How to use Smart Card API's (OCF) in Web Application

Similar Messages

• How to use two different ojdbc14.jar for two web application.

  Hi,
  I have two web application running in same tomcat, I need to use the two different ojdbc14.jar for two application, now both are taking the jars from tomcat common/lib directory, I tried copying the new ojdbc14.jar in web-inf/lib folder of one application, but it is not working.
  Could you please let me know whether this will take the jar from tomcat by befault or from web-inf, and a solution how to proceed with this.
  Thanks in advance.

  Yes, I tried removing the jars from common/lib, but as the connection string is mentioned inside the server.xml it is showing db connection error while trying to connect to the database

• How to calculate call duration using java card API

  Hi,
  I am developing an application using Java card API. I want to calculate duration of otgoing calls in it. I am trying to start timer at the beginning of call in Call Control event. Can someone kindly check following code of Call control event? Here timerManagement function is sending proactive command for starting timer for 3 hours. Here I am asuming that maximum call will be of 3 hours. In callDisconnect event i can get current value of timer and use it to calculate duration of call. But this scenario is also not working.
  Problem is that during code execution program stuck at send command (proHdlr.send();) of timmerManagement function. I am sending postAsBERTLV command before starting timer so may be reason is that it is not possible to send proactive command while phone is busy.
  But I also cannot send postAsBERTLV after timerManagement function. Because it is mention in specification that "The EnvelopeResponseHandler content must be posted before the first invocation of a ProactiveHandler.send method or before the termination of the processToolkit, so that the GSM applet can offer these data to the ME (eg 9Fxx/9Exx/91xx). After the first invocation of the ProactiveHandler.send method the EnvelopeResponseHandler is no more available"
  Take a look at following code
                   * Method illustrating the use of the Call Control event.
                  private void callControlService() {
                                  /** @todo: Replace following sample code with your implementation */
                                  ProactiveHandler proHdlr = ProactiveHandler.getTheHandler();
                                  EnvelopeHandler envHdlr = EnvelopeHandler.getTheHandler();
                                  ProactiveResponseHandler rspHdlr = ProactiveResponseHandler
                                                                  .getTheHandler();
                                  EnvelopeResponseHandler envRspHdlr = EnvelopeResponseHandler
                                                                  .getTheHandler();
                                  durationCount = 0;
                                   // allow call with no modifications
                                  envRspHdlr.postAsBERTLV((byte)0x9F, (byte)0x00);
                                  // start clock using timer
                                  timerManagement(proHdlr, rspHdlr, (byte) 0x0, timer_id, tempBuffer);
                                  return;
                  }Please help me in this regard
  Thanks
  Yasir

  I am also unable to start timer in call connected event. I cannot send any proactive command while phone is busy. I am using Gemalto development Suite and there simulators (Simulation 2G chain).
  Is it limitation of simulator that you cannot send any proactive command while phone is busy?
  Is there any other work around for getting call duration?

• XML Signatures using Smart Cards

  Hello guys,
  I know this is not exactly a javacard topic, but I think this forum is where I 'll get the best replies.
  We need to perform XML document signatures and verification using smart card stored certificates. The certificates are created using Microsoft Windows 2003 CA and stored in the cards using the cards' CSP.
  I have a notion on the libraries that I am going to have to use:
  - sun.security.pkcs11 for the smart card access,
  - java.security.* for cryptography stuff (keystore, public-privateKey etc.),
  - sun.security.cert.X509Certificate for the certificates,
  - org.apache.xml for the xml documents.
  Could you please verify that I am heading to the correct direction? I would be glad if you could suggest suitable starting points, similar scenarios etc. If you think that there is a more appropriate forum for my question please tell me so.
  Thanks in advance for your help.

  yes you are moving towards right directiong actualy PKCS11 is a standard that is used for hardware cryptographic operations so it would be used for smart cards 2. I'll suggest u to use a wrapper and provider API given by IAIK it would help u a lot and will also ease ur work

• How to CAC (Smart Card) enable the server within JDev

  I need to know how to CAC (Smart Card) enable the server within JDev, or if it is even possible.

