Support for smart-card authentication in PowerBuilder based application

Similar Messages

• Smart card authentication for IOS device

  I am just wondering if anyone was able to successfully implement smart card authentication for vty and console session.  if anyone did, can you please point me to the documentation and the implementation guide?  thanks

  Actually, with the rsa key pair setup in ISO 15+, you can use a smart card to authenticate to cisco switches.  I'm still working out all the details but you would need SecureCRT or Putty-CAC.  SecureCRT allows you to export the public key from a pki cert and then import that into the switch/router.  The disadvantage is you can only use the first cert in the list.  Putty-CAC allows you to select which PKI cert you want to use but I haven't verified you can export the public key from a cert.  If you contact me, I'll email you the info need to use use SecureCRT.

• ISE 802.1x EAP-TLS machine and smart card authentication

  I suspect I know the answer to this, but thought that I would throw it out there anway...
  With Cisco ISE 1.2 is it possible to enable 802.1x machine AND user smart card  authentication simultaneously for wired/wireless clients (specifically  Windows 7/8, but Linux or OSX would also be good).  I can find plenty of  information regarding 802.1x machine authentication (EAP-TLS) and user  password authentication (PEAP), but none about dual EAP-TLS  authentication using certificates for machines and users at the same time.  I think I can figure out how to configure such a policy in ISE, but options seem to be lacking on the client end.  For example, the Windows 7 supplicant seems only able to present either a machine or user smart card certificate, not one then the other.  Plus, I am not sure how the client would know which certificate to present, or if the type can be specified from the authenticator.

  Hope this video link will help you
  http://www.labminutes.com/sec0045_ise_1_1_wired_dot1x_machine_auth_eap-tls

• KDC Event ID 29 - The KDC cannot find a suitable certificate to use for smart card logons...

  I am getting the event (below) every day on a new 2008 domain controller that I brought up recently. The DC has a domain controller certificate, that was automatically issued by an online enterprise CA. This CA is located in another domain (child domain) within the same forest. The 2008 DC is in the top-lvel domain.  None of the other domain controllers , which are 2003, are reporting this message. I ran certutil.exe, and it successfully verifies all domain controller certificates, including the certificate on my new 2008 DC. Any ideas why these messages continue to appear?
  The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

  Hi,
  I have checked the file. Here is my findings:
  1.    The computer name of the domain controllers are different in this dcinfo.txt file. There is no Swampoak. I would like to confirm which one is Windows Server 2008 domain controller.
  2.    The domain controller Buckeye and Madrone both have 2 KDC certificates, one is expired and the other one is valid:
  *** Testing DC[0]: MADRONE
  ** KDC Certificates for DC MADRONE
  Certificate 0:  -à Valid
  Serial Number: 116bbdd90000000000b6
  Issuer: ***
  NotBefore: 12/15/2008 2:28 AM
  NotAfter: 12/15/2009 2:28 AM
  Subject: CN=madrone.****
  Certificate Template Name (Certificate Type): DomainController
  Non-root Certificate
  Template: DomainController, Domain Controller
  Certificate 1:   --à Expired
  Serial Number: 15c2f00b000000000028
  Issuer: ****
  NotBefore: 3/9/2007 3:05 PM
  NotAfter: 3/8/2008 3:05 PM
  Subject: EMPTY (DNS Name=madrone.****)
  Non-root Certificate
  Template: DomainControllerAuthentication, Domain Controller Authentication
  *** Testing DC[1]: BUCKEYE
  ** KDC Certificates for DC BUCKEYE
  Certificate 0:  -à Expired
  Serial Number: 15c4ddc2000000000029
  Issuer: *****
  NotBefore: 3/9/2007 3:07 PM
  NotAfter: 3/8/2008 3:07 PM
  Subject: EMPTY (DNS Name=buckeye.****)
  Non-root Certificate
  Template: DomainControllerAuthentication, Domain Controller Authentication
  Certificate 1: -à Valid
  Serial Number: 115f34ec0000000000b4
  Issuer: ****
  NotBefore: 12/15/2008 2:15 AM
  NotAfter: 12/15/2009 2:15 AM
  Subject: CN=buckeye.****
  Certificate Template Name (Certificate Type): DomainController
  Non-root Certificate
  Template: DomainController, Domain Controller
  Suggestion:
  1.    Please delete the expired certificate and then reboot the domain controller and test the issue again.
  2.    If the issue persists, please request a new Domain Controller Authentication certificate on the domian controller and check the result.

• MOVED: OS support for the RS480M2 (the new ATI based board)

  This topic has been moved to Operating Systems.
  OS support for the RS480M2 (the new ATI based board)

  Moderator Action:
  This post has been moved to the Solaris 10 forum.
  @ O.P.,
  You originally posted your inquiry to the Clustering forum, which has nothing to do with the topic of disk cluster size.
  Glance at the documentation for Oracle Cluster 4.0 to see what clustering is all about.

• Ext4 format support for microSD cards on Galaxy S5?

