Skip navigation

Looking for a solution to meet DoD's requirement for CAC login to applications with Atrium SSO without having to change existing Remedy Login IDs.

score 35
You have not voted. Product Team Review

Within the Department of Defense and others there is a requirement to login to systems using the Common Access Card (CaC).  Atrium SSO provides the basic process for doing this by providing CaC authentication.  There is an issue though with a system that has an existing database of users.  The SSO server uses the full Certificate Name(CN) from the CaC and there seems to be no way to change this in SSO.  With an existing database of over 20k users this poses a problem with authentication.  A hotfix was provided that would allow a mapping file to be created on the mid-tier that would allow Admins to map CaC CN's to existing Remedy Login names.  This is a basic fix to the problem but in an environment where many users are added and removed each day maintaining this file is troublesome.


I am looking for a way to be able to strip the CN down to just the EDIPI number and pass just that to the remedy server.  We can pull the EDIPI number from Active Directory and populate the mapping file and then use shellscripts to keep it updated.

Another way would be to add in a filter at the Mid-Tier that would do a lookup of the EDIPI number from a field on the userform and if it matches it would take the loginname(existing for all users) and login using that.

Comments

Vote history