  Kamran,
  you are definitely thinking in the right direction.
  1) Would I need to export or enter all the existing users of the system presently available through an internal database to the SSO Repository or there is a different way of getting the users to the OID when they first run the url or our Oracle Forms App?
  You have a choice: pre-load (probably using LDIF) or create what I call a self-registration process. Pre-load will require the arduous task of gathering the CAC user CN's in advance. This is technically easy but logistically a nightmare.
  I created a self-registration JSP which is invoked by a failure to lookup a user in OID. Registration involves requiring a user to enter valid database credentials, testing the credentials (by making a connection) and binding the database userid/password to the CAC identity.
  2) How would I get the CAC Certificate CN from the Browser or CAC Card so I can make the comparison to the OID CN?
  When you configure the SSO for certificate authentication, the HTTP_Server will pass the SSL variables (which include the CAC certificate which was authenticated in the SSL handshake) to the sso/web application deployed in the OC4J_SECURITY container. You can install your own plug-in that the SSO will invoke where you can retrieve the authenticated certificate and get any of the information therein from Java.
  I recommend you get very acquainted with the SSO Admin Guide (esp. Cert authentication chapter), as well as, the Forms Deployment Guide (esp. SSO chapter).
  There is too much to fit here. Things would be a lot easier if Forms Server supported enterprise users for authentication to database. Forms apps are relegated to the whole business of RADs and such which gives you X.509 certificate (and thus CAC) authentication but is rather convoluted IMHO (password in the clear in the RAD, orclResourceViewer permission for Forms Server, userid/password login in the background) but that is a different discussion.
  Good Luck.
  regards,
  tt

• Outlook 2010 "The server is unavailable" using smart card Exchange 2010

  I have a XenApp 6.5 environment, that uses smart card authenication for login. All the office applications will open except for outlook. Outlook opens up and shows a prompt saying "Connecting" ...."Then server is unavailable".
  If I removed the smart card authenication from the XenApp environment, User are able to open Outlook with no problem.
  My question, is there something with exchange 2010 that needs to be turned on for smart card authenication?

  Hi,
  I suggest you remove any existing certificate-based credentials from the Credential Manager and use the
  EnableSmartCard registry setting to check the result. The Outlook client may not be properly configured to work with saved smart card credentials.
  Important
  Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it,
  back up the registry for restoration in
  case problems occur.
  Remove existing certificate based credentials
  The first step to prevent a PIN lockout is to delete any existing certificate based credentials that were saved by Outlook.
  Open Control Panel.
  Double-click Credential Manager.
  See whether there is a Certificate-Based credential similar to the following:
  @@BSUgiZQZ54Pf6cEtxKflWHH
  Also, see whether there is a Generic credential similar to one of the following:
  MS.Outlook.14:[email protected]:PUT
  MS.Outlook.15:[email protected]:PUT
  Note 14 indicates Outlook 2010 saved the credential and 15 indicates Outlook 2013.
  If these are both present and were created or changed at the same time, they are likely smart card credentials saved from Outlook. Click the first credential to expand it and to show the details. Then, click Remove to delete the
  credential from Credential Manager.
  Repeat step 4 for each one of the credentials listed in step 3.
  When you are finished, close Credential Manager.
  Configure the EnableSmartCard registry setting
  The second step to prevent a PIN lockout is to create the EnableSmartCard registry setting.
  Outlook 2010
  For Outlook 2010, the EnableSmartCard registry setting was introduced with the Microsoft Outlook 2010 hotfix package dated December 13, 2011 (KB2597028). We recommend that you install the most recent build of Outlook 2010. For more information
  about the latest applicable updates for Outlook, click the following article number to view the article in the Microsoft Knowledge Base:
  2625547 How to install the latest applicable updates for Microsoft Outlook (US English only)
  To create the EnableSmartCard registry value, follow these steps:
  Exit Outlook.
  Start Registry Editor.
  Create the following registry values at the specified locations:
  Note Manually create any registry keys or values if they do not exist.
  Key: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\RPC
  DWORD: EnableSmartCard
  Value: 1
  Exit Registry Editor.
  For this question, if you need to get more information about Exchange 2010, I suggest you post the question in Exchange forum:
  https://social.technet.microsoft.com/Forums/exchange/en-US/home?category=exchangeserver
  Regards,
  Melon Chen
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Any senior having jcop tools 2.2 or microsoft smart card api?

