People keep asking me whether Sun's identity management solution supports the EID card for authentication out-of-the-box. The answer is YES.
OpenSSO/FAM can use the EID certificate via X509, leveraging the EID middleware and the browser' SSL backchannel.
In
order to map the certificate to a local LDAP account/profile, you can
either have that account created on the fly, use a transient session
that only keeps the profile in memory and deletes it afterwards, or map
it to an existing profile by adding the certificate public key as an
attribute to the OpenSSO used LDAP repository.
For more information on how to configure the OpenSSO environment for use of EID, please look at Sebastien's article :
http://blogs.sun.com/sebsto/entry/use_your_eid_to_authenticate
Another
way of dealing with is would be to use Federation (f.e. SAML 2)
connecting OpenSSO to a SAML enabled identity provider using EID as a
means of authentication. That way, an assertion would be sent to
OpenSSO that could be used to create a session for the intended account.
IDP's
with this capability that do not currently have SAML 2 functionality
embedded in the product may want to take a look at the newly added
Fedlet and Federation Validator functionality added in OpenSSO. It is
both intended for SP's and IDP's.
See : http://blogs.sun.com/sid/entry/fedlet
My LinkedIn profile