AnsweredAssumed Answered

Smart Card Authentication

Question asked by gcubed Champion on Nov 8, 2015

I need to configure PPM for smart card authentication.  I know that integrating Site Minder will provide this functionally but in my environment no Site Minder service is available.


So I am considering building my own. 


I have played around with SSO via a jsp page which can get to work for letting me into Clarity without the login dialog box.  But the script just reads the client certificate that Tomcat requested and uses information in the certificate to create a SecurityIdentifier.


So for my need, I need to first take a trip to the LDAP server and validate that the client certificate is still valid and belongs to an LDAP group which contains all  the valid PPM users.


My thoughts are to create a custom class that extends the FormAuthenticator and registering with Tomcat.  This class would handle the LDAP authentication and creating a SecurityIdentifier for getting into Clarity.


Anyone been down this path or is there an easier way to get this to work?