It's all about the answers!

Ask a question

SmartCard authentication RTC 4.0

Dennis Behm (3821415) | asked Mar 08 '13, 4:30 a.m.

I am searching for documentation and help on the Smartcard authentication. Out RTC environment is running on WebSphere 7.0 and DB2 on a Windows Server.

The Clients authenticate with a SmartCard. We followed the article which produced some additional questions:

- Is is possible to have SmartCard authentication and Userid/Password authentication at the same time?

- We have substituted the JDK on the client (which is a shellshared RTC/RDz), which was a JDK 7. The download link provided in the article is just a JDK6. Is this still a supported RTC client configuration?

- We do see the certificates from the Smartcard, but the logs show, that the wrong certificate is picked up.

Thanks for your support.

Accepted answer

permanent link
Zeeshan Choudhry (6541612) | answered Jan 28 '14, 6:10 a.m.
WebSphere has the option Fail over scenario for authentication
So if you enable dual mode authentication on WebSphere then you can use username and pass as well in combination with smart-card

set the "failOverToBasicAuth" property to "true" in WAS
If you have IHS you need to add "SSLClientAuth optional" in the httpd.conf.
Restarting is recommended.

After doing this you can try to login without the smart card in the Web UI. The user you can use is defined in WAS Federated realm and does not have a client certificate.

Dennis Behm selected this answer as the correct answer

One other answer

permanent link
Mark Dunn (6) | answered Mar 08 '13, 9:24 a.m.
Hello Dennis,
I will answer what I know about this.  I have done some FVT testing of the SmartCard, but I am not the developer.

1.  I am pretty sure that it is either certificate authentication (SmartCard) or Userid/pwd, but not both.

2.  This will only work with a very specific version of JDK6.  It is not yet supported on JDK7.  You need JDK 1.6 SR12 or SR13. 

3. In the RTC Gui - you see the correct SmartCard certificates?  If the logs show an error about "...unable to open KeyStore...", then that means you have the wrong  JRE version.    You need Java 1.6 SR12 or later on the client.  What error is in the log file?

Millard Ellingsworth commented Mar 11 '13, 8:35 p.m.

Changing this to an answer even if it's not complete.

@dennisbehm if you are still having issues, please comment to let us know. 

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.