Known issues and limitations
Known issues
-
Interopability:
Installation of Net iD Client will remove Net iD Enterprise. They may be installed in parallel, but the current default package will replace to allow for better detection of missing functionality when used with different applications. -
PKCS#11 CK_ULONG:
The PKCS#11 library will use 32-bits CK_ULONG on 64-bits Windows. This behavior is consistent with Mozilla and Java, so will remove the need for the special built library delivered with Net iD Enterprise. -
Plugin ActiveX:
Plugin used as ActiveX component will be identified by GUID:-
{5BF56AD2-E297-416E-BC49-00B327C4428E} — Net iD Client
-
{5BF56AD2-E297-416E-BC49-00B327C4426E} — Net iD Enterprise Customers using the _netid.js file to access plugin will continue to work without and changes needed. Customers should start using _netid-ng.js, since it will also handle web-extensions to allow the use of the plugin in other web-browsers (Chrome/Firefox/Edge/etc).
-
-
MSI upgrade from v1.0.3:
Upgrading from v1.0.3 will prompt for autoclose applications. Because Net iD interact with explorer.exe autoclose will cause explorer to reload. Select Do not close applications or use silent install instead. -
Firefox snap package cannot load pkcs11 module. Use Firefox ESR version instead. For more information, see bugzilla link https://bugzilla.mozilla.org/show_bug.cgi?id=1734371.
-
PIN policy fix on some Thales tokens result in "wrong PIN" if set with non-digits prior to v1.1.3. Depending on token PIN policy it may help to use capital letters as workaround until next PIN update.
-
GUI prompts from Chrome browser in Ubuntu 22.04 will fail to present content. Workaround is to enable
Dialog>ModeRedirectAll=1
andService>ActiveUser=….,event
. -
GUI fails in Ubuntu 24.04 due to issue with webkit. Workaround is to link libwebkit v4.1 to v4.0.
-
$ sudo apt install libwebkit2gtk-4.1-dev
-
$ sudo ln -sf /usr/lib/x86_64-linux-gnu/libwebkit2gtk-4.1.so.0 /usr/lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37
-
$ sudo ln -sf /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.1.so.0 /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
-
Known limitations
-
Special characters:
The comma character "," is not allowed to be used in attributes for Subject RDN, Subject AltName or Issuer RDN, that is, Title in Subject RDN. Since this character is used as delimiters there are in practice too many possible problems with implementations that cannot seperate the use of commas as characters from the use as delimiters. -
ECC (Elliptic-Curve Cryptography):
The ECC algoritms are fully implemented in PKCS#11, Plugin, KSP, and MiniDriver, but are not available in CSP (not allowed by Microsoft) and CryptoTokenKit (not implemented). The ECC algorithms are fully implemented for soft tokens. The ECC algorithms are fully implemented for some smart cards. Most smart cards lack the support, but missing implementation for some of the smart cards that have the support. -
Net iD Portal with web-extension:
Running Net iD Portal with web-extension in Edge, Chrome and Firefox requires Net iD Portal GUI v1.9.47 or newer. -
Net iD Portal with Mifare support:
Running Net iD Portal with Mifare support and PaperCut integration requires Net iD Portal GUI v1.9.51 or newer. -
RemoteConnect to already logged in Console:
RemoteConnect to already logged in Console session will result in user certificate mover not being able to restart. Logout and login again to resolve issue. -
Minidriver:
Limited support. Due to limitations each Minidriver customer use case requires evaluation. Most likely there is no need for Minidriver, use Net iD KSP instead. -
Soft token: No upgrade support from v1.0.3 due to major change in migration from Net iD Enterprise.
-
mTLS with soft token on macOS:
No support due to CryptoTokenKit limitations. -
Autorenew:
Net iD Portal setup required. Limited token support. -
Pre-login:
Proof of Concept. Requires Net iD Portal v5.8.6 and Net iD Access Server 3.0.0. Limited token support. -
Citrix VDI virtual channel:
Virtual channel can only be established after login to a Citrix VDI client OS session. Meaning FAS is required for now to achieve SSO login to a Citrix VDI client OS. -
Azure AD joined PC:
Net iD Client Full Credential Provider cannot be used on Azure AD joined PC. Pass-through Credential Provider, limited functionality, will be used instead.