The latest release of the Aloaha Smartcard Middleware Aloaha Smartcard Connector (http://www.aloaha.com/download/cardconnector.zip) now also supports the popular Muscle Applet.
Included in the Middleware is a Crypto Service Provider, PKCS #11 Module, Harddisk Encryption and a Password Safe.
As an add-on the user can use Aloahas Smartlogin for Smartcard based Windows Logon with or without Active Directory. (http://www.aloaha.com/download/smartlogin.zip)
Some weeks ago we explained how to disable unwanted Credential Providers completly.
In some cases Credential Providers should be hidden from the Logon User Interface BUT still usable from within the session. For example somone might not want to see the Username/Password Tile during logon but obviously still requires it when mounting a network drive or connecting via RDP to another machine. In those case you cannot hide/disable the providers via windows group policy but a Credential Provider Filter is required.
Aloaha Smartlogin comes with an integrated Credential Provider Filter to be able to hide Tiles from the Windows Logon Interface WITHOUT removing its functionality inside the session.
To activate the Aloaha Credential Provider Filter you need to open the file UserPass.ini in the installation folder. In the section CredentialProviders you can configure different filter for different provider. To enable a filter please set it to 1. Below the section to disable ALL non Aloaha Provider:
[CredentialProviders]
25CBB996-92ED-457e-B28C-4774084BD562=1
3dd6bec0-8193-4ffe-ae25-e08e39ea4063=1
503739d0-4c5e-4cfd-b3ba-d881334f0df2=1
6f45dc1e-5384-457a-bc13-2cd81b0d28ed=1
8bf9a910-a8ff-457f-999f-a5ca10b4a885=1
94596c7e-3744-41ce-893e-bbf09122f76a=1
AC3AC249-E820-4343-A65B-377AC634DC09=1
e74e57b0-6c6d-44d5-9cda-fb2df5ed7435=1
F8A0B131-5F68-486c-8040-7E8FC3C85BB6=1
Many customers are asking if we know any website they can use to test and check website logon via Smartcard or certificate. To make it easier for those customers we configured a test page on https://card.aloaha.com/CertAuth
Please note that that site might generate a warning in your browser since the root certifcate of the page is not issued by a trusted root. You can ignore this warning since this is purely a test page without any content.
Also note that revocation checks are disabled via HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443\DefaultSslCertCheckMode=1
Nevertheless it might be required that we import the root certificate of your smartcard certificate into the machine store. So should you not be able to logon to our test website please send your root (and if required also your intermediate) certificate as a zipped .cer file to info@aloaha.com
If you do not have a Middleware (CSP/PKCS11) for you smartcard yet please have a look at the Aloaha Cardconnnector. Currently it supports more than 45 different cards!
The download link is: http://www.aloaha.com/download/cardconnector.zip
The new Aloaha Smartlogin has been released today. It can be downloaded from http://www.aloaha.com/download/smartlogin.zip
Evaluation Keys can be requested from info@aloaha.com
Aloaha Smart Login
To save the user credentials to a PKCS #11 Token is pretty easy. Just start PKCS #11 Credentials from the windows start menu.
Aloaha PKCS #11 GUI
To use it do the following steps:
This video shows the Aloaha Smartlogin using encrypted credentials saved on a PKCS #11 Token such as the eToken. It is ideal for smartcard based logon for machines which are NOT member of a domain.
You can download the software from http://www.aloha.com/download/smartlogin.zip
Aloaha Smartlogin exists in two editions. One edition includes the Aloaha Smartcard Connector (CSP) supporting ca. 45 different cards. Those cards can be connected via PC/SC (CCID) or CTAPI (for example eHealth Terminals.
Some customers require a more generic Windows Logon Solution. For example because their card is not one of the 45 supported cards OR they are forced to use their own smartcard middleware.
The second edition supports any smartcard via its middleware (cryptoAPI/CSP) or PKCS #11 module. When using the card via middleware/crypto API the user credentials will be encrypted with the smartcard certificates and stored as a softtoken on the local harddrive or network share. Basically this solution is a 3-factor logon solution since it is require to know the PIN of the Card, the possession of the smartcard AND the existance of the Softtoken.
In case user do not want to use the softtoken based 3-factor solution they can opt to use the PKCS #11 Interface of their middleware. When using the PKCS #11 Library Aloaha will save the user credentials encrypted in a private object ON the card itself!
To store the credentials on the card the user needs to call “PKCS #11 Credentials” from the start menu or PKCS11Credentials.exe from the installation folder (<program files>\wrocklage)
Aloaha Smartlogin PKCS #11 Interface
As a first step the PKCS #11 Library to be used has to be defined! Once that library has been choosen all available token will be listed.
If there is more than one token the user has to select the token to be used in order to save user credentials to the token.
The token removal behavior will be read from the system policy OR from the file Userpass.ini. For details please contact support at info@aloaha.com
To install this edition of Aloaha please download http://www.aloaha.com/download/smartlogin.zip
Please note that a license key is ALWAYS required! Evaluation keys can be requested from info@aloaha.com
Aloaha on Twitter