Environment
Situation
A new user logging on to the domain starts SecureLogin and receives the following message:
The smart card does not contain any certificates that match the certificate selection criteria.
Resolution
This issue is typically caused by the following:
- Configuration of security settings relating to smart cards when cards are not being used
- The selection criteria specified is invalid
- SecureLogin was not installed with smart card support enabled and the correct configuration (e.g. PKCS #11 .dll).
The certificate selection criteria preference is used by NSL to search for a valid certificate if SSO data is being used to encrypt SSO data.
The certificate selection criteria determines which certificate to select if multiple certificates exist on the smart card.
If only one certificate is stored, leave the field blank and it will be detected automatically.
No special formatting is required and the search string is case insensitive. Wildcards are not used and it will match if the search text is a substring of the certificate subject field.
NSL attempts to match against the certificate Subject, then Issuer and finally Friendly Name in that order.
For example:
If the Subject is:
CN=Nick Katsivelos OU=London DC=undiscovered DC=com
London would be a valid search value, as would undiscovered and com. The CN=, OU= or DC= are not required.
If the Issuer is:
CN=IssuingCA1 OU=AD DC=undiscovered DC=com
IssuingCA1 would be a valid search value, as would AD, undiscovered and com etc.
Set the smart card security settings back to Default if smart cards are not used.