SmartCard authentication RTC 4.0
Hi!
I am searching for documentation and help on the Smartcard authentication. Out RTC environment is running on WebSphere 7.0 and DB2 on a Windows Server.
The Clients authenticate with a SmartCard. We followed the article https://jazz.net/library/article/606 which produced some additional questions:
- Is is possible to have SmartCard authentication and Userid/Password authentication at the same time?
- We have substituted the JDK on the client (which is a shellshared RTC/RDz), which was a JDK 7. The download link provided in the article is just a JDK6. Is this still a supported RTC client configuration?
- We do see the certificates from the Smartcard, but the logs show, that the wrong certificate is picked up.
Thanks for your support.
Dennis
Accepted answer
WebSphere has the option Fail over scenario for authentication
So if you enable dual mode authentication on WebSphere then you can use username and pass as well in combination with smart-card
set the "failOverToBasicAuth" property to "true" in WAS
If you have IHS you need to add "SSLClientAuth optional" in the httpd.conf.
Restarting is recommended.
After doing this you can try to login without the smart card in the Web UI. The user you can use is defined in WAS Federated realm and does not have a client certificate.
So if you enable dual mode authentication on WebSphere then you can use username and pass as well in combination with smart-card
set the "failOverToBasicAuth" property to "true" in WAS
If you have IHS you need to add "SSLClientAuth optional" in the httpd.conf.
Restarting is recommended.
After doing this you can try to login without the smart card in the Web UI. The user you can use is defined in WAS Federated realm and does not have a client certificate.
One other answer
Hello Dennis,
I will answer what I know about this. I have done some FVT testing of the SmartCard, but I am not the developer.
1. I am pretty sure that it is either certificate authentication (SmartCard) or Userid/pwd, but not both.
2. This will only work with a very specific version of JDK6. It is not yet supported on JDK7. You need JDK 1.6 SR12 or SR13.
3. In the RTC Gui - you see the correct SmartCard certificates? If the logs show an error about "...unable to open KeyStore...", then that means you have the wrong JRE version. You need Java 1.6 SR12 or later on the client. What error is in the log file?
I will answer what I know about this. I have done some FVT testing of the SmartCard, but I am not the developer.
1. I am pretty sure that it is either certificate authentication (SmartCard) or Userid/pwd, but not both.
2. This will only work with a very specific version of JDK6. It is not yet supported on JDK7. You need JDK 1.6 SR12 or SR13.
3. In the RTC Gui - you see the correct SmartCard certificates? If the logs show an error about "...unable to open KeyStore...", then that means you have the wrong JRE version. You need Java 1.6 SR12 or later on the client. What error is in the log file?
Comments
Changing this to an answer even if it's not complete.
@dennisbehm if you are still having issues, please comment to let us know.