Solarwinds Authentication with Common DoD Smart card and Common Access Card CAC Product Support

Smart Card Support. Sometimes is also referred to as PIV, PKI, CAC, as well as some USB Keys Like YubiKey. 

SolarWinds Current support documentation for Smart Cards:

As of 24 June 2020

SolarWinds Orion Product Family.

Smart Card Authentication Solarwinds Orion Platform

Orion Modules Include:

  • Network Performance Monitor
  • NetFlow Traffic Analyzer
  • Network Configuration Manager
  • User Device Tracker
  • Server & Application Manager
  • Server Configuration Monitor
  • Web Performance Monitor
  • VoIP & Network Quality Monitor
  • IP Address Manager
  • Storage Resource Manager
  • Virtualization Manager
  • Database Performance Analyzer (Orion Module Only)

DameWare Smart Card supported since version 5.5, Multiple Certificate Support v9+

Remote Smart Card Authentication and Interactive Smart Card Login using DameWare Development software

Web Help Desk:

This is the latest configuration documentation for Smart Card (CAC) authentication with WHD v12.2

SolarWinds Knowledge Base :: Configuring Web Help Desk 12.2 for Common Access Card (CAC) Systems

 

Security Event Manager has not been tested with Smart Card Authentication.

Parents
  • I have followed the 2020 h2 setup guide for smart card authentication. I have tried all support pages, changing authentications settings, and nothing seems to work. Solarwinds says talk with server admins instead helping me with a way forward. When i follow all the steps correctly and try to authenticate with cac, it acts like it authenticates and then it has a good url but it gives me a blank white page with nothing on it. Does anyone have any helpful ideas on how to fix this?

  • IIS feature changes:

    • Security changed (1 of 9) to (4 of 9)
    • Client Certificate Mapping Authentication
    • IIS Client Certificate Mapping Authentication
    • Windows Authentication

    IIS changes

    • IIS
      • Authentication (post SolarWinds installation change and after first logon) (Required for PKI and SSO)
        • Enable Active Directory Client Certificate for Authentication
        • Disable Anonymous Authentication
        • Enable Windows Authentication
    • Management
      • Configuration Editor: after cert should be:
        • Section: webServer/security/access
        • Deepest Path: MACHINE/WEBROOT/APPHOST
        • sslFlags: Ssl,SslNegotiateCert,SslRequireCert,Ssl128
      • Feature Delegation: No changes
      • Shared Configuration: No changes.

    Run the permission checker

    We also delete the default web page.

    These settings I think are a little different then the SolarWinds documentation.

  • Thank you, I tried this but it still did not work, its a blank white page after it loads from selecting my cac to authenticate.

  • Check your IIS filtering. Depending what Alphabet soup you come from your default build may have some of these blocked.

    IIS handler mapping requirements (solarwinds.com)

    I am sure you tried the good ole reboot.

    Also Forms  and anonymous authentication need to be off in IIS. Global if there but definitely at the site level.  This is contrary to their documentation, none the less at least in my environment it wont work with those on.

    I went through several upgrade notes over the pass few years and these are the things that got me.

Reply
  • Check your IIS filtering. Depending what Alphabet soup you come from your default build may have some of these blocked.

    IIS handler mapping requirements (solarwinds.com)

    I am sure you tried the good ole reboot.

    Also Forms  and anonymous authentication need to be off in IIS. Global if there but definitely at the site level.  This is contrary to their documentation, none the less at least in my environment it wont work with those on.

    I went through several upgrade notes over the pass few years and these are the things that got me.

Children