none
FIM 2010 Certificate Management - How to create Gemalto .NET SmartCards with FIM?! RRS feed

  • Question

  • Having some problems with FIM 2010 CM and would like to hear if anyone has any guidance or have done some kind of guide how to get these gemalto.net cards working with FIM 2010 CM...

    Some chalenges:

    - How to force the admin pin change from the default

    - How to print the user pin (random)

    Google doesn't help very much...

    Thursday, January 31, 2013 8:32 AM

Answers

  • On Thu, 31 Jan 2013 08:32:49 +0000, narcoticoo wrote:

    Having some problems with FIM 2010 CM and would like to hear if anyone has any guidance or have done some kind of guide how to get these gemalto.net cards working with FIM 2010 CM...

    The Gemalto .NET cards are standard Base CSP cards and I've done a number
    of FIM CM deployments and never had any problems with them.

    There is loads of documentation on TechNet on FIM CM. I can address your
    two specific questions below, if you have any others, feel free to post
    them.

    Some chalenges:

    - How to force the admin pin change from the default

    In the Profile Template, in the Profile Details, click Smart Card
    Configuration and then enable the Diversify Admin Key check box.


    - How to print the user pin (random)

    Create your PIN letter template using MS Word. Save it on the FIM CM server
    using the Filtered HTML format. The variable for the PIN is {SCPIN}.

    In the Profile Template, in the Profile Details, click Smart Card
    Configuration and then set the User PIN policy to Server Distributed.

    In the Enroll policy, configure the Document Printing section.


    Paul Adare
    MVP - Forefront Identity Manager
    http://www.identit.ca
    Nice computers don't go down.

    Thursday, January 31, 2013 10:11 AM

All replies

  • On Thu, 31 Jan 2013 08:32:49 +0000, narcoticoo wrote:

    Having some problems with FIM 2010 CM and would like to hear if anyone has any guidance or have done some kind of guide how to get these gemalto.net cards working with FIM 2010 CM...

    The Gemalto .NET cards are standard Base CSP cards and I've done a number
    of FIM CM deployments and never had any problems with them.

    There is loads of documentation on TechNet on FIM CM. I can address your
    two specific questions below, if you have any others, feel free to post
    them.

    Some chalenges:

    - How to force the admin pin change from the default

    In the Profile Template, in the Profile Details, click Smart Card
    Configuration and then enable the Diversify Admin Key check box.


    - How to print the user pin (random)

    Create your PIN letter template using MS Word. Save it on the FIM CM server
    using the Filtered HTML format. The variable for the PIN is {SCPIN}.

    In the Profile Template, in the Profile Details, click Smart Card
    Configuration and then set the User PIN policy to Server Distributed.

    In the Enroll policy, configure the Document Printing section.


    Paul Adare
    MVP - Forefront Identity Manager
    http://www.identit.ca
    Nice computers don't go down.

    Thursday, January 31, 2013 10:11 AM
  • Hi Paul and thanks!

    I'll test the things you mentioned... still some open questions about printing the cards... I can print a card with Datacard SP75 but I'd like to add the certificate to the card during the process. Our printer has optional smart card reader in it, but I'd like to know is there any way to tell FIM to put the certificate to the card with the printer? Now it works like this: Print Card -> Card Prints -> FIM asks to put the card to the reader (some reader which is connected to the enrollment PC) for enrollment... so now we have to print the card, take the card out of the printer and put it in another reader for the enrollment... any ideas?

    Monday, February 4, 2013 6:36 AM
  • On Mon, 4 Feb 2013 06:36:03 +0000, narcoticoo wrote:

    I'll test the things you mentioned... still some open questions about printing the cards... I can print a card with Datacard SP75 but I'd like to add the certificate to the card during the process. Our printer has optional smart card reader in it, but I'd like to know is there any way to tell FIM to put the certificate to the card with the printer? Now it works like this: Print Card -> Card Prints -> FIM asks to put the card to the reader (some reader which is connected to the enrollment PC) for enrollment... so now we have to print the card, take the card out of the printer and put it in another reader for the enrollment... any ideas?

    How exactly are you initiating the printing process?

    This may help:

    http://social.technet.microsoft.com/wiki/contents/articles/how-to-print-a-smart-card-using-fim-certificate-management-and-id-works-software-v6-5-or-v5-1.aspx?Sort=MostUseful&PageIndex=1


    Paul Adare
    MVP - Forefront Identity Manager
    http://www.identit.ca
    Why do we want intelligent terminals when there are so many stupid users?

    Monday, February 4, 2013 7:06 AM
  • That's exactly how I've implemented it...

    The process is iniated from the certificate management portal (enroll user smart card)... and like I explained it goes like this:

    1. I start do to the enroll, find the user and iniate the enrollment process from the portal
    2. FIM asks for smart card to be inserted (have to use external smart card reader, it does somekind of check if the card is in use or something?!)
    3. I click Print Card and the card is printed from the Dataplus
    4. FIM asks to put the card to reader (external has to be used again!) to enroll the certificate to the card

    Now the problem in this process is that why can't I just insert the card in to the printer and it should print AND put the certificate on the card during the time it's in the printer, because our printer has the reader inside it... This has something to do with the workflow how FIM commands the printer?

    Tuesday, February 5, 2013 3:59 PM
  • Anyone?!
    Friday, February 8, 2013 3:21 PM
  • I'm still wondering am I the only one using Dataplus printer?

    Still needing help to my problem described above...

    Friday, March 22, 2013 9:32 PM