Skip to main content

Smart Card authentication

Bravura Security Fabric can authenticate users with smart cards if:

  • Internet Information Services (IIS) is configured as your web server and it is set up with SSL.

  • Users’ web browsers are enabled for smart card access.

  • The login ID typed by users on the Bravura Security Fabric login page matches the user ID identified in the smart card certificate (the cn part of the CERT_SUBJECT environment variable).

To enable users to access Bravura Security Fabric using their smart cards, you must:

  • Configure IIS for smart card integration .

  • Configure certificate authentication of users with smart cards

    The steps required vary depending on your environment. Consult your smart card documentation.

  • Enable and configure the HTTPAUTH authentication chain for web server authentication integration.

    The httpauth.exe program is both a CGI executable and an authentication plugin. It can be configured using a PSLang script.

    The custom authentication chain HTTPAUTH can be enabled.

Configure IIS for smart card authentication

The following instructions are for Internet Information Services (IIS) 8.0. Details may vary depending on your version of IIS and installed service packs.

These steps apply for a remote IIS server. On installation of Bravura Security Fabric , the httpauth CGI is installed and enabled for Windows authentication. To configure IIS for smart card authentication to Bravura Security Fabric :

  1. Set up IIS with SSL and install a Server SSL certificate.

    Consult your IIS documentation to learn how to do this.

  2. Configure IIS to accept client certificates for httpauth.exe:

    1. Open the Internet Information Services (IIS) Manager snap-in on the Bravura Security Fabric server.

    2. Expand <computer name> > Web Sites > <install site>, then select the virtual directory for the Bravura Security Fabric instance.

    3. On the bottom of the window, click on Content View.

    4. From the list of content under the Bravura Security Fabric instance, select the httpauth.exe.

    5. Right-click httpauth.exe, then click Switch to Features View.

    6. Click SSL Settings.

    7. Select the Require SSL checkbox.

    8. Select the Accept radio button under Client certificates .

    9. Under Actions, click Apply.

  3. Configure mapping of client certificates.

    Consult your IIS or smart card documentation to learn how to do this.

In this section: