Hi,

I'm in completely new territory and I am unsure of where to start investigating.

I work for a big org with many Windows PCs controlled by a Microsoft network. We are using WebLogic 11g and Java 6

The org began using CACs ( smart cards ) to authenticate users who want to get into their PCs and into Windows.

My boss would like the users of our Java webapp ( Spring 3.1 and legacy servlets duct taped together ) to be able
to access our Java webapp, without authentication, if they are already in Windows via their CAC.

Like I wrote, I do not know what is involved or where to start for this goal.

Would I try to get the WebApp to talk to the Microsoft Network or the user's PC to ask if that person has been CAC authenticated?

Would I try to read a web certificate from the CAC with Java? If so, I have never used certificates before. Where could I go to learn about as if I am complete beginner, which I am?

Thanks in advance for any information or tips

Steve