cancel
Showing results for 
Search instead for 
Did you mean: 

Determining certificate before displaying logon page

kenlars_
Super Contributor

Determining certificate before displaying logon page

Is there any way to determine the presence of a certificate - and the contents of the certificate - at the time the custom sign-on page LoginPage.thtml displays? What I would like to do is to change the type of authentication done based on the presence or absence of the cert. So, for example, if a user has a recognized cert, allow only password authentication. If the user does not have a recognized cert, require SecurID authentication. I know how to modify the LoginPage.thtml to show different prompts and to change the realm, but I don't know if I have access to information about the cert at the time the page is displayed. Anyone have any ideas?

Ken

3 REPLIES 3
muttbarker_
Valued Contributor

Re: Determining certificate before displaying logon page

Hey Ken - I am traveling today with no admin access to my box. But this rings a bell with me. I think I did this once using a machine cert, host checker and custom instructions that pointed to another realm. So the user would hit a realm, HC would run and if they "failed" due to no cert they were rerdirected to another login page via the custom instructions which simply pointed to the new realm. Xmpl - hit https://employees.itgmeeting.com - cert test fails and the custom instruction points to https://employees.itgmeeting.com

That is from memory and so I can't be 100% certain but see if that helps you out. I have an office day on Friday and could look at the specifics then if it would be of assistance.

kenlars_
Super Contributor

Re: Determining certificate before displaying logon page

Kevin - I'd appreciate that very much. I'll open a JTAC case, too, but I don't find JTAC typically the place to get information on clever methods to make the SA more useful. Thanks - Ken

zanyterp_
Respected Contributor

Re: Determining certificate before displaying logon page

There is no access to the certificate when LoginPage.thtml is displayed.

You would need to follow the idea presented by muttbarker to do Host Checker requirement on the realm and then allow or deny access to the different realms based on that