Shared environments prerequisites

Technical checklist for shared environments. This page provides an overview of known prerequisites that are required in order to be able to work with the Trust1Connector.

Supported environments

Also take into account the general prerequisites

Windows

Support from Windows 10 and later.

MacOS

Support from macOS 10.3(OS-X High Sierra) and later.

Virtual deskop (Citrix, TeamServer, ...)

Supported. Each instance of the virtual desktop has to install the Trust1Connector API

Virtual applications (Citrix XenApp)

Supported

When using a virtual application, the Trust1Connector Proxy should be installed on the Citrix server. In addition the Windows SmartCard daemon and the smart card redirection should be enabled. Configuration

There is some configuration required to allow access to the smartcard reader from the virtual application.

More info about this can be found at https://helgeklein.com/blog/2013/04/getting-smart-card-readers-to-work-with-citrix-xendesktop/.

Silent installation

The Windows installation can be silently installed using the Windows command prompt

msiexec /i Trust1Connector/x64.msi /qn

To uninstall the Trust1Connector through the Windows command prompt

msiexec /x Trust1Connector-x64.msi /qn

Supported Browsers

The Trust1Connector is designed to be browser independent. However there are some browsers which require some extra information in order to be able to use the Trust1Connector.

Additional configuration

Internet Explorer 11 (Windows 7) (EOL 15 June 2022)

If there is an error stating that TLS1.0 should be enabled (the error will be visible when browsing to info page), configure the Windows machine to allow a higher security protocol. Follow the steps described at https://manage.accuwebhosting.com/knowledgebase/3008/How-do-I-enable-TLS-12-on-Windows-7.html to configure this. If changing the settings for TLS 1.2 only do not resolve the issue, perform the same steps for TLS 1.1.

Chrome v70 +

Supported

Mozilla Firefox v60 +

Supported

Microsoft Edge

In some cases we have observed Microsoft Edge blocking connections to localhost, making it unable to communicate with the installed Trust1Connector instance.

Microsoft runs as a modern Windows app, which means it has network isolation enabled by default for security reasons. However, by default an exception is made for loopback/localhost addresses. This means that on most Edge browsers, communication with the GCL instance will not be a problem.

In specific cases though (exact reasons as yet unknown), it seems that this exception is ignored or not applied correctly, blocking communication with localhost.

If you find yourself in this situation, try the following options to resolve:

A. Enable the loopback option

Open your browser and type about:flags in the address bar. This will open a hidden browser settings menu. Locate the Developer settings and make sure the option to Allow localhost loopback is checked.

The number of options under the Developer settings heading can vary between the different versions of Microsoft Edge, but the localhost loopback option should always be there.

Once the option is enabled, fully close down Microsoft Edge and restart the browser.

If this option was already enabled, try disabling it, restarting the browser and then re-enabling.

Check if this has resolved the issue. If not, proceed to option B.

B. Use the command prompt

Open a command prompt as administrator(!) and execute the following command:

CheckNetIsolation LoopbackExempt -a -n=Microsoft.MicrosoftEdge_8wekyb3d8bbwe

Windows will respond with the message OK.

Restart Microsoft Edge and check if the issue is resolved.

Additional info can be found here:

https://blogs.msdn.microsoft.com/msgulfcommunity/2015/07/01/how-to-debug-localhost-on-microsoft-edge/https://www.ibm.com/support/knowledgecenter/en/SSPH29_9.0.3/com.ibm.help.common.infocenter.aps/r_LoopbackForEdge.html

Antivirus

The Trust1Connector and some installation files are digitally signed. On some machines however the Trust1Connector is flagged/blocked by an antivirus. Disabling the antivirus temporary can allow the user to install the Trust1Connector for some antivirus tools. Below we provide procedures for some antivirus software to be able to install the Trust1Connector.

Antivirus

Whitelisted

Symantec

ESET

Avast

McAfee

AVG

Norton

Bitdefender

Kaspersky

Fortinet

Trend Micro

Comodo Group

If your antivirus is not whitelisted, or if it does not appear in this list, please contact us so that we can add it.

ESET

If the user receives an notification that a script from the Trust1Connector is blocked

The procedure at https://support.eset.com/kb2908/?locale=en_US&viewlocale=en_US can be used to solve the issue.

Permissions

The Trust1Connector requires read and write access on some locations. The parent folders are automatically created if the permissions are correct.

