to authenticate when requested to a proxy server in order to gain network access.
  The cards to make it clear would be RFID based, not magstripe or chip-and-pin. There are suitable USB readers like this one
  http://www.ers-online.co.uk/o5651/cardman5021-cl-omnikey-omnikey-5021-cl-contact less-smart-card-reader

  Hi Robert Gauthney,
  Could you offer more information about your issue, I found a similar scenario with your issue, if it meet your environment please refer the following KB to fix it, if it not
  meet your scenario please offer us more information such as the error screenshot or related Windows event information:
  Smart card authentication does not work when you use VDI and RD Gateway for RDC client in Windows 7 or in Windows Server 2008 R2
  http://support.microsoft.com/kb/2548538/EN-US
  I’m glad to be of help to you!
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How to program smart cards

  Can help me where i can get infomation about smart card programming how to program on 4428
  but mainly on MCU how files are made and how many files can i make
  guide me on this
  where can i get Help or get to read about them
  I am trainee at www.thechiptech.com
  A smart card provider

  please sir somebody help as this a genuine query.
  I have attached a thread to the program which continously checks for cards in drive and which card is inserted. but some times it hangs and gives error please help...
  James
  www.thechiptech.com

• How access to Smart Card Readers using Labview?

  I´am trying access to Smart Card Readers by Labview, but I have problems.
  I want to read SIM card GSM using Labview.!
  The file winscard.dll has the functions to access, but I dont have skill with "Using External codes in LabView".
  In MSDN library there is the specification about the functions for winscard.dll
  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/smart_card_authentication.asp
  When you install a driver for some smart card reader you access to it by winscard.dll.
  Att. Enrique

  Finally I can acces to the smart card readers (PC/SC) with Labview,   this is the first part where I can establish the context and realease it, and  I can get the first  name of my list of PC/SC readers that I have connected to my computer.
  I was wearing the "Call Library Function"  for  winscard.dll
  For  Establish the context you need :
      function name :  SCardEstablishContext
  Calling conventions :  stdcall (WINAPI)
  function prototype :    long SCardEstablishContext(long SCARD_SCOPE_USER, long NULL1, long NULL2, unsigned long *hContextHandle);
  function name : SCardReleaseContext
  Calling conventions :  stdcall (WINAPI)
  function prototype :  void SCardReleaseContext(unsigned long hContextHandle);