  Can we get ext4 format support for microSD cards on Galaxy S5? New permissions that come on KitKat break some of my apps that need local storage. The enhanced permissions available with EXT4 should fix this as that is the internal Flash format. "Use the cloud" is a non-starter so don't even suggest it.

  Not directly, but as a large customer they have a big say in what gets loaded in the ROM as evidenced by the many (unwanted) preloaded apps. Adding EXT4 file system support to restore Verizon's end customer user experience is something they can insist on. It is a simple requirement to add when the end manufacturer builds a custom ROM for Verizon. The underlying system already supports it and alternative ROMs (CM) have been created with that feature. I'm just not ready to install alternative ROM code on a phone that was just released, and only a week in my possession.

• Please tell me Card that support for Java Card 2.2.2

  Hi Friends..
  Please tell me Card that support for Java Card 2.2.2..
  Thanks in advance..

  Hi Sebastien_Lorquet..
  Firstly, i'm so sorry if i'm mistaken and wrong.. i'm not mean to make you angry.. :(
  sorry about this..
  Yes, i've searched on google... and i think i'll buy it at NXP..
  Thanks in advance Sir.. :)

• Configuring Weblogic Server for X.509 Smart Card Authentication

  0 down vote favorite
  share [g+] share [fb] share [tw]
  I am running Oracle Weblogic 11g (10.3.6) and attempting to configure two-way SSL (client certificate requested and enforced). The client certificate is on a smart card.
  I have enabled "basic" ssl in the weblogic server, and used keytool to import the relevant root CA certificates into the DemoTruststore.jks file. I have set the Two-way client cert behavior to Client Certs Requested and Enforced for the server.
  Unfortunately, attempting to access my application causes the following:
  <pre>
  <Certificate chain received from 127.0.0.1 - 127.0.0.1 was incomplete.>
  <NO_CERTIFICATE alert was received from 127.0.0.1 - 127.0.0.1. Verify the SSL configuration has a proper SSL certificate chain and private key specified.>
  <Certificate chain received from 127.0.0.1 - 127.0.0.1 was incomplete.>
  </pre>
  The ActivClient dialog never appears to select a certificate from the Smart Card, and a pin is never requested. Therefore, I think I misconfigured something.
  Help would be greatly appreciated.
  Jason

  Hello Mukunthan Damodharan,
  this means that the SSL Server Certificate has not his fully quallified name in the subject alternative name extension of the X.509 certificate.
  You can create a valid one or disbale that check in the Secure Login Client.
  How does the configuration gets to the clients?
  With the Policy Download you can disable that check over the Secure Login Server Administration console in the corresponding authentication profile.
  If manually you can change the following registry key:
  [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SAP\SecureLogin\profiles\<profile name>
  "sslHostAlternativeNameCheck"=dword:00000000
  the value 0 disable that check on the client.
  best regards
  Alexander Gimbel

• Generate certificates valid for smart card (Windows logon) with third party PKI (not Microsoft)

  Hello everyone
  today I am working on a mounted on a Red Hat Enterprise PKI
  Linux Server release 5.5 (Tikanga) is Easycert 5.2.2.15. We need to know what are the necessary data that we have to go to the PKI so it can generate certificates of users in Active Directory for use with a USB Token (ACOS5-64 CHIP CRYPTO) functioning as Smart
  Card to make the login of users on computers.
  On the other hand also we need to know the necessary settings between the third party pki and the domains controllers (Windows 2012).
  Greetings and I hope for you response.
  TechCach

  > It is for Windows 2012.
  nothing changed since Windows Server 2003. Here is a KB article:
  http://support2.microsoft.com/kb/281245
  > Is
  the
  scenario
  supported
  by
  microsoft?
  yes, of course. See KB article above.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• UAG smart card authentication plus kcdauthentication true

  Hi
  I have already setup smart card certificate authentication to UAG portal. I'm using certificate's field Subject Alternative Name and RFC822 Name to read UPN information. It says 'RFC822
  Name=[email protected]'. That information i'm comparing to AD account's mail attribute. Authentication works ok.
  In Active Directory, samaccount is created from UPN's first part: firstname.lastname. So far i have been able to use kcdauthentication and create valid kerberos ticket which is acceptable for delegation.
  Customer changed their samaccoun to a different form. KCD does not work anymore. I've tried to use regkey:
  HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\von\UrlFilter\KCDUseUPN,1. It does not work.
  I have no idea how to change from inc files that do not use samaccount but instead us UPN. UPN matches mail.
  Any ideas ?
  thanks in advance :)
  br -teemu

  Below Article might not give you direct answer.
  But, you may get an excellent idea on how to play around with INC files for your scenario.
  http://social.technet.microsoft.com/wiki/contents/articles/17031.how-to-get-client-certificate-authentication-working-on-a-uag-2010-portal.aspx
  Please let us know, how it goes. :)

