everyone into cairs.net and Subscriber Portal (SP) can be a challenge when
not all of the users are on the same domain. Anyone that has users on a
different domain that can connect to SP or cairs.net through CEDC but have no
Windows Login, there is now a solution – CAC Authentication. Both
cairs.net and SP can now be set up to authenticate users
through their client certificates on their CAC Cards.
SP subscribers, the certificate information has been added to their subscriber
record. For cairs.net users, there are now two types of user records
under System Admin > Security. These menus are Users – Windows, and
Users – Certificate.
these two user types, any user that is not in the system will automatically be
added as a new user, and they will not have permission to log in. To give
the user permission to log in to cairs.net, go to the New Users view, open the
user record, and change them to an authenticated user.
Windows Users, uncheck the New Unauthorized User checkbox, and assign
Certificate Users, change the User Status to Authorized, and set appropriate
permissions for that user.
Here are some things that need to be set up for this to work:
Configure HTTPS in IIS
Require Client Certificates
Turn on only Anonymous
Authentication in IIS (optional but recommended)
certificate will authenticate the user. This will be managed by cairs.net
Change the new Security Type
setting in cairs.net.
those of you interested in the details, here they are. All of these steps
are written for IIS 7.5. If you have an earlier or later
version of IIS, these steps may be different.