Dan, one thing you should look into is using the authentication alias feature built into Remedy. Basically, you put the EDIPI in the alias field, and LDAP authenticates against it, which it reads from the CAC. If you put the EDIPI in the Login ID field, you're in for a host of problems.
Rick On Jun 5, 2013 6:34 AM, "Dan" <daniel.b.pritch...@gmail.com> wrote: > ** Unfortunately we do not have anyone with Java or API knowledge on > staff. I was hoping that someone on the list could point me in the right > direction or provide some help with the solution. > > Thanks for the reply though, at least now I know there is a fix out there > and it just needs to be configured and applied. > > > v/r > > Dan > > On Wednesday, June 5, 2013 9:10:56 AM UTC-4, Longwing, Lj wrote: >> >> ** >> Dan, >> I currently work with a customized community sso version that was >> modified to take what is given to it and cross reference it with the >> corporate id of the user gather the user id of that user from the person >> form, and then pass that to the Remedy server.....so I say a definitive >> 'yes' to your question...Java could easily parse the entire CAC String and >> then do the lookup for user id and then pass that into Remedy...it just >> takes someone with relatively basic Java skills (and some API knowledge >> maybe) to get it done... >> >> >> On Wed, Jun 5, 2013 at 6:53 AM, Dan <daniel.b....@gmail.com> wrote: >> >>> ** Listers, >>> >>> Environment >>> >>> Remedy 7.6.04 SP2 >>> Midtier 7.6.04 SP4 >>> Windows 2008 R2 Servers >>> SQL database >>> >>> >>> I work within the DoD and we have been told to move over to CAC >>> authentication. I have installed Atrium SSO, configured it and with the >>> help of the Hotfix provided by Remedy, which allows to map SSO usernames to >>> Remedy Usernames, have it basically working. >>> >>> Here is my problem. Atrium SSO uses the full Common Name off of the >>> CAC, i.e. LASTNAME.FIRSTNAME.MI.**EDIPINUMBER, when it creates its >>> users and this is what it passes to Remedy when logging in users. I can >>> store that in the mapping file that maps it to the users but we currently >>> have around 10k users in our system. First off getting all 10k users to >>> provide the CN from thier CAC's would be near impossible not to mention >>> maintaining the mapping file. >>> >>> What I would like to know is have any of you created or come a cross a >>> way to strip off the LASTNAME.FIRSTNAME.MI from the CN and just pass the >>> EDIPI number to remedy. I can pull that from my Active Directory to update >>> the mapping file if needed. >>> >>> The next question is have any of you created or come across a way to >>> store the EDIPI number in the People form, like in the Corporate ID field, >>> and have the mid-tier cross reference the EDIPI number or CN to that field >>> and then log in the user with their username. >>> Any help would be greatly appreciated. >>> v/r >>> >>> Dan Pritchard _ARSlist: "Where the Answers Are" and have been for 20 >>> years_ >> >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ > > _ARSlist: "Where the Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
