CAC required login - x.509, SSL?, third party, OCSP?
Has any put together a thorough "This is how to implement using a CAC to authenticate to your Web Application"?
I can't find it. I read where you need a third party software like Spnego or other things. I know I need to implement using CACs like this on JBoss 7.2 EAP.
When I look up x.509 on Red Hat, I see references to SSL. Would the steps to implement using a CAC to authenticate to my web application look something like this:
- Install JBoss 7.2 EAP (I need to use this version)
- Install SPNego
- Configure JBoss for SSL
- Perform additional JBoss configurations for x.509
Is there anything in JBoss or a third party that checks the Online Certificate Status Protocol (OCSP) to make sure CACs that have been disabled aren't getting access?
Is there a good book on this somewhere?
Anyone that could provide some solid insight would be greatly appreciated.
Responses
Yes, the client computer requires both hardware and software configuration in order to access the website.
Here is an example of a preconfigured client OS which is available to the general public: https://www.spi.dod.mil/lipose.htm. See the FAQ for details.