How smart card authentication works in BlackBerry AtHoc
BlackBerry AtHoc
When smart card authentication is enabled, the operator’s mapping ID (MID) attribute is used to authenticate the operator at log in. The data in the mapping ID comes from one of the following sources:
- A sync with Active Directory’s attribute (sAMAccountName, userprincipalname, or mail) when using the User Sync Client tool.
- A user import using the Import option in the End Users manager inBlackBerry AtHocthat includes the mapping ID column.
- A manual update of an operator’s mapping ID in the End Users manager inBlackBerry AtHoc.
BlackBerry AtHoc
uses a regular expression to extract the value for the mapping ID from one of the HTTP header fields that contains the certificate data. BlackBerry AtHoc
then compares this mapping ID with the operator’s mapping ID to determine their identity. The values for the HTTP header field and the regular expression are specified in the database and can be modified. However, the values apply system-wide and cannot be different for each organization.The middle tier code attempts to use the primary HTTP_CAC_VARIABLE, if present, and validates the operator. If a valid operator is not found, the middle tier code then attempts to use ALT_HTTP_CAC_VARIABLE to validate the operator.
In
BlackBerry AtHoc
release 7.3 or later, if a valid operator is not found, the middle tier code then attempts to use the Subject Alternative Name to validate the operator.BlackBerry AtHoc release | File |
|---|---|
6.1.8.85R3SP4CP1 | wwwroot\client\dotnet\Controllers\AuthController.cs |
7.0.0.2 | wwwroot\client\dotnet\Controllers\SmartCardController.cs |