Packaging of BankID

Finally!

After some years of repackaging the Nexus Personal or BankID application from their EXE format to a customized MSI for the customers, BankID finally releases the application in MSI format.

A swedish link to a page with both a Swedish and an English PDF document about deployment in enterprise environments: http://www.bankid.com/rp/bankid-sakerhetsprogram/

The MSI can be downloaded from the regular site: http://install.bankid.com

The current release is 4.19.0 and has a new automatic update function since version 4.18.1, all described in the PDF document above. The customers that I have is still locked down in their Windows so I would prefer to remove this update function to avoid helpdesk calls…

I am in the progress of verifying that the following change in %programfiles%\Personal\config\personal.cfg will remove the automatic updates:

[AutoUpdate]
HandleFirstPollDate=0
NextPollingTime=99999999999999999999999999999999

Other settings

Two other settings I like to configure for enterprises in older releases than 4.16 and doesn’t have BankID on smartcards is to allow the user to export the BankID to the old .p12 format instead of the new and better/safer .nge format. As you might have seen, the .nge format must be placed on a USB drive, and that is not always available, certainly not from all XenApp/VDI environments.

The benefit with this method to allow .p12 is that the user can save it to a folder on their homedrive, so you always have a backup of it in the corporate fileserver and you can use it on many computers.

And you can tell BankID to search for a BankID in a specific folder, so if it exists a .pk12 BankID in the folder, it will automatically be imported!

These are the changes I do in the central file %programfiles%\Personal\config\personal.cfg:

[Personal]
ExportType=1

[P12_usage]
Enabled=1

[P12_points]
p1=H:\MyCerts

So when the user starts BankID for the first time, it will use the central personal.cfg as a template and save it to %AppData%\Personal\Config\personal.cfg

I would recommend to do all of these settings in a MST file to the downloadable MSI file.

The last thing I always do before deploying the package to the test group, I test my BankID on this site: https://test.bankid.com/testbankidcom/

 

This entry was posted in Application Packaging and tagged , . Bookmark the permalink.

5 comments on “Packaging of BankID

  1. Daniel on said:

    Thanks for you blog and information regarding BankID in corporate enviroments.
    Dig your name too! ;)

    Got a couple of questions regarding the “new” .ngp (nge?) format and USB requirements for import/export of certificates.
    Is it not possible to just copy the files (.ngp) and place them in the right directory anymore, or what is the USB export/import function used for? Safety ? What happens if you just copy the certificate files between computers/bankID installations?

    How do you use BankID certificates on file, in terminal server enviroments, logging in from serveral differents but using/sharing the same certificate?

    Problem: Running BankID (4.19.1) on terminal servers/Citrix enviroment, with users being dynamically logged in to 5 servers. Each server has it’s own installation of BankID, and %appdata% is set to the users homeshare “u:\ApplicationData\Personal\Store”

    Problem 1: Some BankID sites (skatteverket) sometimes complain of to old version of BankID, although we’re running the latest version of it. (4.19.1) just plain weird…

    Problem 2: If you manage to log on to a site, sometimes the Personal.exe hangs/locks all other applications. Happens after you’ve entered the pin code, and you manually have to kill the process (personal.exe).

    Problem 3: If you actually manage to log in, the webpage is blank when trying to sign/send/accept certain functions that require the pin code in step 2 (after login) with BankId.

    4: Sometimes it just work ;) but testsite @ test.bankid.com also sometimes shows error messages.

    Unfortunately, no dummy certificates is available from BankID and you have to use users real certificates/pin-codes.
    Question: Whate are the USB export/import requirements for really?

    Windows 2003/Citrix presentation/xenapp 4.6/IE8. Haven’t tested using the different check-boxes in BankID.

    Cheers!
    Another Daniel

  2. Another Daniel.. on said:

    Thanks for you blog and information regarding BankID in larger corporate enviroments.

    Got a couple of questions regarding the “new” .ngp (nge?) format and USB requirements for import/export of certificates on file.
    Is it not possible to just copy the files (.ngp) and place them in the right directory anymore, or what is the USB export/import function used for? Safety ? What happens if you just copy the files?

    We’ve got some strange intermittent errors using the latest version (4.19.1) ranging from hanging process (personal.exe), error messages of the client being to old, or blank screen when signing/confirming. Sometimes it just works though.

    We’re running terminal servers/Citrix enviroments, and using the home-directory for the .ngp file but with several local installations of BankID on each server. BankID testsite sometimes work, but sometimes gives error messages. Certificate errors or something else?

    No dummy certificate available from BankID so you need real certificates/pin-codes to actually carry out tests.
    Question: Whate are the USB export/import requirements for. BankID support vas very vague trying to explain the issue.

    Thank you!

  3. Mikael Karlsson on said:

    I have no problem to make a thinapp out bankid. The application finds the card reader and the data on the smartcard. My problem is that the application is NOT found by the web browser when trying to use/test the bankid.

    The Thinapp is built in writecopy mode and is runned as full install on my vdi. Version of Bankid is 4.19.3.

    Tips?

    • Hello Mikael,
      I have seen this issue. The new update function is a bit tricky. Some sites use this value as a check if they have a valid version.
      I would recommend not changing NextPollingTime in personal.cfg

      try setting NextPollingTime to 10 or in the GUI, go to Help > Search for Updates. This action will create “Ticket” and “BestBefore” in personal.cfg, then the browser might find your BankID.

      The next tip is to verify that the plugin is loaded at all…

      /Daniel

      • Mikael Karlsson on said:

        It did not solve my problem.. Would it be ok to describe the whole build step by step?

        One thing i had to do to get the USB dongle to work is to add the driver both to my master image and also install it in the thinapp package. This makes the dongle work, but it also gives me an error that the driver could not be installed when i plug it in.

        It would be nice if you could share your package.ini file, maybe send it by email?

Add Comment Register



Leave a Reply

Your email address will not be published. Required fields are marked *

*


+ nine = 14

* Copy This Password *

* Type Or Paste Password Here *

8,622 Spam Comments Blocked so far by Spam Free Wordpress

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>