Known issues and limitations

Known issues

  • Interopability:
    Installation of Net iD Client will remove Net iD Enterprise. They may be installed in parallel, but the current default package will replace to allow for better detection of missing functionality when used with different applications.

  • PKCS#11 CK_ULONG:
    The PKCS#11 library will use 32-bits CK_ULONG on 64-bits Windows. This behavior is consistent with Mozilla and Java, so will remove the need for the special built library delivered with Net iD Enterprise.

  • Plugin ActiveX:
    Plugin used as ActiveX component will be identified by GUID:

    • {5BF56AD2-E297-416E-BC49-00B327C4428E} — Net iD Client

    • {5BF56AD2-E297-416E-BC49-00B327C4426E} — Net iD Enterprise Customers using the _netid.js file to access plugin will continue to work without and changes needed. Customers should start using _netid-ng.js, since it will also handle web-extensions to allow the use of the plugin in other web-browsers (Chrome/Firefox/Edge/etc).

  • MSI upgrade from v1.0.3:
    Upgrading from v1.0.3 will prompt for autoclose applications. Because Net iD interact with explorer.exe autoclose will cause explorer to reload. Select Do not close applications or use silent install instead.

  • Citrix session towards Windows client OS:
    Not detected as win-stationtype ICA resulting in no virtual channel functionality.

  • Firefox snap package cant load pkcs11 module. Remove snap and use Firefox ESR version instead. For more information, see bugzilla link https://bugzilla.mozilla.org/show_bug.cgi?id=1734371.

Known limitations

  • Special characters:
    The comma character "," is not allowed to be used in attributes for Subject RDN, Subject AltName or Issuer RDN, that is, Title in Subject RDN. Since this character is used as delimiters there are in practice too many possible problems with implementations that cannot seperate the use of commas as characters from the use as delimiters.

  • ECC (Elliptic-Curve Cryptography):
    The ECC algoritms are fully implemented in PKCS#11, Plugin, KSP, and MiniDriver, but are not available in CSP (not allowed by Microsoft) and CryptoTokenKit (not implemented). The ECC algorithms are fully implemented for soft tokens. The ECC algorithms are fully implemented for some smart cards. Most smart cards lack the support, but missing implementation for some of the smart cards that have the support.

  • Net iD Portal with web-extension:
    Running Net iD Portal with web-extension in Edge, Chrome and Firefox requires Net iD Portal GUI v1.9.47 or newer.

  • Net iD Portal with Mifare support:
    Running Net iD Portal with Mifare support and PaperCut integration requires Net iD Portal GUI v1.9.51 or newer.

  • mTLS IE mode Windows 11:
    Login mTLS in Edge browser running website in IE mode is not working in sandbox. Solved by adding site to Trusted Sites zone in Internet Options Security tab.

  • RemoteConnect to already logged in Console:
    RemoteConnect to already logged in Console session will result in user certificate mover not being able to restart. Logout and login again to resolve issue.

  • ExitWindows in multi-user scenario on Windows client OS:
    If ExitWindows functionality is used it will fail if normal lock PC is used on card removal. Use disconnect action instead.

  • Minidriver:
    Limited support. Due to limitations each Minidriver customer use case requires evaluation. Most likely there is no need for Minidriver, use Net iD KSP instead.

  • Soft token: No upgrade support from v1.0.3 due to major change in migration from Net iD Enterprise.

  • mTLS with soft token on macOS:
    No support due to CryptoTokenKit limitations.

  • Autorenew:
    Net iD Portal setup required. Limited token support.

  • Pre-login:
    Proof of Concept. Requires Net iD Portal v5.8.6 and Net iD Access Server 3.0.0.