I'm in completely new territory and I am unsure of where to start investigating.
I work for a big org with many Windows PCs controlled by a Microsoft network.
The org began using CACs ( smart cards ) to authenticate users who want to get into their PCs and into Windows.
My boss would like the users of our Java webapp ( Spring 3.1 and legacy servlets duct taped together ) to be able
to access our Java webapp, without authentication, if they are already in Windows via their CAC.
Like I wrote, I do not know what is involved or where to start for this goal.
Would I try to get the WebApp to talk to the Microsoft Network or the user's PC to ask if that person has been CAC authenticated?
Would I try to read a web certificate from the CAC with Java? If so, I have never used certificates before. Where could I go to learn about as if I am complete beginner, which I am?