Installation Guide: SmartSignatur GlobalID Kiosk Client

Installation Guide: SmartSignatur GlobalID Kiosk Client

v0.1

Planning and Overview

This Installation Guide provides instructions for installing the SmartSignatur GlobalID Kiosk Client product.

SmartSignatur GlobalID Kiosk Client consist of the following components:

  • Kiosk Client installation

  • Kiosk Client configuration

  • Kiosk Client Group Policies Settings

Overview

 

Requirements

Operating Systems

SmartSignatur GlobalID Kiosk Client has been tested on Windows 10, with latest service pack.

SmartSignatur GlobalID Kiosk Client should also work on Windows 7 and 8, but this is untested.

SSES Server

The SmartSignatur GlobalID Kiosk Client must be configured with a SSES server version 4.x or higher.

Smart Cards

SmartSignatur GlobalID Kiosk Client supports the following standard cards/crypto chips:

  • ATOS CardOS: M4.01A / V4.2 / V4.2B / V4.2C / V4.3 / V4.3B / V4.4 / V5.0 / V5.3

  • Gemalto: TOP IM GX4, Classic V3

  • HID: Crescendo C700

  • HID: iCLASS Px G8H

  • Infineon: JCLX80 jTOP / SLJ52 (Dolphin) / SLJ52 (Trusted Logic)

  • Microsoft: Virtual Smart Card

  • NXP: JCOP V 2.1 / V2.2 / V2.2.1 IDptoken 200 / V2.3.1 / V2.4 / V2.4.1 / V2.4.2 R1+R2+R3 / V2.4.2 R3 SCP 03 / 3.0

  • Atos/Siemens: CardOS M4.01a / V4.3B / V4.4

  • TCOS: Signature Card 1.0 / 2.0

  • NXP Mifare® / Desfire®

Card Readers

SmartSignatur GlobalID Kiosk Client supports any PC/SC contact or NFC reader that support the card types above and is supported by the OS.

Including NCF ISO 18092 & 14443 / 13.56Mhz contactless technology.

Crypto Interfaces

  • PKCS#11 from Cv Cryptovision version 6.x and 7.x or newer.

  • PKCS#11 from Charismathics version 5.4 or newer.

  • Cryptography API Next Generation (CNG) and its fore-runner Microsoft Cryptographic API (MS CAPI). CNG includes the concept of Smart Card Minidriver.

  • CryptoTokenKit (CTK) framework for macOS, including the concept of Crypto Token Drivers.

Card Printers

SmartSignatur GlobalID Kiosk Client supports the following Fargo Card Printers:

Printer

Notes

DTC1250e

Optional SmartCard Encoder is needed

DTC1500

 

DTC4250e

 

DTC4500e

 

DTC5500LMX

 

DTCii

 

HDP5000

 

HDP5600

 

HDP6600

 

HDPii

 

HDPii Plus

 

HDP8500

 

 

Kiosk Client Installation

Select or de-select the components of the SmartSignatur GlobalID Kiosk Client Installer.

 

Select the install path for the SmartSignatur GlobalID Kiosk Client.

The installer runs and might start multiple sub installers.

Installation is completed.

Click “Close” and the SmartSignatur GlobalID Kiosk Client Configurator will be started to complete the configuration.

 

Kiosk Client Configuration

 

When first started the SmartSignatur GlobalID Kiosk Client configurator shows the default values.

 

Configure the options:

SSES URL: The URL for SSES server, normally just replace <host> and <port> to match the customer environment.

Nets URL: is the URL to Nets used for issuing and renewing with private key generation on SmartCard.

LDAP Base OU: root OU of users in LDAP.

API Key and Application: You should get them from the SSES admin/Installer.

Reader (no-fargo): Device name for issue and renew without Fargo Card Printer. 

Enable Fargo Card Printing: Checked if Fargo printer/feeder is used.

Fargo Printer: Printer name for printing the cards.

Fargo Reader: Device name for issue and renew with Fargo Card Printer.

For supporting different types of USB tokens please select “ANY - use the first found reader (for USB token support)”.

Please configure all options and press “Save and Exit”.

Configuration of Windows Policies

This section only applies for the SmartSignatur GlobalID Kiosk Client. These settings should NOT be applied to windows desktop clients. The SmartSignatur GlobalID Kiosk Client installer automatically configures the settings.

Disable “Smartcard Certificate Propagation”

The installer automatically disables this policy. Please do not delete or change the settings afterwards.

Registry Hive

HKEY_LOCAL_MACHINE

Registry Path

SOFTWARE\Policies\Microsoft\Windows\CertProp

Value Name

CertPropEnabled

Value Type

DWORD

Enabled Value

1   (same as not set)

Disabled Value

0

 

Disable “Smartcard Trusted Root Certificate Propagation”

The installer automatically disables this policy. Please do not delete or change the settings afterwards.

Registry Hive

HKEY_LOCAL_MACHINE

Registry Path

SOFTWARE\Policies\Microsoft\Windows\CertProp

Value Name

EnableRootCertificatePropagation

Value Type

DWORD

Enabled Value

1   (same as not set)

Disabled Value

0