Home
Extended ECM
API, SDK, REST and Web Services
Implementing Cryptographic Logon (CLO)
Eric_Mallo
I have a requirement from the customer to implement CLO (Crytographic Logon) on their Livelink installation. CLO is a process that uses Common Access Cards (CAC) and the embedded Public Key Infrastructure (PKI) certificates to authenticate user's identifcation.The end goals are:1. Eliminate the usage of user and password to login to Livelink.2. Use the embedded PKI certificates in the user's CAC for authentication to Livelink.Has anyone done this type of implementation?Thank you and apologize in advance if this is the wrong discussion group to post this topic.
Find more posts tagged with
Comments
Chris_Wagg
Message from Chris Wagg <
cwagg@opentext.com
> via eLink
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">eLink
This sounds similar to Smart Card authentication that some customers use. In theory, this should be very similar to any kind of SSO solution. If this is the case, then you just need to either configure CAC to pass in REMOTE_USER, or identify the variable that contains the authentication information, and configure that in the authentication section for Directory Services, and this should work.
However, my knowledge of exactly what CAC and PKI are doing is limited at best, so I can't be certain that this is going to work.
If you can get everything set up to the point that you can get to Livelink, but the Livelink authentication fails with "invalid username/password" then a set of thread logs should show you what variables are being passed in, which may help you to configure this.
---------------------------------------
Chris Wagg
Principal Product Specialist
Escalations Support Team
Open Text Corporation
Ph: 800-540-7292
---------------------------------------
From:
eLink Discussion: Open Text Directory Services Discussion [mailto:directoryservices@elinkkc.opentext.com]
Sent:
Wednesday, September 23, 2009 11:11 AM
To:
eLink Recipient
Subject:
Implementing Cryptographic Logon (CLO)
Implementing Cryptographic Logon (CLO)
Posted by
emallo@alionscience.com
(mallo, Eric) on 2009/09/23 11:07
I have a requirement from the customer to implement CLO (Crytographic Logon) on their Livelink installation. CLO is a process that uses Common Access Cards (CAC) and the embedded Public Key Infrastructure (PKI) certificates to authenticate user's identifcation.
The end goals are:
1. Eliminate the usage of user and password to login to Livelink.
2. Use the embedded PKI certificates in the user's CAC for authentication to Livelink.
Has anyone done this type of implementation?
Thank you and apologize in advance if this is the wrong discussion group to post this topic.
Michael_Heisch_(sglcadmin12_-_(deleted))
we have implemented 2 solutions:3rd party software: get access from entrusnative pki login with IIS 6. you have to "enable certificates required" and the mapping function in IIS to map the certificate to the related active directory account.It is very easy to implement. the dissadvantege is that every singe office application will require a second pki login.both solution are from livelink perspective a "windows authentication"
