Identity Assurance Solution 3.0.1 Readme File

July 17, 2007

1.0 Documentation

The following sources provide information about the Identity Assurance Solution:

2.0 Documentation Conventions

In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.

A trademark symbol (® , TM, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark

3.0 Overview

Identity Assurance Solution by Novell® enables federal agencies to comply with the credential issuance, physical and logical access requirements of Homeland Security Presidential Directive 12 (HSPD-12). This solution provides convenient yet controlled access to disparate logical IT systems and physical facilities by using combinations of biometrics, passwords, personal identification numbers, smart cards, X.509 digital certificates, and other forms of advanced authentication. It is fully integrated with Novell Identity Manager and meets FIPS 201 workflow, identity management, and card life cycle requirements. Personal Identity Verification (PIV) cards issued using this solution enable users to have physical and logical access to facilities and IT systems. This solution enables convergence of IT and physical systems to provide a complete end-to-end and seamless control system.

4.0 Known Issues

Do Not Use Enter Key When Requesting Applicant Card

When requesting a card for an applicant, you can type information in the Delivery Place Info and Physical Characteristics fields, but do not use the Enter key. A hotfix is available for this problem. Contact Novell Technical Support.

Required Browsers for IAS Workflow

Use Firefox* 1.5.x or Internet Explorer 6x or later when running IAS Workflow.

LDAP Special Characters Not Allowed in User Distinguished Names or Contexts

The following LDAP special characters are not permitted in User Distinguished Names or contexts:

, + ” \ < > ;

Using these characters will cause forms to not be auto-populated with default values, and fail to be submitted.

An error similar to the following will be displayed if any of the above characters are used:

Sponsor: Script error in idvault.globalQuery(): Service returned error. Return code=500, Message=Error encountered while executing the service globalquery: {1}., Throwable=Ldap error querying for results. Error: javax.naming.InvalidNameException: O=IasTest: [LDAP: error code 34 - NDS error: illegal ds name (-610)]; remaining name 'O=IasTest'

Reset User Workflow Displays Blank Values in the No Fingerprint Field.

When an authorized user accesses the Reset User workflow, the No Fingerprints field displays a blank value, indicating that the attribute is unpopulated, even though the fipsNoFingerprints attribute has a value of either TRUE or FALSE.

User Selection Box in the Sponser New Applicant Workflow Displays Undefined When Multiple Usernames are Found by the Search

When searching for a user in the Sponsor New Applicant workflow using a Firefox browser, the selection box displays “undefined" for each user name found. This selection box should allow you to select a user by his or her username when the search returns more than one candidate user. Being unable to see usernames in the box requires the sponsor to choose each user individually and view the user’s data in order to find the desired user.

5.0 Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2007 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page and one or more additional patents or pending patent applications in the U.S. and in other countries.

Novell is a registered trademark of Novell, Inc. in the United States and other countries.

SUSE is a registered trademark of Novell, Inc., in the United States and other countries.

All third-party trademarks are the property of their respective owners.