Is there any way to determine the presence of a certificate - and the contents of the certificate - at the time the custom sign-on page LoginPage.thtml displays? What I would like to do is to change the type of authentication done based on the presence or absence of the cert. So, for example, if a user has a recognized cert, allow only password authentication. If the user does not have a recognized cert, require SecurID authentication. I know how to modify the LoginPage.thtml to show different prompts and to change the realm, but I don't know if I have access to information about the cert at the time the page is displayed. Anyone have any ideas?
Hey Ken - I am traveling today with no admin access to my box. But this rings a bell with me. I think I did this once using a machine cert, host checker and custom instructions that pointed to another realm. So the user would hit a realm, HC would run and if they "failed" due to no cert they were rerdirected to another login page via the custom instructions which simply pointed to the new realm. Xmpl - hit https://employees.itgmeeting.com - cert test fails and the custom instruction points to https://employees.itgmeeting.com
That is from memory and so I can't be 100% certain but see if that helps you out. I have an office day on Friday and could look at the specifics then if it would be of assistance.
Kevin - I'd appreciate that very much. I'll open a JTAC case, too, but I don't find JTAC typically the place to get information on clever methods to make the SA more useful. Thanks - Ken
There is no access to the certificate when LoginPage.thtml is displayed.
You would need to follow the idea presented by muttbarker to do Host Checker requirement on the realm and then allow or deny access to the different realms based on that