Authentication Server Configuration

Basic Configuration

In order for Common Access Card (CAC) authentication to work, SSL must be enabled on the authentication server.

...

For example, as shown in the picture above, when the subject DN on the certificate is CN=JohnDoe,O=MyCompany,C=GB, and the display template is (CN) CERTIFICATE, the button will display „JOHNDOE CERTIFICATE“.

Trust Store Configuration

CAC integration requires that a trust store exist, containing the Certificate Authority (CA) certificates who issues the user's certificates.

...

There is no need to manually generate the truststore.  Create a directory, named truststore, under AuthServer/config/ and place all of the CA certificates into it.  Upon startup of the authentication server, if truststore.jks does not exist, it will be created by importing the CA certificates located in Authserver/config/truststore.  If you make changes to the certificates in the truststore directory, delete truststore.jks and restart the authentication service.  This will recreate the truststore with the current set of CA certificates.

Certificate Revocation List

The authentication server supports 2 methods of handling certificate revocation lists - via a URL, or via a local list stored in the file system.  To enable this feature, uncomment  either authentication.certificate.revocation.list.url  or authentication.certificate.revocation.list.file, and point it to the location of the revocation list.

...