Windows

Location

Require permission

%LOCALAPPDATA%\Trust1Connector

read + write

macOS

Location

Required permission

~/Library/Application Support/Trust1Connector

read + write

Persistence

On shared environments such as Citrix virtual desktop it is advised that some user folders are persisted after logout/reboot of the user. If the application will be kept instead of reinstalling each time the user logs in

Windows

Location

Require permission

%LOCALAPPDATA%\Trust1Connector

read + write

macOS

Location

Required permission

~/Library/Application Support/Trust1Team/Trust1Connector

read + write

Log files

In case of errors, it can be advised to provide logfiles to the support team. The location of these files depend on the OS.

Windows

Location

Description

%LOCALAPPDATA%\Trust1Connector\

Log files of the API application together with the Sandbox

macOS

Location

Description

~/Library/Application Support//Trust1TeamTrust1Connector/

contains log files for api, registry and sandbox

Installation not detected

If the application doesn't detect the Trust1Connector or keeps prompting to download the installation files, a couple of steps can be performed to check if the installation was successful.

Check the installation

On Windows, open the configuration screen and list the installed programs. The Trust1Connector should be listed with it's version.

In the browser

The url below is applicable to the Production version of the Trust1Connector distributed by Trust1Team. If you have a different Trust1Connector, distributed by a different provider, please contact that provider for the correct information.

Open a browser and navigate to https://t1c.t1t.io:51983/info. The response should be similar to

{
    "t1CInfoOS": {
        "architecture": "x86_64",
        "platform": "Mac OS",
        "family": "unix",
        "os": "macos",
        "version": "macOS 11.6"
    },
    "t1CInfoRuntime": {
        "runtime": "rust",
        "version": "1.52.1",
        "dateTime": "2021-10-11 11:59:43.913336 UTC"
    },
    "t1CInfoAPI": {
        "service": {
            "deviceType": "PROXY",
            "distributionServiceUrl": "https://acc-ds.t1t.io/v3_5",
            "dsRegistryActivated": false
        },
        "activated": true,
        "status": "ACTIVATED",
        "cors": [
            "*.t1t.io"
        ],
        "version": "3.5.5",
        "logLevel": "INFO"
    }
}

For the device itself you will get something similar to this (https://t1c.t1t.io:51883/info);

{
    "t1CInfoOS": {
        "architecture": "x86_64",
        "platform": "Mac OS",
        "family": "unix",
        "os": "macos",
        "version": "macOS 11.6"
    },
    "t1CInfoRuntime": {
        "runtime": "rust",
        "desktop": "Aqua",
        "version": "1.52.1",
        "dateTime": "2021-10-11 12:00:49.387483 UTC"
    },
    "t1CInfoUser": {
        "name": "Gilles Platteeuw",
        "username": "gilles",
        "timezone": "UTC",
        "home": "/Users/gilles",
        "tempdir": "/var/folders/md/rtm4znf50734qfrnsxgvh44h0000gn/T/",
        "installedDir": "/"
    },
    "t1CInfoAPI": {
        "service": {
            "deviceType": "DEVICE"
        },
        "activated": true,
        "status": "ACTIVATED",
        "uid": "2e64ffafe40099829f833ac2756b4fcba7fd01c3fa52698e72252a3a62db6e6b",
        "modules": [
            "readers",
            "beid",
            "pkcs11",
            "jcop3",
            "remoteloading",
            "rawprint",
            "emv",
            "airbus",
            "crelan",
            "certigna",
            "certinomis",
            "chambersign",
            "eherkenning",
            "luxid",
            "luxtrust",
            "wacom",
            "fileexchange"
        ],
        "cors": [        
            "*.t1t.io"
        ],
        "version": "3.5.5",
        "logLevel": "INFO"
    }
}

Check the logfile

The logfile can be used for diagnostics, these are located at Log files.

Check the service

Windows

Open the task manager and verify in the details tab that the t1c-launch.exe is enabled

macOS

Open the terminal and enter

launchctl list | grep com.t1t

The output should be similar to

24639	0	com.t1t.t1c.api

Support

Diagnostics

In case the above steps and checks do not resolve an issue, please contact you support channel with diagnostics of your system.

Open a browser of you preference and navigate to https://t1c.t1t.io:51983/info. Copy this data into a text file and include it together with the logfiles

Make sure that the issue that is being reported has been executed right after the gathering of those log files.

Citrix diagnostics

For Citrix environments there are some diagnostic tools available provided by Citrix. Open https://support.citrix.com/article/CTX135075 and install the Citrix Diagnostic Toolkit (CDT). The Citrix Data Packager tool will create a .zip file with all kinds of information about the system and active processes. This .zip file can be send to the support team together with the logfiles and info endpoint data.

PreviousFAQ NextTechnical Support steps

Last updated 1 year ago