Return the smart card serial number of the card tto Microsoft Active Directory using SecureLogin

  • 7940457
  • 19-Aug-2009
  • 26-Apr-2012

Environment

Novell SecureLogin SSO


Situation

Is it possible to return the smart card serial number of the card used to logon to Microsoft Active Directory using SecureLogin?

Resolution

Yes. The following would check if there is already a value for $SmartCardSerialNumber and that it matches the card being used to logon. In this case the smart card has been issued using ActivIdentity’s Card Management System and the telexNumber in Active Directory is being used to store the smart card serial number.

Create a Startup Application Definition (so it runs for all users) and read and set the serial number using the following syntax (checks each time in case user has lost card etc.);

#===================================================================================# 
# Check if the user has a value stored and compare it with the number stored in SSO #
# The smart card serial number is read from the TelexNumber field #
#===================================================================================#
If -Exists $SmartCardSerialNumber(Smart_Card_Serial_Number)
If $SmartCardSerialNumber(Smart_Card_Serial_Number) Eq %telexNumber
Else
Set $SmartCardSerialNumber(Smart_Card_Serial_Number) %telexNumber
EndIf Else Set $SmartCardSerialNumber(Smart_Card_Serial_Number) %telexNumber
EndIf

Note: %DirectoryVariables can only be read when the Directory is available. The above would return an error if the user was disconnected from the network. You should add other checks in the startup application definition so it only runs if the user is connected to the Directory.