OpenCard Framework FAQ
OCF Web client
The OCF Web Client is part of the CardUpdater module and allows a web application to access a smart card located at the client. The OCF Web Client is a local daemon that listens on port 27001 for activation requests from the local browser. See the server side implementation which is part of the OpenSCDP ScriptingServer for details.
Starting the OCF Web Client
The OCF Web Client can be started using Java Web Start or by downloading and double-clicking on ocf-cc.jar
The OCF Web Client can also be started from the command line using
java -jar ocf-cc.jar -v
If you are behind a proxy, then you will need to specify the proxy parameter on the command line:
java -Dhttp.proxyHost=webcache.example.com -jar ocf-cc.jar -v
Once started, the OCF Web Client will create a tray icon through which you can access program options.
Troubleshooting
Safari 18
Safari activates the "Upgrade upgradable mixed content" option by default, which rewrites the http://127.0.0.1:27001 to https. As the OCF Web Client can not provide a valid TLS certificate for localhost, the activation will fail.
See also the discussion for Webkit.
Using NoScript
If you are using NoScript, then Application Boundaries Enforder (ABE) will prevent a website to access the local OCF Web Client. In this case you are getting the message that the web page could not connect to the local client.
You get this message, because ABE allows a web page to load resources only from the same origin where the page was loaded from. To activate the OCF Web Client the web page tries to read an image from http://127.0.0.1:27001 - the port where the OCF Web Client is listening for requests.
To set a rule that allows access, you need to go to "NoScript Options" / "Advanced" / "ABE" / "SYSTEM" and make sure the following rules are defined:
# Allow access to OCF Web Client Site 127.0.0.1:27001 Accept ALL from demo.openscdp.org # Prevent Internet sites from requesting LAN resources. Site LOCAL Accept from LOCAL Deny
To allow other sites to access the OCF Web Client add rules accordingly.
No card reader found
You can check the attached reader with
java -jar ocf-cc.jar -l
If you are on a Linux system, then you might need to install the pcscd package and add the user to the pcscd group to get access to the card reader.
On some systems libpcsclite is installed in a directory where Java does not find it.
Tray Icon not working
If you are on Linux and the tray icon is not working, then you could run the client with the log windows active.
java -jar ocf-cc.jar -w
The context menu in the log windows allows you to select the card reader.
Still not working - What could I do
Please use the following steps to isolate the problem:
- Click on the OCF Web Client tray icon and select "Show log"
- Enter http://127.0.0.1:27001 in your browser. If it displays a small read cross, then the OCF Web Client is running. You should see that activity in the log.
- Check the that OCF Web Client can connect to the server with
java -jar ocf-cc.jar -v https://test.pki-as-a-service.net/rt/paas
If you get a 504 error after 10 seconds, then the connection is working. - Try the same thing in your browser using the URL
http://127.0.0.1:27001/test.png?url=http://demo.openscdp.org/paas/rt/paas
You should see the red cross after about 10 seconds. - If you can connect to your local client directly, but not from the web page, then check your browser security settings for options that prevent a web page to load resources from other than the original URL (Look for things like Application Boundaries Enforcement or Same Origin Policies)
© Copyright 2003 - 2012 CardContact Software & System Consulting, Minden, Germany
The BaseOCF implementation and the enhancements made by the OpenSCDP project are licensed under the Open Card Consortium license agreement.
The Reference implementation is Copyright © 1997 - 1999 IBM Corporation. This code is derived from the original OpenCard Framework.