CAC-enabled site, "SSL_CLIENT_S_DN_Email" not working

LEGEND ,
Jun 09, 2016 Jun 09, 2016

Copy link to clipboard

Copied

Hello, all,

My environment is Apache 2.4 on a Windows Server with CF10.  The production environment uses CACs (Common Access Card) as logins, and we have set Apache and CF so that a user's information can be accessed via CGI variables set from the CAC login.  However, we never had a need for access to a user's email address, until now.  (Things like user first/last name, and other things, are easily available, as of this writing.)

I did some research, and found that if we added jkvar SSL_CLIENT_S_DN_Email to the "mod_jk.conf" file and restarted the Apache service, we _should_ be able to access a user's email address from their CAC.  However, whenever I try to use this in the application, it is coming back as undefined.

Is there something else that we need to do in order to have access to the SSL_CLIENT_S_DN_Email value on a user's CAC?  Something in either Apache or CFAdmin?

V/r,

^_^

Views

429

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Jun 15, 2016 Jun 15, 2016

Copy link to clipboard

Copied

Has anyone else worked with CAC/PKI logins in Apache and CF??

V/r,

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Jun 21, 2016 Jun 21, 2016

Copy link to clipboard

Copied

LATEST

I hate to bump topics up.  I very, VERY rarely ever do it.  But I'm running out of rope, on this.  I've Googled it several different ways, and never can seem to find instructions for getting this to work.

V/r,

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines