Safenet Installation

[Anjali Reyome]

Afterswitching to Windows 7 the part of the installation which installed the drivers for the dongle failed and as a result I could not use the software. The installation failed with message box (entitled "Sentinel Protection Installer - Installer Information" saying:

This was resulting in the license dongle not initiating preventing Flexi from running. to resolve this I located newer drivers for the SafeNet Sentinel USB Dongle from safenet-inc.com. You can download them here -inc.com/Support_and_Downloads/Download_Drivers/Sentinel_Drivers.aspx

Hey! New here & I am experiencing this same issue except the updated drivers aren't working either! Any other suggestions? I am running FlexiMac 8.5 on a new MacBook running Mac OSX 10.6.2. Which driver do I download? None of them say they are specifically for 10.6, just 10.5. I am getting the same error messages as the original poster....

I hadn't, but I read through it and still no luck! I tried calling, but of course my luck...no support on Saturdays! Seriously I am going cross-eyed & ready to pull my hair out with this thing! I've lost track of how many times I've installed/uninstalled.

I just wanted to let you all know that I called Flexi & was emailed an updated download link. I installed it and it works perfectly now! Just thought this might save a few others from pulling their hair out!

This documents serves as a compliment to official product documentation and details deployment and configuration tasks relating to the Windows Login Agent (WLA). Specifically, this document outlines the various command line switches, their properties, values and descriptions for usage with either interactive, silent, local as well as remote installation.

One approach to controlling the choices made to the installer during installation is to run the installation silently with parameters. This allows the customer to set key configuration items such as authentication server FQDN and logon mode.

The following section provides an example of silent installation /quiet switch followed by product settings. A list of key product settings as well as useful generic MSI switches are then provided in the following tables.

The following table outlines WLA specific properties with possible values as well as their explanation (relating mostly to the GUI based options). The wording used here does not match the actual GUI options.

Note that examining the MSI package with logging you will find additional keys/switches that are non-functional, possibly deprecated by Engineering. These include, but are not limited to EXEMPTADMINSCHECK, EXEMPTADMINSCHECK1, KEYFILEPATH, KEYFILE and USEGRIDCHECK.

The use of Microsoft Group Policy or Group Policy Objects (GPO) enables the SafeNet administrator to centrally manage the Windows Logon Agent (WLA) configuration for users and computers in an Active Directory environment.For more information about GPO, please refer to Group Policy Overview

The SafeNet Windows Logon Agent policy settings are stored in a Windows Administrative Template (ADMX) file. The settings can be edited using Windows tools. The settings can be propagated to the entire domain, or be applied to the local computer and domain controllers only.

The PrimaryServiceURL and OptionalSecondaryServiceURL should be set to [Not Configured]. The value of both the settings gets configured via the .agent file

When the WLA is downloaded from STA it bundles a *.agent file containing JSON formatted configuration. By default the agent file will contain the primary and secondary authentication service URL as well as the client secret. With a little bit of skill and luck however the agent configuration in said file can be expanded on to apply additional settings.

The default logon message(s) introduced by the Windows Logon Agent can be tailored to customer needs with messages replaced by modifying language files. This can be achieved either post installation (as seen below) or prior installation (by modifying the MSI package itself).

The following is an example RDP file for a VM in Microsoft Azure. To use this as a template, save the content to a file with the extension .rdp and modify line 23 (highlighted below) with the target IP address.

If the Windows Logon Agent was installed using the provided .exe then you cannot uninstall it using the .msi and vice versa. Doing so may lead to a situation where the agent cannot be fully uninstalled.

Installing with a log file created locally on the target machine is useful for understanding general installation behavior as well as for troubleshooting purposes, but more so in the scope of deployment automation: to understand what key values (properties) of the installation might be manipulated, that is: supplied as installation switches (as discussed in this guide), in a transform, or modified in the package itself.

Attempt to match the Property and its value to provided input or default input during installation. For example you might find that 1 represents a checked box in one UI screen and that s represents a checked box in another screen.

Registry entries for WLA largely reflects GUI options in the Logon Manager app and GPO (ADMX), however some discrepancies exist where more control is available through registry than GUI or Group Policy. This includes but is not limited to the ability to set language file location.

This approach will require changing hashes of files modified or replaced, updating file versions and rebuilding and resigning the MSI. If you only need to set a few parameters on the MSI, please refer to the second example (below) instead. In the example we replace the key file, but the procedure is applicable to other content as well.

This approach is less invasive and only changes property values within the Property table of the MSI. It can be used to set authentication server and various key values (basically anything you can set with external command line switches on the MSI).

The SWIFT 3Skey token management portal requires you to install the SWIFT Token Client and SConnect in order to activate and manage your tokens. Your signature or treasury application may have additional requirements, kindly liaise with the service provider of your application for more information.

The provision and use of the 3SKey solution are governed by the 3SKey Terms and Conditions. Always refer to the latest available version on SWIFT Contracts.

For more information about the features and functions of the 3SKey solution, and your roles and responsibilities as a 3SKey user or 3SKey subscriber or those of SWIFT as the provider of the 3SKey solution, regularly check the latest available version of the 3SKey Service Description on Documentation.

Important: the provision and use of 3SKey tokens are subject to United States export restrictions and other sanction programmes. Persons located in or from Cuba, North Korea, Iran, Sudan or Syria, and persons identified on US government or EU "denied party" or the "Specifically Designated Nationals" lists, are not permitted to possess or use 3SKey tokens.

Click here to accept the 3SKey Terms and Conditions referred to above.

By accepting, you also represent and warrant to SWIFT that you are not subject to any of the export restrictions and other sanction programmes that would prohibit your possession or use of the 3SKey tokens.

You can verify that Sconnect is installed successfully by validating the presence of the SConnect icon in the Command bar of your browser.

Click on the SConnect icon then on the Settings icon on the top right.

Click on About and verify that the extension version is at least 2.13.0.0.

Click on AddOns and verify that the PKCS11 1.6.10.7 and WebSigner 1.4.1.1 add-ons are present.

If the version of SConnect or of the add-ons is not correct please uninstall then reinstall SConnect. Uninstall SConnect Host from the list of installed programs and remove the extension from your browser's Extensions or Add-ons page. You can find complete uninstall instructions here. Then follow the installation instructions above.

You must install the SafeNet Authentication Client middleware in Standard mode (that is, not the BSec-compatible mode). Standard mode is the first option that is presented when you run the middleware installer.

When you set up the SafeNet client tools, you must set the complexity requirement option to None. This option may be labeled Must meet complexity requirements or Password Complexity, depending on the version of the middleware you are using.

Initialization of SafeNet eToken 5100, 5110, 5110 FIPS and 5110+ credentials is protected using an initialization key. Unless the customer has requested a diversified factory initialization key, the tokens are shipped from the factory with a default key, which is already configured in MyID.

Also, if you select the Token Password must be changed on first logon option when performing a challenge/response unlock, when the user logs in to MyID with the unlocked card, they will be prompted to change the PIN. To avoid this, deselect the Token Password must be changed on first logon option when unlocking the smart card.

You must make sure that you have set the credential profile to use the same settings as the SafeNet Authentication Client installation. Check the SafeNet middleware to ensure that the values you use are correct.

3a8082e126