This topic helps you set up AppScan®
Source to
allow a connection to an AppScan Enterprise
Server that is enabled for Common
Access Card (CAC) authentication.
Before you begin
CAC authentication is only supported on Windows and for connections to AppScan Enterprise
Server Version 9.0.3.1 iFix-001 and
higher.
Procedure
-
Ensure that AppScan Enterprise
Server is
not yet set up for CAC authentication.
-
Log in to AppScan Source
for
Analysis or the AppScan Source
command line interface
(CLI) as an AppScan
Source administrator.
-
Follow the instructions in the HCL® AppScan Source Installation and Administration
Guide for setting all AppScan Enterprise
Server
users to have all permissions. This will set the initial default permissions for AppScan Enterprise
Server users to full administrative
access, however, after CAC setup is complete, you will be able to change the default permissions to
suit the needs of your organization.
-
Exit or shut down all AppScan
Source client
applications.
-
Set up AppScan Enterprise
Server to
allow CAC authentication
-
Follow the instructions in the HCL AppScan Source Installation and Administration
Guide for registering the AppScan
Source
Database with an
AppScan Enterprise
Server that is enabled for
Common Access Card (CAC) authentication.
-
Open <data_dir>\config\ounce.ozsettings (where <data_dir> is the location of your
AppScan
Source program data, as described in Installation and user data file locations)). In this file, locate this setting:
<Setting
name="client_cert_auth"
value="false"
default_value="false"
description="Uses client certificate authentication"
display_name="Uses client certificate authentication"
type="boolean"
read_only="true"
hidden="true"
/>
-
In the setting, change
value="false"
to value="true"
and then
save the file.
-
If you will be logging in to AppScan Enterprise
Server from AppScan Source
for
Analysis or the AppScan Source for Development Eclipse plug-in:
-
In your Java™ installation directory, locate
jre/lib/security/java.security. For AppScan Source
for
Analysis, the jre folder is
located in your AppScan
Source installation directory.
Create a backup copy of this file.
-
Edit java.security.
-
In the list of providers and their preference orders, add
com.ibm.securitycapi.IBMCAC
as the first security
provider. For example, if you are editing
java.security for AppScan Source
for
Analysis usage,
change this:
security.provider.1=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.2=com.ibm.jsse2.IBMJSSEProvider2
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.hcl.securitycert.IBMCertPath
security.provider.5=sun.security.provider.Sun
to this:
security.provider.1=com.hcl.securitycapi.IBMCAC
security.provider.2=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.3=com.ibm.jsse2.IBMJSSEProvider2
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.hcl.securitycert.IBMCertPath
security.provider.6=sun.security.provider.Sun
-
Save and close the java.security file.
-
Log in as an AppScan
Source administrator to AppScan Source
for
Analysis or the AppScan Source
command line interface
(CLI) using CAC authentication.
-
Change the default permissions of AppScan Enterprise
Server users to suit the needs of
your organization.
What to do next
Your certificate cannot be SHA-1 if you want to enforce Federal Information Processing Standard
(FIPS) mode. You can enforce FIPS mode by using a SHA-2 certificate and by running the
appscanserverdbmgr_cac_fips.bat tool that is described in the HCL AppScan Source Installation and Administration
Guide. In the guide, locate the help for
registering the AppScan
Source
Database with an
AppScan Enterprise
Server that is enabled for
Common Access Card (CAC) authentication.
To determine what certificate you have:
- Open the Windows Certificate Manager: In the Windows Start menu, type
certmgr.msc in the Search box and then press Enter. If you are prompted for an
administrator password or confirmation, type the password or provide confirmation.
- Open the certificate by double-click or user interface Open action.
- Select the Details tab in the certificate.
- Locate the Signature hash algorithm field. The value for this field
indicates the type of certificate.