1

Good day. I have stepped into project that requires a server migration that would change the means of authentication for our CAC/PKI SSL enabled website. We are using iPlanet 7 and Oracle Directory Server Enterprise 7 as our LDAP server.

The situation is that the site is still CAC/PKI enabled, but at the firewall. The information we want to authenticate against is now in the http header.

How do I configure iPlanet and LDAP to authenticate against the header instead of SSL? Thanks.

Edit, Can this be done with IIS keeping the Directory Server EE LDAP in tact or is the ACL iPlanet only?

Travis
  • 111
  • 3
  • I'd probably step out and wipe my shoes thoroughly, if I were you. – Tom O'Connor Nov 27 '12 at 16:21
  • The setup is pretty overkill as far as I can see, once the site is moved and running the idea is to migrate away from iPlanet/LDAP as well. unfortunately re-writing the application to use database authentication will take more time than they have. Can it be done easily with IIS keeping the Directory Server EE LDAP in tact? – Travis Nov 27 '12 at 16:25
  • You don't mention what kind of app you are using but it sounds like an ASP.NET application. You could look to using AD LDS as a replacement to Oracle which would enable you to use or override the built-in AD membership providers. – Brent Pabst Nov 27 '12 at 16:35
  • Sorry, I didn't include the type of app because I figured it was language indifferent. But no, it's a ColdFusion App. – Travis Nov 27 '12 at 16:56
  • Eugh. Cold Fusion? – Tom O'Connor Nov 27 '12 at 17:04
  • nope, ColdFusion. one word. :p It's like .net but java based and very different syntax. http://www.adobe.com/products/coldfusion-family.html?promoid=DJDQZ – Travis Nov 27 '12 at 17:14
  • That was @TomO'Connor's way of saying why the hell are you using ColdFusion ;) – Brent Pabst Nov 27 '12 at 17:18
  • Ah, Lol. This particular app has been around for a while, CF is still pretty strong in government. – Travis Nov 27 '12 at 17:20
  • Eugh. Government. – Tom O'Connor Nov 27 '12 at 17:28
  • So, back to being serious again I see iPlanet supports Default, Basic, SSL, Digest, and "Other" types of Access Control. It doesn't look like Basic or Digest would work according to my interpretation of the docs, and it looks like 'Other' entails rolling-your-own using the API/SDK for C or Java. Do you gents see where I've missed anything allowing this to work out of the box? http://docs.oracle.com/cd/E19146-01/821-1828/gdesn/index.html and http://docs.oracle.com/cd/E19957-01/816-5615-10/overview.htm – Travis Nov 27 '12 at 17:40

0 Answers0