cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Support for smart-card authentication in PowerBuilder based application

Former Member

on ‎04-28-2014 9:18 PM

0 Kudos

Hi, I have an application on PB11.5 with an Oracle DB back-end (11.2g). My DoD customer wants the application to use their DoD CAC Card (Smart Card) to authenticate against the Enterprise - Windows Active Directory domain, currently the application uses user-id\password for user authentication.  Is this something newer versions of PB can support and implement? Thank you.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member190719
Active Contributor
‎04-28-2014 10:09 PM
0 Kudos

You have a couple of choices:

1.  Depending on how old their workstations are, or if they have ACTIVCLIENT installed, you could call the CAPICOMM ActiveX using OLE commands

2.  A solution that doesn't require that ActiveX is to use the Smart Card SDK built into newer versions of Windows.  It does require a lot lower level coding though, as you have to issue specific APDU commands to the card and know how to handle the responses.

I posted a sample of the latter to the NNTP groups back in 2011.  I suppose I should get around to creating a blog entry explaining how to use it.

Show replies
Show replies
Former Member
‎05-01-2014 4:04 PM
0 Kudos

Thank you for the response Bruce.

In your 2011 posting I read there was a sample code to use with DoD CAC Cards - Winscard.

""The Winscard stuff is written specifically for DoD CAC cards. You'll

have to know the APDU commands that the cards you're trying to work

with understand it they don't match the sample."

Could you explain in more detail what it would take to achive DoD CAC authentication with our PB application. As mentioned the DoD customer has an Enterpise Windows AD solution already in place we can leverage.

Thank you.

former_member190719
Active Contributor
‎05-01-2014 5:08 PM
0 Kudos

I'm working on the blog post now.  It's rather long.

Bear in mind that the CAC cards and AD are two different things.  The code I posted back then and the blog I'm working on now have to do with using the CAC card to authenticate the user.  It doesn't interact with AD at all.

There are some samples of using PowerBuilder to interact with AD using LDAP on CodeXchange.  That doesn't involve the users CAC card at all though.

former_member190719
Active Contributor
‎05-01-2014 7:24 PM
0 Kudos

FYI, I found this on using CAC and AD.  See the section entitled "CAC and Active Directory Integration"

Using the Common Access Card for Remote Access VPN with the ASA 5500 - Cisco

It discusses accessing AD to determine the users access after validating them through the CAC and getting their credentials off the CAC certificate.

former_member190719
Active Contributor
‎05-01-2014 9:46 PM
0 Kudos

Take a look at the following:

I've still got a bit to add on the end with regards to reading the entire certificate, but that should get you started.

Former Member
‎06-02-2014 9:21 PM
0 Kudos

Hi,

Is there sample PB code to be used for authenticating CAC card users against Windows Active Directory?

Thank you in advance,

Ask a Question