is there a possibility to authenticate by using x509 certificates from
students ID card but without installing certificate in the user browser?
CAS expects an X.509 cert in the request sent to CAS. I can't imagine
any way to meet that requirement other than the browser sending it.
Yes, it's a major pain to deal with the client requirements of cert
installation, especially when the cert resides on a hardware security
device. We have a good deal of experience in this area, and I
personally believe it's not scalable for large enterprises due to the
client setup and support costs.
I read CAS x.509 documentation and Scott mentioned about certificate in
request. We share you doubts about possible problems with users and the
support.
Maybe we could write an applet and modify CAS internals to obtain easier
way of using x.509??
For example applet could contact with the card reader and pass
certificate to CAS in some way. We have just made some modifications
with CAS so we are not afraid of such changes (if they are possible of
course).
Michał Pysz
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