  Hi, i am searching for jcop tools 2.2 and microsoft smart card api. Both are not found on internet anymore. Web Search shows that both tools were very good. These tools were freely availble till 2001/2002. Can anyone help.
  thanks,

  Well these tools have better support for sim toolkit applets. For some reason both have now removed this feature from their products.
  http://www.zurich.ibm.com/csc/infosec/jcop_tools/quickstart.html

• HOW to use Smart normal in AEcs5?

  Greetings,
  I am looking for tutorials on how to use Depth Maps, and Normal Maps in After Effects cs5.
  There are many cool plugins but little in the way of installing, and useing them.
  HOW to use Smart normal in AEcs5?
  Zborn Toy
  How does this compare to using Smart normal ?
  ....so I download Smart normal and get these files:
  SmartNormalMap.pbj
  SmartNormalMap.pbk
  where do they go?
  where are the install instructions, and tutorials?

  Copy "SmartNormalMap.pbk" to "Documents/Adobe/Pixel Bender" within your user directory. After Effects should read the filter from there. You will find the filter under the "Pixel Bender" category within the "Effects & Presets" panel in After Effects. I believe you can find out more about the SmartNormalMap filter at the author's website which can be accessed from <http://www.adobe.com/cfusion/exchange/index.cfm?event=extensionDetail&loc=en_us&extid=1817 528>.

• Need help how to use itunes card to download music

  Need help how to use itunes card to download music

  If you want to add the iTunes card to your account, then in the iTunes app on the iPad you should be able to scroll to the bottom of the Music tab and there should be a Redeem button - there is more info here : http://support.apple.com/kb/HT1574

• Using Smart Cards for SSPR

  I'm working on ForeFront Identity Manager 2010. I'd like to enable AD users to use Smart Cards to reset their passwords. I watched this video www.youtube.com/watch?v=b4aGLnZHZN4. From this video (minute 2), it's said that we could use smart cards to authenticate
  to Self-service Password Reset instead of Q/A gate.
  I looked at ForeFront Identity Manager Portal but I couldn't find where to configure to use Smart Cards for this purpose. I only found "SMS authentication gate" and "Question and Answer Gate". Can somebody help me?
  Thanks,
  Hai

  I am still interested in Clients or other Inquiries in this
  Subject.

• Disabling normal login and only using smart card login?

  I've managed to setup login using BELPIC (Belgian Identity Card (smart card). However I can still login using username/password. Is it possible to restrict the system only using smart card login? (maybe via tweaking the authorize file?)
  Thanks

  The problem isn't with the provider part of the code - it has to do with security privleges. Java code running from the command line has full access to the file-system. Servlets running inside a container do not.
  In order to access cryptographic keystores, the JVM must allow the servlet code to access local files (and through them, the device drivers to the crypto token). Servlet code running inside a web/application server container, by design, are restricted in their ability to access local files on the servlet container machine (other than configuration files and application code under the servlet context root).
  In order to continue with my project, I had to temporarily provide the servlet full access to the machine's file-system in the java.policy file for your JVM, along the lines of the following:
  grant {
  permission java.security.SecurityPermission "authProvider.SunPKCS11-NSS", "getSignerPrivateKey";
  I hope to go back and restrict this access so that only the specific security grants are available to the servlet to access the private key (the above is too lenient).
  You will need to do something similar to your JVM's java.policy to allow the servlet to access the private key. Substitute the "authProvider.SunPKCS11-NSS" with the driver for your own token.

• How to use a deployable proxy to consume a web service?

