I’m being tasked with capturing digital signatures. For example, when people open up PDFs and digitally sign, for us government folks, we have the option to sign with our cards. How does Adobe do this? How can I get this same functionality on a website?
I have a keyboard where I can input my card, now how can I actually READ this card? Any information? Language doesn’t matter although I am most famliiar with PHP.
No idea, but you should start here. You’re going to have to use an api provided by the software installed on the PC.
You’re going to have to do it client-side, not server side.
I’ve used this one before - pretty straight-forward IIRC, but it’s been a couple years.
Edit: I originally removed this, but I think you might need to incorporate both approaches…one for cards, one to catch ipad/mouse signing…
I NEED this client-side? I only need the digital number on the back of hte card - that’s it. I don’t need anything else.
There’s no possible way for server-side?
So, you’re ONLY going to account for the card, not for e-signatures as well? What it they’re on an ipad which doesn’t have a card slot?
This application will be unavailable to them. They must have the CAC to even log into the computer. To even get access to the intranet webserver it must be in.
Noone should be accessing this from outside of a desktop. Let’s go with that assumption for now.
If you can’t find info from my link, you could always start deconstructing how AKO (or some other site) does it.
https://login.us.army.mil/suite/login/javascript/akologin.js
I’m having that on my backburner for now. I’d rather have that as a last resource. I have found some links.
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Smartcard_Configuration_Examples
http://www.dwheeler.com/essays/apache-cac-configuration.html
I think I’ll step aside and let @mawburn help, but AFAIK, there’s no way to capture something off a client’s machine without using some sort of client side scripting.
Thinking it over, client side should be fine…Yeah I’m going to head down that route.
Where can I find what page that is attached to?
Well, it’s been a while since I used mine. But I think the CAC cards are still the same. The way it worked back then, was the local software would actually fill in your digital signature into a popup dialog as if you were typing it. It was not a slick seemless process or covert at all. I’m sure the actual process hasn’t changed much, but the UX probably has improved to hide this better.
But it has been a few years… the last time I used it was when AKO started requiring a CAC to log in. It started out with long passwords, then moved to CAC being optional, then CAC being the only way.
AKO
@WolfShade might have an idea how to help.
I might be able to take something from that page. I’m not even sure if our SSL certificates even are set up for this. I’ll keep at it and see if I can get something cooked up.
Edit-For any SP staff who are looking at this thread and might want to use this as part of twitter/facebook tweets or statuses, or perhaps the weekly roundup article, please do no such thing.
I’m not sure how much help I could be. I mean, yeah, we do have some web apps that can read the whole DoDID (last.first.mi.EPID), but I’m not sure about the sig certs.
There is an Apache support page that lists all of the variables that the DoD CACs contain. If you’re not using Apache, I’m sure they are the same for IIS or other web servers. I know that the DoDID is SSL_CLIENT_S_DN_CN.
In ColdFusion Server, these appear within the CGI scope, if the web server has them enabled. (I can also tell you that these were defaulted to “ON” in CF9 and earlier, but defaulted “OFF” in CF10 and after.)
Hope this helps, at least a little. If you have any specific question about utilising these variables, let me know.
V/r,
More help than me! I’ve only used them, never developed for them. 
I e-mailed the DoD CaC support center. They have a small subsection on their website dedicated to developers. Hopefully they can steer me in the right direction. Thanks everyone.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.