OpenSSO/FAM and the Belgian Identity Card (EID)
By Bert Van Beeck on Jun 12, 2008
People keep asking me whether Sun's identity management solution supports the EID card for authentication out-of-the-box. The answer is YES.
OpenSSO/FAM can use the EID certificate via X509, leveraging the EID middleware and the browser' SSL backchannel.
In order to map the certificate to a local LDAP account/profile, you can either have that account created on the fly, use a transient session that only keeps the profile in memory and deletes it afterwards, or map it to an existing profile by adding the certificate public key as an attribute to the OpenSSO used LDAP repository.
For more information on how to configure the OpenSSO environment for use of EID, please look at Sebastien's article :
way of dealing with is would be to use Federation (f.e. SAML 2)
connecting OpenSSO to a SAML enabled identity provider using EID as a
means of authentication. That way, an assertion would be sent to
OpenSSO that could be used to create a session for the intended account.
IDP's with this capability that do not currently have SAML 2 functionality embedded in the product may want to take a look at the newly added Fedlet and Federation Validator functionality added in OpenSSO. It is both intended for SP's and IDP's.
See : http://blogs.sun.com/sid/entry/fedlet