• Java Card Technology for Smart Cards: Zhiqun Chen

  Hi,
  I have this book but its using Java card 2.0.
  do you know if the author "Zhiqun Chen" have new one for 3.0 connected.?
  http://java.sun.com/developer/Books/consumerproducts/javacard/
  Edited by: Hassan on Apr 20, 2012 3:45 AM

  That is the latest copy. It is still a good reference for getting started and contains some more advanced topics that are relevant to newer JC versions. I am not sure if a book on connected edition is relevant considering there is no real application that I am aware of. You may be able to get cards that support JC 3 classic though.
  The book is available on Amazon: http://www.amazon.com/Java-Card-Technology-Smart-Cards/dp/0201703297
  It is well worth the $33.
  Shane

• Smart card authentication

  I need to figure out how to allow users to authenticate to webi with a smart card. I'm using BOE XIr2 with Tomcat on Linux, and I have documentation for using Tomcat with smart cards, but I don't see anything in Business Objects documentation or the forums about smart cards, or linking a particular user's certificate from the card to a defined user account with a set of Business Objects permissions. Any suggestions?
  /me goes back to reading the Enterprise Deployment and Configuration guide
  -- Josh

  A smart card is typically integrated with AD. You should be able to set up AD auth or vintela SSO. I've released a new doc you can search for vintela enterprises in the SMP portal. Also the XI 3.x admin guides show how to configure kerberos.
  Regards,
  Tim

• Windows 8.1 default logon prompt for smart card instead of username/password

  Hello,
  We are currently in our pre-deployment test phase for Windows 8.1 and are trying to knock out the high visibility problems that we notice.  One of the issues we've noticed:
  When logging into Windows, the default prompt is for a username/password.  all of our users are using smart cards, so they have to click "sign-in options", click the smart card icon, and then enter their PIN.  How would I change the startup
  screen to default to smart card?
  Also, when locking the screen by removing the card it again prompts for the username/password when unlocking the screen.  So the users again have to click on "sign-in options" and select the smart card, otherwise they risk locking out their
  account by entering the PIN in the username/password field.
  when locking the screen via ctrl-alt-del or windows-L unlocking does default to the smart card, so I know it can be done! 
  thanks,
  -Nick

  Hi,
  I'm afraid we couldn't change the Sign-in Options order, I checked GP and Registry, there is no way to do it.
  However, there is another way is just enable "Require smart card" In GP. While after this policy enabled, All users will have to use smart cards to log on to the network. This means that the organization must have a reliable public key infrastructure (PKI)
  in place, and provide smart cards and smart card readers for all users.
  Location: GPO_name\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
  Roger Lu
  TechNet Community Support

• G4 support for Airport Card alternative?

  Hi all,
  It never dawned on me that there is an alternative to Apple's Airport cards for our systems until recently. I have a G4 dual 1GHz system which houses a hookup for the original airport card; the system also has PCI slots. I have an Airport Extreme Base station and would like to restrict my frequency range to the 5 GHz ONLY (to avoid the crowding of 2.4 GHz range.) So, is it correct to say that my G4 is not tied down to the original airport card but can theoretically use "n" capable WIFI cards via on board PCI or USB? And if so, any you would recommend? Also, how's the software support for it, i.e., drivers, Airport Utility, etc. since the card would be third party and not Apples? Would I get the support from say, Airport Utility as if I had an Apple airport card in there or are there going to be compatibility issues? Many thanks!

  OK, I just found this out:
  http://www.beowulf.org/archive/2001-July/004174.html
  32 bits/33 Mhz : aggregated ideal peak at 132 MB/s
  64 bits/33 Mhz : aggregated ideal peak at 264 MB/s
  And that's shared between all items on the PCI bus.
  It would be interesting to measure the bandwidth on the USB 2 PCI card. I've seen it vary wildly on a G4/400 Mhz Yikes, sometimes dropping to as little as USB 1.1 even with only one USB item connected on an IOGear card. I no longer have access to that machine. That's of course assuming nothing else is sharing the same bus.

• E65 support for 4Gb card?

  I now know the current limit is 2Gb, but too late I brought the 4Gb card. I seem to remember reading somewhere that there may be support for 4Gb in the next firmware update, which I am hoping is end of this month. Anyone know anything about this?

  21-Aug-200706:42 PM
  keenas wrote:
  Given that the Nokia N95 uses micro SD-HC cards and further, that the E65 is sold as a business phone perhaps Nokia can be persuaded to release a firmware update which incorporates the use of micro SD-HC cards for it's business users - who often have a real need to store large ammounts of data etc.
  and users of music edition phones also need a lot of storage. i would sell my 20gb archos xs202 if a n73 could use at least 8 or 16gb but i dont see that they update s60v3fp0
  but maybe there will be a wonder like it was with ad2p
  maybe they need some pressure - SDHC FOR EVERYBODY, NOW!!! Message Edited by okidal on 23-Aug-200709:01 PM
  V21.0.025 » 04-09-2007 » RM-356 5800 XpressMusic » Language pack 01