Further remarks concerning third-party components
Oracle DB
- Tablespaces not created by nevisIDM nevisIDM creates everything concerning the DB, except the tablespaces for indexes and the data. This task is usally performed by the administrator of the DB.
MySQL DB
- ExtId Generator Due to incompatibility of MySQL with Oracle SQL Statements, it is not possible to use advanced features for the generation of ext ids when MySQL is used as DB.
- Created data cannot be changed because its primary key is < 100
The data cannot be changed because nevisIDM considers all DB entries with a primary key <100 as required reference data. Patching a nevisIDM MySQL DB for a new nevisIDM version. The necessary DB patch scripts for MySQL are delivered together with new versions of nevisIDM. This support starts with nevisIDM/2.21.3.0, i.e., there are no MySQL DB patch scripts for versions before 2.21.3.0.
adnooprint / OpenOffice (PDF generation)
- Editing OpenOffice templates We strongly recommend using the product OpenOffice Writer for editing the templates. Other products may not support the OpenDocumentFormat in a fully compatible way.
- Installation of fonts
In order for nevisIDM, i.e., OpenOffice, to be able to use specific fonts, the fonts have to be installed on the server where the OpenOffice installation for nevisIDM is located, e.g., in /usr/share/fonts (system-wide font installation). Also refer to the official OpenOffice documentation for further information.
Generated PDF files can be stored in the file system when a credential policy defines the policy configuration parameter sendingMethod=PDFstore, or the OTP card Export method PDF store has been selected on the GUI.
Preconditions:
- nevisIDM configuration parameter printingTargetDirectory must be set correctly
- printingTargetDirectory must be writable by the OpenOffice service
- OpenOffice template must exist in the TemplateStore
File name format:
* *clientName-userLoginId-languageCode-eventName-timestamp.pdf*
Example: "Default-testUser-DE-OTP_initial-1338299296655.pdf"
- Sending PDFs Generated PDF files can be sent to the users by e-mail if a credential policy defines the policy configuration parameter sendingMethod=PDFemail. If the parameter PDFemail.htmlEmail=true in the credential policy, an HTML e-mail will be sent to the user. Otherwise, a plain text e-mail will be sent. The credential value will be propagated only to the PDF document. Therefore, the e-mail template should not contain any placeholders for credential values. Preconditions:
Setup Vasco Digipass tokens
nevisIDM supports challenge/response (C/R) authentication and response-only (OTP) authentication for Vasco Digipass devices. The following steps have to be taken to enable Vasco Digipass tokens in nevisIDM:
- The Vasco Digipass token has to be enabled in the nevisidm-prod.properties: Add/change "vascoTokenEnabled=true"
- Install native Vasco library (aal2sdk-3.11 or compatible).
- Ensure that the library can be accessed by the name "libaal2sdk.so" by either renaming the shared object file of the library or creating a symbolic link. E.g., "ln -s /opt/vasco/VACMAN_Controller-3.11.0/libaal2sdk-3.11.so /opt/vasco/VACMAN_Controller-3.11.0/lib/libaal2sdk.so"
- Add the library path to the vmargs.conf: Add "-Djava.library.path=/path/to/vasco/library", e.g., "-Djava.library.path=/opt/vasco/VACMAN_Controller-3.11.0/lib"
- Add the library path to the environment variable LD_LIBRARY_PATH Execute "export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/path/to/vasco/library", e.g., "export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/vasco/VACMAN_Controller-3.11.0/lib"
- Restart nevisIDM
Upon startup, nevisIDM checks if it can load the Vasco library. You can see in the logs if it fails.
Token administration
Vasco Digipass tokens can be imported and assigned via the nevisIDM Web GUI. There is a new menu called "vasco administration" if the Vasco support is enabled correctly. The Vasco Administration view allows importing new tokens from a DPX file and searching for existing ones.
When selecting the DPX, there are two different files to choose from: "Static" and "Nostatic":
- Static: The user will enter the 4 digit static password, followed by the OTP.
- Nostatic: Only the OTP needs to be given (recommended).
nevisIDM does not yet support setting a new token PIN. Therefore, we recommend nostatic.