CAS autologin

As described in this page, Gazelle SSO supports authentication using X.509 certificates.

The CAS server asks the browser for a certificate proving identity. Process is seamless and allows magic login on Gazelle applications.

Automatic procedure (Firefox&Chrome)

Go to http://gazelle.ihe.net/pki/, login with your Gazelle credentials and go to http://gazelle.ihe.net/pki/request/createCAS.seam

If you are using Firefox, you can import CA certificate directly by clicking the first link. Otherwise, you have to download the PEM located here and install it in your browser.

You can also install an authentication certificate in your browser by clicking on "Compute certificate". Using this, you will not have to enter your login/password each time.

Note for development environments

To use the CAS autologin within your application (under development) on your machine, you need to add your cert on the Java keystore. To do that, follow those steps :

1. Download 643.pem

2. Execute the command :

On Windows :

C:\Program Files\Java\jdk1.6.0_26>.\jre\bin\keytool -keystore .\jre\lib\security\cacerts -storepass changeit -import -trustcacerts -v -alias ihe2 -file "C:\643.pem"

On MacOS :

sudo keytool -keystore /Library/Java/Home/lib/security/cacerts -storepass changeit -import -trustcacerts -v -alias ihe2 -file 643.pem

On Linux (JAVA_HOME can be /usr/local/jdk1.6, /usr/lib/jvm/java-6-oracle, or ...:

sudo $JAVA_HOME/jre/bin/keytool -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -import -trustcacerts -v -alias ihe2 -file 643.pem

3. Start or restart your JBoss AS.