Solved

Smartcard login for webpage?

Posted on 2012-12-20
12
471 Views
Last Modified: 2013-11-13
I have a simple intranet management system that I need to make the login via a smartcard access. I've looked around and am having a hard time finding some open source api's or toolkits to develop a process to read a smartcard and authenticate access via a browser. I'm not familiar with Java but from what I have read this looks like the best method for allowing the browser to access the smartcard reader is to push down an applet that installs and gives access to the browser(page).

I'm looking for some sample source code that will allow me to create this within our intranet. The functionality I'm looking for would have the user access a login webpage which would push down the applet and authenticate access to the pages as long as the authenticated smartcard is inserted.
0
Comment
Question by:Dalexan
  • 7
  • 5
12 Comments
 
LVL 86

Expert Comment

by:CEHJ
Comment Utility
Yes, a signed applet could do that in theory. How it did it would depend on the particular device and its interface
0
 

Author Comment

by:Dalexan
Comment Utility
I'm planning on using the most widely accepted hardware omnikey

like these from eBay omnikey card stuff

I have found this page but I'm not sure whether this is just the reader component or what eID applet

LightOpenID
eID Library
0
 
LVL 86

Expert Comment

by:CEHJ
Comment Utility
Difficult to see what the application level interface of the hardware would be. Quite often, a card reader behaves like a keyboard
0
 

Author Comment

by:Dalexan
Comment Utility
Please explain in more detail. I'm a experienced vb6 programmer and just getting my feet wet in scripting languages. Java seems very foreign to me much less how I would use it to accomplish what I'm trying to do.
0
 
LVL 86

Expert Comment

by:CEHJ
Comment Utility
At the moment, this is far from a Java issue. In fact there's no indication that Java is relevant at all.
0
 

Author Comment

by:Dalexan
Comment Utility
I'm confused by your answer, most of what I have read supports your first post in that a signed java applet is the way to go with this project?

This company has developed a smartcard login page that pushes down an applet which reads the springcard branded smartcard...springcard

Please also explain more on what you mean by the smartcard reader behaves like a keyboard?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 86

Expert Comment

by:CEHJ
Comment Utility
The information at the hardware site is rather generic. They are really the people to ask when it comes to whether their cards work with Java

Please also explain more on what you mean by the smartcard reader behaves like a keyboard?
I mean that reading the card causes characters to be generated, as if a keyboard had been used. These are then often collected from a text field
0
 

Author Comment

by:Dalexan
Comment Utility
Can you help me understand how I can create an applet from this code that will allow me to accomplish my goal? sample smartcard source
0
 
LVL 86

Accepted Solution

by:
CEHJ earned 500 total points
Comment Utility
You just really need to convert all that console-oriented input collection (inappropriate in an applet) into a gui-centred one. The entry point for an applet is of course init() not main, so you need to use init instead of main
0
 

Author Comment

by:Dalexan
Comment Utility
Can you help me by making the changes to that code / removing the console oriented input collection and post the source? Java looks like C but it would take me weeks to figure out whats happening in that source.
0
 
LVL 86

Expert Comment

by:CEHJ
Comment Utility
I don't have the time unfortunately for such activity outside of professional activity. Feel free to contact me through my profile if you wish to take it further though.
0
 
LVL 86

Expert Comment

by:CEHJ
Comment Utility
:)
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Displaying an arrayList in a listView using the default adapter is rarely the best solution. To get full control of your display data, and to be able to refresh it after editing, requires the use of a custom adapter.
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now