Look at the CAC Developer Kit from DMDC
(http://www.dmdc.osd.mil/smartcard/owa/ShowPage?p=DevloperSupport)? We used the
CDK to allow our users to login to Remedy with their CAC.
Here's a rough rundown on how we implemented login using the CAC/PKI:
User Tool:
We wrote a program that uses the CDK and the Remedy OLE functionality. The
program requests/reads the CAC and looks up the user in the database by using
the EDIPI from the CAC and returns a user name and a couple data fields to
recreate the password. The password for the user is generated in the program
from data stored in Remedy and from the EDIPI. The Remedy OLE controls are then
used to login the user to a default form. This is currently in use. A minor
drawback that we are experiencing, is that the OLE functionality only seems to
be able to open one instance of the user tool.
Web:
Our server is behind a proxy. The proxy validates the user certificate
using the OCSP responders and the CRL. It then passes the original destination
URL with certificate information in the header to our web server. A jsp script
logs the user into a View form in Remedy using a generic account. The
certificate information is passed into this form. Remedy workflow uses the cert
information to find the user name and password in a fashion similar to that
used for the user tool. The information is then used to redirect the user to
their originally requested page with the discovered user name and password.
There is a program resident on the Remedy application server that generates
the password and saves it to the user form. An escalation is used to "reset"
passwords for flagged records.
Windows 2003 SP1 Servers
ARS 5.1.2 patch 1275 (working on upgrading to 7.1.0 patch 3)
User Tool 6.3.0 Patch 3 (working on upgrading to 7.1.0 patch 3)
Mid Tier 6.3.0 patch 17 (working on upgrading to 7.1.0 patch 3)
MS SQL 2005 SP1
HTH
Mark
//SIGNED//
MARK A. WORLEY, Contractor, 2 SOS/SYOE
Remedy ARS Support, SAIC
Commercial: (402) 294-8226
DSN: 271-8226
mailto:[EMAIL PROTECTED]
-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED]
On Behalf Of Easter, David
Sent: Thursday, August 28, 2008 15:42
To: arslist@ARSLIST.ORG
Subject: Re: Integrate Remedy User Tool with CAC card (UNCLASSIFIED)
I can try to help a little, although I'm somewhat bound by confidentiality, so
I apologize that I can't go into detail beyond what I'll say here.
When the "Single Sign-On (SSO) and Other Client-Side Login Intercept
Technologies" interface was created, it was BMC's expectation that customers or
partners would take this interface and create point-to-point integrations with
solutions in the marketplace. At this time, there are no short term plans for
BMC to productize such integrations. If this remains a "gap" in the
marketplace, that decision may be revisited - but I would encourage the
development community to share work done in this area among other community
members or for an enterprising partner or solution provider to create a
marketable solution for such point-to-point integrations to popular SSO
environments.
Also, There is a Department of Defense Instruction NUMBER 8520.2
(http://www.dtic.mil/whs/directives/corres/html/852002.htm). This Instruction
applies to:
"2.4. All DoD unclassified and classified information systems including
networks (e.g., Non-secure Internet Protocol Router Network , Secret Internet
Protocol Router
Network, web servers, and e-mail systems.
E3.4.1.3. Other Information Systems.
For information systems requiring authentication other than network login or
web servers, the system owner shall perform a business case analysis to
determine if PK-Enabling is warranted. The business case analysis shall be
submitted to the DoD Component CIO for review and approval. If warranted, the
information system shall be PK-Enabled."
This has influenced several U.S. military bases to pursue integrating the CAC
with their Remedy systems. Because this request affects multiple branches of
the U.S. Armed Services, one would expect that work done at one base could be
shared with other bases - although I certainly understand that there may be
bureaucratic or other barriers to such sharing. However, if there are any
shared DoD resources, you may wish to reach out internally to other bases that
have Remedy based solutions. My understanding is that the military has, for
the most part, chosen a single vendor for CAC - so work done once should be
applicable in most other environments. Of the branches that I'm aware of, I
believe the Air Force is currently the farthest along with the Army also making
requests for the CAC integration.
In addition, if this cannot be solved at a community or partner level, I
believe there is some work being done by BMC Professional Services to assist in
the use of CAC and SSO with the predominant SSO vendor solution chosen by the
Air Force. Customers may wish to individually contact BMC Professional
Services for assistance in creating such integrations.
Hope this helps...
-David J. Easter
Sr. Product Manager, Solution Strategy and Development
BMC Software, Inc.
The opinions, statements, and/or suggested courses of action expressed in this
E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary
participation in this forum is not intended to convey a role as a spokesperson,
liaison or public relations representative for BMC Software, Inc.
-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED]
On Behalf Of Abdullah Baytops
Sent: Wednesday, August 27, 2008 10:37 AM
To: arslist@ARSLIST.ORG
Subject: Re: Integrate Remedy User Tool with CAC card (UNCLASSIFIED)
I would be interested as well for our Army organization just gave us this
requirement as well this week. I was hoping someone else has done it as well.
V/R
Abdul Baytops
Director of Business Operations
Digital Foundation Corporation
Web: www.thedigitalcorp.com
Toll Free: 888-754-0341
Phone: 240-346-4628 (Direct Mobile)
Fax: 301-710-5368
Email: [EMAIL PROTECTED]
(Service Disabled Veteran Owned Small Business )
-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED]
On Behalf Of Begosh, Kevin
Sent: Wednesday, August 27, 2008 12:40 PM
To: arslist@ARSLIST.ORG
Subject: Re: Integrate Remedy User Tool with CAC card (UNCLASSIFIED)
That is a good question, I know some military customers that I have worked with
that wanted this too. From what I know I have never seen it. I know I asked
BMC about it a couple of years ago and they did not have anything for it. I
would be interested in this information as well.
Kevin Begosh, RSP
External Initiatives
System Design & Integration
301-791-3540 Phone
410-422-3623 Cell
[EMAIL PROTECTED]
-----Original Message-----
From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED]
On Behalf Of Nguyen, AnhThien Mr CTR NG NGB ARNG
Sent: Wednesday, August 27, 2008 10:22 AM
To: arslist@ARSLIST.ORG
Subject: Integrate Remedy User Tool with CAC card (UNCLASSIFIED)
Classification: UNCLASSIFIED
Caveats: NONE
Hi List,
Currently ARS 6.3, SQL 2000. Planning to upgrade to ARS 7.1 & SQL 2005.
ITSM v7 down the road but not right now.
>From the documentation, Remedy User Tool 7.x includes a hook that allows one
>to specify a DLL that will be called instead of the login page at startup.
This DLL can do whatever work you want-interact with other systems, open
windows, perform calculations, and so on. However, we do not have a solution
in place yet. I was hoping to see if anyone has implemented CAC card with
Remedy User Tool.
Any information you can provide will be greatly appreciated.
Thanks,
Thien
Classification: UNCLASSIFIED
Caveats: NONE
________________________________________________________________________
_______
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum
Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
____________________________________________________________________________
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:
www.rmsportal.com ARSlist: "Where the Answers Are"
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:
www.rmsportal.com ARSlist: "Where the Answers Are"
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
