Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

How Can I Authenticate via Smart Card (CAC) in a Plain Java Client Application?

I have many applications that rely on an API for RTC. I primarily use an OSLC API or server-side Java APIs. However, I find that there are some things that can only be done using a Java client (i.e., "plain java") API. My problem with this is that one of our environments requires smart card authentication (specifically, Common Access Card (CAC)).

All of the examples that I've seen for using a java client API involve authenticating via username and password. How can I make my client application authenticate via smart card instead?

Update 23 Feb 2017 - I'd like to bump my question for visibility. Does anyone have an example of a "login" function in the Java Plain Client API that does not use a Username and Password, but relies on Smart Card credentials instead. I'm assuming I still need to use "registerLoginHandler" and I probably still need the challenge function which returns an "ILoginInfo" object, but presumably there is a way to construct the ILoginInfo object so that it uses Smart Card credentials.

0 votes



One answer

Permanent link
I decompiled the com.ibm.team.repositrory.client jar and found that there's a com.ibm.team.repositrory.client.login.SmartCardLoginInfo along with the other login info classes (Kerberos, integrated windows, keystore, SSLCert, usernameandpassword).  That one uses a com.ibm.team.repository.client.internal.login.KeyStoreKeyManager and KeyStoreKeyManagerProvider to store some kind of login info, and then it uses the normal Java CertificateFactory and Certificate to read an X.509 cert off the card.  It does that with some byte array passed in, and idk where that comes from.

I would maybe decompile all the RTC Java (they may have source out there, I didn't check) and find out what class invokes/uses a SmartCardLoginInfo(byte[] argument).  If you're lucky, it's in use with the login provider classes somewhere.  Maybe you can find out where the card is read and serialized into an array, I bet whatever's doing/capable of doing that returns a login object.  Or well, that's my wild conjecture.

Goooooood luck Nate.

0 votes

Comments

 Oh also, there's a teamconcert\jdk\jre\lib\ext\ibmcac.jar that maybe will be useful?

 Thanks June!


I'll try investigating along some of these lines. I hadn't considered researching with this kind of approach so it should give me something to do at least. I'm not sure if I'm confident that I'll figure it out on my own but at least there is a course of action. I've submitted a service request asking for help at this point as well so maybe something will come of that.

Good to hear from you :D

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 10,930
× 169

Question asked: May 05 '15, 9:19 a.m.

Question was seen: 7,680 times

Last updated: Mar 13 '17, 9:53 a.m.

Confirmation Cancel Confirm