Familiarize yourself with the scope and limitations of
the smart card authentication support.
- IBM® Security
Access Manager for Enterprise Single Sign-On uses
the smart card in read-only mode. The user credential Wallet is not
stored on the smart card.
- The credential Wallet is cached on the workstations protected
by a keypair in the smart card.
- IBM Security
Access Manager for Enterprise Single Sign-On does
not provide card management facilities, such as changing the PIN of
a smart card, personalizing, or unblocking a smart card.
- The users cannot log on with smart card in AccessAssistant.
- If the smart card certificate used for authentication is renewed
by the PKI, the product treats the smart card as unregistered, and
the user must register the smart card again.
- If more than one smart card are attached to the workstation, then AccessAgent cannot
proceed to log on with smart cards.
- If the smart card authentication certificate is a private object
such as the case in DNIe smart cards, then the following limitations
apply:
- Failed logon attempts because of wrong PIN entry is not recorded
in the audit log.
- In Windows Vista or Windows 7, Fast User Switching
(FUS) triggered by inserting a different smart card does not work.
A user must manually click the Switch User navigational
link to trigger FUS.
- ISAMESSO username is not shown in the AccessAgent PIN
prompt screen.