  HI Gurus,
  I am following this article below which helpfully explains how to create a proxy. So far so good. I have been able to create a proxy. However, the article only describes how to build a proxy.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/70c7d0f7-153d-2a10-5d96-d334b67cd771
  In the concluding part of the document the author says "In my next article I will tell you how to use this deployable proxy to consume the web service in web application."
  I have looked around the SDN but have not been able to get the next part of this document.
  I have a JSPDynpage application which is required to consume a webservice. I want to use this proxt to consume the webservice.
  Any help or any other document that explains how to use a deployable proxy to consume a web service will be helpful.
  Thanks,
  SB

  Hi,
  Here is an example how to consume the deployable proxy in web application:
  http://help.sap.com/saphelp_nw70/helpdata/EN/ca/c8efe3e8a64163b01924ad4ccd706d/frameset.htm
  http://help.sap.com/saphelp_nw70/helpdata/EN/5c/971740198d8f5ce10000000a155106/frameset.htm
  Regards,
  Praveen Gudapati

• How access to Smart Card Readers using Labview?

  I´am trying access to Smart Card Readers by Labview, but I have problems.
  I want to read SIM card GSM using Labview.!
  The file winscard.dll has the functions to access, but I dont have skill with "Using External codes in LabView".
  In MSDN library there is the specification about the functions for winscard.dll
  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/smart_card_authentication.asp
  When you install a driver for some smart card reader you access to it by winscard.dll.
  Att. Enrique

  Finally I can acces to the smart card readers (PC/SC) with Labview,   this is the first part where I can establish the context and realease it, and  I can get the first  name of my list of PC/SC readers that I have connected to my computer.
  I was wearing the "Call Library Function"  for  winscard.dll
  For  Establish the context you need :
      function name :  SCardEstablishContext
  Calling conventions :  stdcall (WINAPI)
  function prototype :    long SCardEstablishContext(long SCARD_SCOPE_USER, long NULL1, long NULL2, unsigned long *hContextHandle);
  function name : SCardReleaseContext
  Calling conventions :  stdcall (WINAPI)
  function prototype :  void SCardReleaseContext(unsigned long hContextHandle);

• How to create a 802.1X Profile Using Smart Card Certificate

  My company has just implemented a new wireless network that requires users to use a USB Smart Card security device.
  This works fine for Windows, as the OS will allow the end user to configure more advanced authentication/authorization methods (802.1X, etc.) Unfortunately, OS X removed this functionality several versions back; 802.1X and advanced Wi-Fi configurations must now be handled by some sort of profile creation utility. Unfortunately, I've yet to find a utility (iPhone Configuration Utility, Apple Configurator) that will allow the creation of an 802.1X / Wireless Network Configuration that allows the use of a smart card for authentication. They all require that you actually upload the entire key-pair combo(?) in the form of a .p12 file. This is impossible with a smart card; by design you are not allowed to export the private key.
  I'm wondering if there is some way around this? Is it even an option? I know Mac OS will allow me to select "EAP-TLS" when configuring a new wireless network in System Preferences, then even allows me to select my certificate/identity from the Smart Card. Unfortunately, the network I'm trying to connect to doesn't support EAP-TLS/needs some additional configuration options/settings (EAP-TTLS for one).
  Any help/ideas would be greatly appreciated. Thanks!!

  Hello,
  exactly my topic I have been fighting now for months and already gave up.
  My setup is a Lion Server and a Lion WLAN client. My goal is to have the system profile 802.1x WLAN authentication up and running but I just don't get it working. First I tried to create a machine certificate (TLS) but this did not work. Then I tried the option to use Computer Object credentials (TTLS) (Open Directory Computer Object account credentials) to establish network connection before a user logs on but also this does't work.
  As said I'm using Lion Server with Open Directory and Lion Server Radius.
  Any help or guide appreciated!
  Robert

• Email Authentication using smart cards

  can i use javamail and smartcards for email authentication

  I don't know how to do that. Likely it's possible, but I doubt that it's easy.
  The IMAP protocol provider supports the SASL API, and you can probably
  plug in smart card support underneath the SASL API, but I don't know
  what's involved in doing that. Other than that, you would probably have
  to modify JavaMail to add such support.