How to config the RTC client logig in via smart card
One answer
Hi,
For the RTC Eclipse client, you need to replace the bundled JDK by IBM JDK 1.6 SR12 or higher version to support smart card.
You can download the IBM JDK from http://www.ibm.com/developerworks/java/jdk/. Or submit a PMR and apply a hotfix to upgrade the JDK manually.
After that, you also need to modify the file "<RTC_install_path>\\jdk\jre\lib\security\java.security" with the following changes:
1. Edit the java.security file, change:
keystore.type=jks
to:
keystore.type=Windows-MY
2. modify the following section in java.security file from:
------- snip here -------
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.security.sasl.IBMSASL
security.provider.6=com.ibm.xml.crypto.IBMXMLCryptoProvider
security.provider.7=com.ibm.xml.enc.IBMXMLEncProvider
security.provider.8=org.apache.harmony.security.provider.PolicyProvider
security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
------- snip here -------
To the following:
------- snip here -------
security.provider.1=com.ibm.security.capi.IBMCAC
security.provider.2=com.ibm.jsse2.IBMJSSEProvider2
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
security.provider.5=com.ibm.security.cert.IBMCertPath
security.provider.6=com.ibm.security.sasl.IBMSASL
security.provider.7=com.ibm.xml.crypto.IBMXMLCryptoProvider
security.provider.8=com.ibm.xml.enc.IBMXMLEncProvider
security.provider.9=org.apache.harmony.security.provider.PolicyProvider
security.provider.10=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
------- snip here -------
Hope the above works for you.
Regards,
Lily
For the RTC Eclipse client, you need to replace the bundled JDK by IBM JDK 1.6 SR12 or higher version to support smart card.
You can download the IBM JDK from http://www.ibm.com/developerworks/java/jdk/. Or submit a PMR and apply a hotfix to upgrade the JDK manually.
After that, you also need to modify the file "<RTC_install_path>\\jdk\jre\lib\security\java.security" with the following changes:
1. Edit the java.security file, change:
keystore.type=jks
to:
keystore.type=Windows-MY
2. modify the following section in java.security file from:
------- snip here -------
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.security.sasl.IBMSASL
security.provider.6=com.ibm.xml.crypto.IBMXMLCryptoProvider
security.provider.7=com.ibm.xml.enc.IBMXMLEncProvider
security.provider.8=org.apache.harmony.security.provider.PolicyProvider
security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
------- snip here -------
To the following:
------- snip here -------
security.provider.1=com.ibm.security.capi.IBMCAC
security.provider.2=com.ibm.jsse2.IBMJSSEProvider2
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
security.provider.5=com.ibm.security.cert.IBMCertPath
security.provider.6=com.ibm.security.sasl.IBMSASL
security.provider.7=com.ibm.xml.crypto.IBMXMLCryptoProvider
security.provider.8=com.ibm.xml.enc.IBMXMLEncProvider
security.provider.9=org.apache.harmony.security.provider.PolicyProvider
security.provider.10=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
------- snip here -------
Hope the above works for you.
Regards,
Lily
Comments
Lily, <o:p> </o:p>
I have followed these steps but am receiving a “bad certificate” message from the client. It appears the server never sees the request. Does the Eclipse Client have its own key store where I would need to import my smart card’s signer certificate as a “Trusted CA” or something? <o:p> </o:p>
Thanks, <o:p> </o:p>
Dave
P.S. I am also never prompted for my PIN. <o:p> </o:p>