1

I'm trying to authenticate a user using SmartCard Certificates in IdentityServer4.

When I follow the samples provided, Firstly, I'm unable to get my test certificates in the certificate popup in IE or Chrome. There is one Apple Device certificate that pops up for my iPhone and one other one, that could probably be wrong configuration of my test certificates.

But when I select any certificate, it take me to the login screen in ID4.

My question is, what interfaces do I have to implement so that a user can authenticate using a CAC, PIV, SmartCard or X.509 certificate and get back a token if the cert is valid ?

I've already researched the setup needed for Client Certificate authentication

var host = new WebHostBuilder()
            .UseKestrel(cfg =>
            {
                var httpsoptions = new HttpsConnectionFilterOptions
                {
                    ServerCertificate = cert,
                    ClientCertificateMode = ClientCertificateMode.AllowCertificate,
                    CheckCertificateRevocation = false,
                    SslProtocols = System.Security.Authentication.SslProtocols.Default,
                    ClientCertificateValidation = ClientCertificateValidation
                };

                cfg.UseHttps(httpsoptions);
            })

Can anyone please help if you've implemented similar requirements using IdentityServer4 ?

Tarunpreet Ubhi
  • 405
  • 1
  • 3
  • 18
  • Just so we're clear, your question is really just "how do i do client certificate authentication in ASP.NET Core". IdentityServer is really ancillary. – Brock Allen Mar 22 '17 at 01:51
  • I was under the impression that just like we have to implement IResourceOwnerPasswordValidator and IProfileService for the resource owner password flow, there would be some other interfaces that I will need to implement so that IdentityServer can issue a token for certificate based auth. Is that not so ? – Tarunpreet Ubhi Mar 23 '17 at 17:59
  • Did you ever find a solution for this? – Ilya Jan 31 '19 at 12:47
  • not really, but i know that IdentityServer recently added cert auth mtls – Tarunpreet Ubhi Jul 03 '19 at 07:10
  • @TarunpreetUbhi I noticed you hadn't found a solution to this as of Jul 2019. Is this still the case? I am also trying to implement CAC auth using Identity Server and found the Mutual TLS document lacking. – Frank Hale Jun 01 '20 at 17:01

0 Answers0