Skip to main content

Further Remarks Concerning Third-Party Components

adnooprint / OpenOffice (PDF generation)

  • Editing OpenOffice templates: We strongly recommend using the product OpenOffice Writer for editing the templates. Other products may not support the OpenDocumentFormat in a fully compatible way.
  • Installation of fonts: In order for nevisIDM, i.e., OpenOffice, to be able to use specific fonts, the fonts have to be installed on the server where the OpenOffice installation for nevisIDM is located, e.g., in /usr/share/fonts (system-wide font installation). Also refer to the official OpenOffice documentation for further information.
    • Storing PDFs in the file system: Generated PDF files can be stored in the file system when a credential policy defines the policy configuration parameter sendingMethod=PDFstore, or the OTP card Export method PDF store has been selected on the GUI.
    • Preconditions:
      • nevisIDM configuration parameter application.modules.printing.dir.target must be set correctly
      • application.modules.printing.dir.target must be writable by the OpenOffice service
      • OpenOffice template must exist in the TemplateStore
    • File name format:
      • clientName-userLoginId-languageCode-eventName-timestamp.pdf* Example: "Default-testUser-DE-OTP_initial-1338299296655.pdf"
  • Sending PDFs: Generated PDF files can be sent to the users by e-mail if a credential policy defines the policy configuration parameter sendingMethod=PDFemail. If the parameter PDFemail.htmlEmail=true in the credential policy, an HTML e-mail will be sent to the user. Otherwise, a plain text e-mail will be sent. The credential value will be propagated only to the PDF document. Therefore, the e-mail template should not contain any placeholders for credential values.
    • Preconditions:
      • OpenOffice template must exist in the TemplateStore.
      • If we want to send an HTML e-mail, an HTML template must exist in the TemplateStore.
      • If we want to send a plain text e-mail, an e-mail template must exist in the TemplateStore.

Setup Vasco Digipass tokens

nevisIDM supports challenge/response (C/R) authentication and response-only (OTP) authentication for Vasco Digipass devices. The following steps have to be taken to enable Vasco Digipass tokens in nevisIDM:

  1. The Vasco Digipass token has to be enabled in the nevisidm-prod.properties: Add/change "application.feature.vascotoken.enabled=true"
  2. Install native Vasco library (aal2sdk-3.11 or compatible).
  3. Ensure that the library can be accessed by the name "libaal2sdk.so" by either renaming the shared object file of the library or creating a symbolic link. E.g., "ln -s /opt/vasco/VACMAN_Controller-3.11.0/libaal2sdk-3.11.so /opt/vasco/VACMAN_Controller-3.11.0/lib/libaal2sdk.so"
  4. Add the library path to the vmargs.conf: Add "-Djava.library.path=/path/to/vasco/library", e.g., "-Djava.library.path=/opt/vasco/VACMAN_Controller-3.11.0/lib"
  5. Add the library path to the environment variable LD_LIBRARY_PATH Execute "export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/path/to/vasco/library", e.g., "export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/vasco/VACMAN_Controller-3.11.0/lib"
  6. Restart nevisIDM

Upon startup, nevisIDM checks if it can load the Vasco library. You can see in the logs if it fails.

Token administration

Vasco Digipass tokens can be imported and assigned via the nevisIDM Web GUI. There is a new menu called "vasco administration" if the Vasco support is enabled correctly. The Vasco Administration view allows importing new tokens from a DPX file and searching for existing ones.

When selecting the DPX, there are two different files to choose from: Static and Nostatic:

  • Static: The user will enter the 4 digit static password, followed by the OTP.
  • Nostatic: Only the OTP needs to be given (recommended).

nevisIDM does not yet support setting a new token PIN. Therefore, we recommend nostatic.