Smartcard/PKI based Web SSO Authentication Using OpenSSO / OpenAM


1. Sun OpenSSO Enterprise 8 or above
2. Sun GlassFish Enterprise v2.1 or Sun Web Server 7.0 (or above)
a. Must be configured with an NSS Keystore
b. PKCS#11/HSM based Keystore (optional).
• Sun Cryptographic Accelerator (SCA-6000)
3. Sun Java System Directory Server EE6 or Sun OpenDS (Bundled with OpenSSO 8)
a. Repository for user accounts and its corresponding PKI certificate entries (optional).
4. PKI Provider
a. Certificate and Validation Authority
• Certificate Authority: Cybertrust / Entrust / Microsoft / Verisign
• OCSP Responders: Tumbleweed / Corestreet OCSP Validator
b. Root CA Certificates and CRLs
• FBCA SSP CA certificates and CRLs (For PIV cards)
• DoD CA/ECA root certificates and CRLs (For CAC cards)
• Govt PKI Root CA certificates and CRLs (For eID cards)
c. OCSP Signing certificate
5. Smartcard Reader
6. Smartcard client middleware – Browser Plug-in (PKCS#11 or MS-CAPI)
a. ActivIdentity (ActivClient PKI 6.0 / CAC 6.0 or above)
b. GemAlto (GemSAFE)
c. OpenSC PKCS#11 (
7. Smartcards provisioned with PKI certificates

Download (PDF, 953KB)

Leave a Reply

Your email address will not be published. Required fields are marked *