Forms, RADs and Common Access Cards - It Works

After three weeks of twelve hour days, lost weekends, and two trips to our customer's location, we finally have an Oracle Forms application that can be accessed with Department of Defense Common Access Cards (CACs).

CACs are smart cards containing a PKI certificate. The military uses these for ID cards and for gaining access to the .mil domain. Users have to insert their CAC into a reader at a workstation to login to their local network.

We built a login module using two java servlets and a simple html form to read the users common name attribute from the card's distinguished name. The CAC's common name contains a unique identifier that is used to create an entry in Oracle Internet Directory. We use Oracle's sample forms_rad pl/sql package to create a Resource Access Descriptor for the user and store it in OID as well. After the user's OID entry and RAD are created, they are turned over to Forms, which is configured for Single Sign-On. Single Sign-on authenticates the user and Forms then pulls the RAD from OID and connects to their backend database account.

Although it was often frustrating, it was a great learning experience. My next project is to convert the servlets into .jsp pages. Now that we've got the configuration licked (about 75% of the effort was getting the Oracle Application Server 10g (10.1.2) configured correctly) this should be fairly simple.

Several folks posted helpful suggestions to previous entries in this blog and once again I'll say thanks to all for your help. If anyone has any questions about our configuration please post them here and I'll do my best to answer your questions.