3 Replies Latest reply on Jan 20, 2011 10:55 AM by SafeBoot

    Connector and certificate tokens question

      Hello, we are using EEPC and users are using smartcard for authentication. Syncronization works and users are imported from AD and greated certificate based token. Every user is related to specific PC. Now we need to change user smartcards and it means for EEM that we need to change tokens for users from Cerificate A token to certificate B token.

      Our approach is following:

      We have defined two AD connectors 1 for certificate A and second for certificate B.

      1) In AD we change groups and connector knows that it should use second connector.

      2) In EEM we change binding numbers - for example SBADCON1.changes to SBADCON2. changes. We set changes parameter 0 to enforce syncronization (probably we don't need that because change in AD will force syncronization).

      3) At next syncronization second connector will find user and will syncronize data, and all changes are OK, at least updated. The problem is that even syncronization updated all properties in binding tab, it seems that token hasn't been changed. At least if user wants to log in it will get error that wrong token.

       

      I was wondering, if we delete SBADCON1.certid will it help us.(this pop up as I was writing question)

       

      Anyway is our approach right and can we somehow switch users token or the only option is to delete user and recreate it with correc token.