PKI Authentication

This module allows a user to register and then login to a Drupal 7 site using a smart card. There is out-of-the-box support for DOD Common Access Card (CAC) as well as a hook to allow for validation of other types of smart card such as Soft Certs, PIV or any other PKI certificate.

Overview

Rather than PKI protecting the entire site, there is a protected directory in the misc area of your site. Links to login and register direct the user to this protected directory where the PKI data is extracted from the client, added to a temporary table that is indexed by a nonce which is passed back into the module. If the nonce is passed back into the module before it has expired, a validation hook is fired. If the PKI data is valid the user is either logged in or an account is created, as specified in the user configuration settings.

Note: This module currently overrides the edit user page and user login pages, dis-allowing regular logins.

See README.txt for additional information.

Quick Start

1) Your web server must be configured to use SSL and enable PKI protected directories. Instructions are included in the INSTALL.txt on how to accomplish this on an Apache web server.

2) Install the module in your modules directory then copy the folder in the misc subdirectory into your sites misc area, (sites/default/misc or sites/site-name/misc) being sure to copy the .htaccess file.

3) Update the configuration settings under configuration -> pki_authentication tab and enter where the PKI protected directory is. Include both leading and trailing slashes.

4) Login with your CAC or other PKI device on a different computer insuring you maintain an admin window to enable and grant permissions to your first few PKI users.

Again, see INSTALL.txt for more detailed instructions.

Sandbox

git clone --recursive --branch 7.x-1.x http://git.drupal.org/sandbox/rickwelch/1663258.git pki_authentication

Thank you in advance for your review and comments.