Highlighted
Absent Member.. Absent Member..
Absent Member..
280 views

SSO for SRC using CAC

 

I've been trying to find a solution for a CAC authentication issue and the documentation has been insufficient. Just wanted to know if it's actually supported to work with CAC (Common Access Card) for SRC.

I get the an error when using Apache to make SRC authenticate with SSO through a virtual CAC (the user certificate credentials are embedded in the browser).  The credentials are automatically passed from this embedded browser when the user tries to login.  Service Manager is then expected to look for a matching operator record to bypass the login screen and authenticate the user into SRC.  I was able to make ESS and the web client work perfectly using this method.

Would just like to see if there's a solution or a simple answer to let me know if this has been tested and supported.

This is the error in the log:

1128( 1928) 08/24/2015 12:15:52 JRTE I SSL connection accepted
1128( 1928) 08/24/2015 12:15:52 JRTE I Webservice API session - Thread ID: 7B1FF6E5AD754CCFF88E471E91B83D04; Client IP: 10.10.XXX.XX; session timeout: 1800 seconds
1128( 2484) 08/24/2015 12:15:52 RTE W Authentication failure - No "Authorization: Basic" header was supplied, or it contained a zero-length userid
1128( 2484) 08/24/2015 12:15:52 RTE W Exception occurred for method Create and XML request <?xml version="1.0" encoding="utf-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><ns2:CreateSvcCatOperatorRequest xmlns:ns2="http://schemas.hp.com/SM/7" xmlns:ns4="http://schemas.hp.com/SM/7/Common" xmlns:xmime="http://www.w3.org/2005/05/xmlmime"><ns2:model><ns2:keys><ns2:Name/></ns2:keys><ns2:instance/></ns2:model></ns2:CreateSvcCatOperatorRequest></SOAP-ENV:Body></SOAP-ENV:Envelope>
1128( 2484) 08/24/2015 12:15:52 RTE W Web Service Access Authorization failure.
1128( 1928) 08/24/2015 12:15:52 JRTE I AuthException: Not Authorized
1128( 1928) 08/24/2015 12:15:52 JRTE I Issuing a Basic Auth challenge...

0 Likes
6 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: SSO for SRC using CAC

Please upload the SRC's applicationContext.properties file.

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: SSO for SRC using CAC

Uploading applicationContext

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: SSO for SRC using CAC

Note that I'm using a user with a blank password.  Is that the right format for a blank?  Is an encrypted password required.

I am also uploading the cacConfig file.  Note that we require a 2-level CRL - one for the root and one for the intermediate.  This file never works when we use the comma to specify the 2 levels.

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: SSO for SRC using CAC

"Note that I'm using a user with a blank password."

You mean the user in the applicationContext.properties file or the user attempting to login to SRC?

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: SSO for SRC using CAC

The user in the applicationContext.properties file (SVC_SRC).

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: SSO for SRC using CAC

For the Service Manager operator record ensure the user has the SoapAPI Compatbility Word and a valid password. To test you can give it a password of Falcon1234

In the applicationContext.properties file set it as cleartext first and test. Example:

sm.adminCredentials=LIST(falcon,Falcon1234)

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.