Identity Assurance Solution Readme

August 2012

1.0 Overview

Identity Assurance Solution by Novell® (IAS) enables federal agencies to comply with the credential issuance, physical and logical access requirements of Homeland Security Presidential Directive 12 (HSPD-12). This solution provides convenient yet controlled access to disparate logical IT systems and physical facilities by using combinations of biometrics, passwords, personal identification numbers, smart cards, X.509 digital certificates, and other forms of advanced authentication.

It is fully integrated with Novell Identity Manager and meets FIPS 201 workflow, identity management, and card life cycle requirements. Personal Identity Verification (PIV) cards issued using this solution enable users to have physical and logical access to facilities and IT systems. This solution enables convergence of IT and physical systems to provide a complete end-to-end and seamless control system.

2.0 Known Issues

2.1 Dealing with Client Login Module Not Found NMAS Error

The smart card-based login with enhanced smart card method fails with NMAS and displays the client login module not found error message.For a successful login, install Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update.

2.2 NESCM iManager Plug-in Does Not Work on Windows 2008 Server

NESCM iManager plug-in fails if the Windows Server machine where iManager server is running does not have a particular version of Microsoft Visual C++ redistributable installed.

To workaround this issue, install Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update.

2.3 Login Issues When Automatically Look Up User Account and Use First Account Returned Options are Selected When NESCM is Installed

On a system that has Identity plug-in configured for Automatically Look Up User Account and Use First Account Returned options, if you log in by right clicking the icon in the notification area of the taskbar, the Identity plug-in returns user(s) associated with the smart card. To change the user, press the Shift key and specify other login details such as Password (or pin), Tree, Context, and Server.

2.4 Smart Card Usage Behavior Differs from IASC 3.0.6

Firstly, card monitoring fails if you remove the smart card from the card reader before the Windows login process is complete.

Secondly, after a smart card based login to eDirectory through NWTray, removing the smart card from the card reader triggers the configured card removal action (workstation lock or log off). However, this is the expected behavior and can be ignored.

2.5 Issue with GemSafe and Ceres Card on Internet Explorer

On Windows XP, when trying to read certificates that are on a GemSafe smart card through internet explorer using the Novell Enhanced Smart Card iManager plug-in, a blank page appears.

Similarly, on Windows Vista, when trying to read certificates that are on a Ceres smart card through internet explorer using the Novell Enhanced Smart Card iManager plug-in, a blank page appears.

2.6 Unattended Installation of IASC 3.0.8 Not Supported

You cannot install IASC 3.0.8 in silent mode. Instead, use the individual installers of the Novell Client and NESCM as follows:

  1. Invoke the Novell Client installer.

    • For Windows XP, invoke setupnw.exe from the NovellClient\WINNT\i386\ directory.

    • For other Windows platforms, such as Windows Vista and Windows 7, invoke setup.exe from the NovellClient\Vista\ location.

  2. Invoke the NESCM installer from the NMASMethods\EnhancedSmartCard\client location.

    Ensure that appropriate NESCM installer, setup.exe or setup_64.exe is invoked. For more information, see the installation instructions from the Silent Installation section of the NESCM Installation Guide.

    Following are the examples of batch scripts for installing the Novell Client and NESCM:

    • Windows XP: Run the following script:

      start /wait NovellClient\WINNT\i386\setupnw.exe /u:Install\UNATTEND.TXT

      start /wait NMASMethods\EnhancedSmartCard\client\setup.exe /S /v"/qn"

    • Windows 7 and Vista (64-Bit): Run the following script:

      start /wait NovellClient\Vista\setup.exe

      start /wait NMASMethods\EnhancedSmartCard\client\setup_64.exe /S /v"/qn"

2.7 Issue with Unattended Installation of NESCM

On Windows XP, after an unattended installation of NESCM when you reboot the workstation, the card monitoring feature might not work for the first time. To use the card monitoring feature, lock the workstation and unlock it using NESCM.

2.8 Issue while Upgrading IAS Client on Windows XP

After upgrading IAS Client, the installer wizard neither performs an automatic restart nor does it prompt for a system restart. Therefore, it is recommended to manually restart the machine after upgrading the IAS client.

2.9 Uninstalling Novell Client removes configuration information for NMAS methods

Uninstalling the Novell Client does not remove the NMAS methods from a system, it only removes the configuration information. When NMAS client is reinstalled on a system that has NMAS methods installed on it, the NMAS Client looks for the configuration information required to load the appropriate login client module, which causes eDirectory login failure and displays the following error: 

 "client login module not found".

To avoid this error, run the installation in the following order:

  1. Install the Novell Client and NMAS Client.

  2. Install NMAS method (LCM)

For the smart card login to work, reinstall the Novell Client, then reinstall NESCM or add NESCM by using NCC.

Instead of uninstalling and reinstalling the Novell Client, you can repair it by running the setup.exe file for the same version or upgrade it by running new version's setup.exe file.

3.0 Documentation

The following sources provide information about the Identity Assurance Solution:

4.0 Documentation Conventions

In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.

A trademark symbol (® , ™, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark

5.0 Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2008 - 2012 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

For Novell trademarks, see the Novell Trademark and Service Mark List.

All third-party trademarks are the property of their respective owners.