Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

SmartCard authentication RTC 4.0

 Hi!

I am searching for documentation and help on the Smartcard authentication. Out RTC environment is running on WebSphere 7.0 and DB2 on a Windows Server.

The Clients authenticate with a SmartCard. We followed the article https://jazz.net/library/article/606 which produced some additional questions:

- Is is possible to have SmartCard authentication and Userid/Password authentication at the same time?

- We have substituted the JDK on the client (which is a shellshared RTC/RDz), which was a JDK 7. The download link provided in the article is just a JDK6. Is this still a supported RTC client configuration?

- We do see the certificates from the Smartcard, but the logs show, that the wrong certificate is picked up.

Thanks for your support.
Dennis


0 votes


Accepted answer

Permanent link
WebSphere has the option Fail over scenario for authentication
So if you enable dual mode authentication on WebSphere then you can use username and pass as well in combination with smart-card

set the "failOverToBasicAuth" property to "true" in WAS
If you have IHS you need to add "SSLClientAuth optional" in the httpd.conf.
Restarting is recommended.

After doing this you can try to login without the smart card in the Web UI. The user you can use is defined in WAS Federated realm and does not have a client certificate.


Dennis Behm selected this answer as the correct answer

0 votes


One other answer

Permanent link
Hello Dennis,
I will answer what I know about this.  I have done some FVT testing of the SmartCard, but I am not the developer.

1.  I am pretty sure that it is either certificate authentication (SmartCard) or Userid/pwd, but not both.

2.  This will only work with a very specific version of JDK6.  It is not yet supported on JDK7.  You need JDK 1.6 SR12 or SR13. 

3. In the RTC Gui - you see the correct SmartCard certificates?  If the logs show an error about "...unable to open KeyStore...", then that means you have the wrong  JRE version.    You need Java 1.6 SR12 or later on the client.  What error is in the log file?

0 votes

Comments

Changing this to an answer even if it's not complete.

@dennisbehm if you are still having issues, please comment to let us know. 

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 6,121

Question asked: Mar 08 '13, 4:30 a.m.

Question was seen: 5,078 times

Last updated: Jan 28 '14, 6:10 a.m.

Confirmation Cancel Confirm