IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

Using the smart card self-certification tool

Run the smart card self-certification tool to test whether the smart cards used by your organization are compatible withIBM® Security Access Manager for Enterprise Single Sign-On.

Before you begin

Make sure that you have the following items:

A personalized smart card
Drivers for the smart card reader (if applicable)
Smart card middleware
Smart card PIN
The RSA keypair and the corresponding certificate issued by a Certification Authority or CA that are already stored in the smart card

For more information about the requirements, see the readme.txt file that is included with the smart card compatibility tool.

About this task

By default, the tool runs smart card tests based on the following items:

Windows Smart Card Service
Cryptographic Service Provider (CSP) module

The smart card is compatible with IBM Security Access Manager for Enterprise Single Sign-On if the CSP tests are successful. CSP tests are successful if the following criteria are met:

Certificate test is successful and outputs a certificate used by IBM Security Access Manager for Enterprise Single Sign-On for authentication.
PIN verification test is successful.
EITHER encryption test OR signature test is successful.
The CSP supports the silent mode. The execution of the tests does not result in any pop-up dialog for PIN verification or certificate selection.

Procedure

Extract the contents of the .zip file to a temporary folder. For example, C:\temp\.

Navigate to the temporary folder, then specify the parameters in the config.ini file.

Double-click the config.ini file and enter parameters by using Notepad.exe.

Optional: Specify the following basic parameters.

Parameter	Description
PKCS11Lib	Name of the PKCS#11 library provided by the smart card middleware. If the .DLL file is not in the system path, specify the full path of the .DLL file.
CSPName	Name of the Cryptographic Service Provider (CSP) provided by the smart card middleware.

See the readme file for more details on other parameters.
Save the configuration file.

Open the command prompt.
1. Click Start > Run.
2. In the Open field, enter cmd.
3. Click OK.
Enter >SCardCompatTool -i <path-to-config-file.ini>-o <log-file>. For example, >SCardCompatTool -i config.ini -o scardtest.log.

Results

A log file is generated and stored in the same folder as the compatibility tool folder. The following information is included in the log file:

Logs - The logs are stored in the file specified in the command-line parameters. Each time you run the smart card compatibility tool, the logs are appended to the file.
Certificate - The tool also extracts and stores the certificate of the smart card keypair used for testing in the file. The certificate file name is of the form: <serial-number>.cer.

Feedback