Reading a Common Access Card (CAC) to sign form

Report · Apr 05, 2010

I am new to ColdFusion, but I have experience in using PHP and ASP so the learning curve was not bad. I have worked with InfoPath 2007 creating a few forms. What I want to do is to create a form on a Web page using ColdFusion, which I have completed. One of the requirements I need is to be able to digitally sign the form using the CAC.

Does ColdFusion have the capability of doing this? Can I use ColdFusion to read the certificates on the CAC? I have done a lot of research on this with no luck. I read that there are some Java Wrappers that can do this but have not been able to find any.

Report · Apr 05, 2010

Is digitally signing a form that would be done on a server (where ColdFusion lives and runs) or on a client (where ColdFusion is nothing to do with things)?

I have never used nor heard of 'digitally signing the forum using the CAC'. But it sounds like something client related to me.

Report · Apr 06, 2010

Check out this link, http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:52720

It will show you how to read the CAC and get the information you need from the CAC

Mike

Report · Jun 10, 2010

Actually, that link does little for you. Why? Because sometimes there are more than one certs on a CAC. For instance on the CAC I have for one of my jobs there are 2. The rest of the applications use the EMAIL cert but the CGI can not read that cert for some reason so I'm stuck with the other (non-email) cert and this confuses people when they are asked which cert to use.

Not only that, management would like to force people to put in their login to digitally sign documents. Right now people only have to enter their password when they first sign on and every so often based on the network timeout.

It would be great to be able to be able to tap into the full potential of the CAC. Even if I have to install a java or .Net component.

Report · Jun 10, 2010

Can you get away with building a simple form with network username and password as fields? Then validate that information against the directory to verify that the information matches.

Take a look at the following:

If the query above returns more than zero records, we know that the username and password are a match.

Report · Jun 18, 2010

Only thing I needed to do was to get their ID # from their CAC and compare it with LDAP. I did not need their email cert but just their ID

Report · Jun 02, 2014

...