Identity Assurance Solution by NetIQ (IAS) enables federal agencies to comply with the credential issuance, physical and logical access requirements of Homeland Security Presidential Directive 12 (HSPD-12). This solution provides convenient yet controlled access to disparate logical IT systems and physical facilities by using combinations of biometrics, passwords, personal identification numbers, smart cards, X.509 digital certificates, and other forms of advanced authentication.
It is fully integrated with NetIQ Identity Manager and meets FIPS 201 workflow, identity management, and card life cycle requirements. Personal Identity Verification (PIV) cards issued using this solution enable users to have physical and logical access to facilities and IT systems. This solution enables convergence of IT and physical systems to provide a complete end-to-end and seamless control system.
The following sources provide information about the Identity Assurance Solution:
Installation: NetIQ Enhanced Smart Card Method 3.1.0.0 Installation and Administration Guide
Online product documentation:
For Identity Assurance Solution documentation, see the Identity Assurance Solution Documentation Web site.
For NetIQ product documentation, see the NetIQ Documentation Web site.
Third-party documentation:
For documentation about third-party software included in this solution, see the documentation provided by the vendor.
The smart card based login with enhanced smart card method fails with NMAS and displays the client login module not found error message. For a successful login, install Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update.
NESCM iManager plug-in fails if the Windows Server machine where the iManager server is running does not have a particular version of Microsoft Visual C++ redistributable installed.
To workaround this issue, install Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update.
On a system that has Identity plug-in configured for
and options, if you log in by right clicking the icon in the notification area of the taskbar, the Identity plug-in returns user(s) associated with the smart card. To change the user, press the Shift key and specify other login details such as Password (or pin), Tree, Context, and Server.When trying to read certificates that are on a Ceres smart card through Internet Explorer using the NetIQ Enhanced Smart Card iManager plug-in, a blank page appears.
You cannot install IASC in silent mode. Instead, use the individual installers of the Novell Client and NESCM as follows:
Launch the Novell Client installer using setup.exe from the NovellClient\Vista\ location.
Launch the NESCM installer from the NMASMethods\EnhancedSmartCard\client location.
Ensure that appropriate NESCM installer setup.exe or setup_64.exe is launched. For more information, see the installation instructions from the Silent Installation section of the NESCM Installation Guide.
Following are the examples of batch scripts for installing the Novell Client and NESCM:
For Windows 7, run the following script:
start /wait NovellClient\Vista\setup.exe
start /wait NMASMethods\EnhancedSmartCard\client\setup_64.exe /S /v"/qn"
Sometimes while installing NESCM on Windows 8, the installation may fail. This is because the Microsoft Visual C++ Redistributable Package that is provided as part of the installer requires restarting the computer even though it is successfully installed.
After restarting the computer, NESCM is installed successfully.
Uninstalling the Novell Client does not remove the NMAS methods from a system, it only removes the configuration information. When NMAS client is reinstalled on a system that has NMAS methods installed on it, the NMAS Client looks for the configuration information required to load the appropriate login client module, which causes eDirectory login failure and displays the following error:
"client login module not found".
To avoid this error, run the installation in the following order:
Install the Novell Client and NMAS Client.
Install NMAS method (LCM).
For the smart card login to work, reinstall the Novell Client and then reinstall NESCM or add NESCM by using NCC.
Instead of uninstalling and reinstalling the Novell Client, you can repair it by running the setup.exe file for the same version or upgrade it by running the setup.exe file of the new version.
When you login to eDirectory 8.8 SP7 server using NESCM, the login fails because of a SidebySide error, displaying the following error message:
NMAS: invalid requested sequence
NESCM 3.1.0.0 requires some runtime libraries that are installed by NICI 2.7.7, which are not available in eDirectory 8.8 SP7 because it includes NICI 2.7.6.
To avoid this error, you must manually install the runtime libraries from this link:http://www.microsoft.com/en-in/download/details.aspx?id=26347.
If you have two card readers from different vendors connected to the computer simultaneously, NESCM fails to read the certificates. For example, if you have a Gemalto Cyberflex card inserted in a ActivCard reader and a Gemplus card reader with Gemalto .NET card connected to the computer, then NESCM fails to read the certificates.
However, NESCM works as expected if two card readers from the same vendor and with the same cards are connected to the computer. In this case, NESCM reads certificates from both the cards. The following are some examples where two card readers from the same vendor with same cards are connected to the computer:
Two ActivCard USB Reader V3 readers, each with Gemalto Cyberflex Access 64K V2c card in them.
Two Gemplus USB Reader readers, each with Gemalto .NET card in them.
For iManager information, refer to the iManager online documentation.
For NMAS information, refer to the eDirectory online documentation page. This documentation is available as a zip file at the end of this page.
For Password Management information, refer to the eDirectory online documentation page. This documentation is available as a zip file at the end of this page.
For Certificate Server information, refer to the eDirectory online documentation page. This documentation is available as a zip file at the end of this page.
For NICI information, refer to the NICI online documentation.
For more information on eDirectory, refer to the eDirectory online documentation.
NetIQ Corporation, and its affiliates, have intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents and one or more additional patents or pending patent applications in the U.S. and in other countries.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2013 NetIQ Corporation and its affiliates. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.