I’m trying to set up CIS2 authentication. I’ve got the application set up in the developer site, set my care identity agent to integration and got a INT smartcard. When I put the card in, it authenticates locally fine. But when I run my application to use the CIS2 api, I get taken to the CIS2 Authentication page, select “Smartcard” and I am then presented with an error.
Any ideas?
Hi David, what do you mean that it “authenticates locally”? Do you have an application talking directly to the smartcard? The error indicates that CIS2 Auth can’t communicate with the NHS apps on the device. Ensure that the port redirection service is running as well as the agent application/credential management.
See the troubleshooting pages for smartcards here: https://digital.nhs.uk/services/care-identity-service/setting-up-and-troubleshooting/common-issues
Also ensure that you have allowed third party cookies to CIS2 Auth and not blocked access to localhost services in the browser as described here: https://digital.nhs.uk/services/care-identity-service/setting-up-and-troubleshooting/set-up-and-troubleshoot-credential-management-and-smartcard-connect
If that doesn’t fail, can you capture the network traffic in the browser during authentication and share it via DM with me
Hi, thank you for the reply.
When I meant “runs locally” I meant the credential manager authenticates the smartcard and provides the roles list. When I click OK on that screen, it opens a browser window to the care identity. It’s when I select “Smartcard” and click Continue it returns an error.
When I run the Smartcard diagnostics tool, this is what is highlighted as not working.
You possibly have both smartcard connect and the old IA installed at the same time. Can you uninstall both and reboot before reinstalling smartcard connect. Smartcard connect doesn’t need or run alongside the IA
The “local login” I believe is a redirect to approve the terms and conditions in the old IA which suggests both are still running
Only have Smartcard Connect. Tested in Live to ensure that it was working. All seems fine. Switched to INT to try the test smartcard and got
Hi David, smartcard connect only ever prompts for your pin and roles at the point of auth - the fact you are seeing this before you authenticate indicates the old software is still running?
In live, it does as you describe. When I go to log in, the screen with the authentication options appear. I select Smartcard and then Smartcard Connect pops up asking for pin. That is the behaviour I was expecting.
But when I change the environment to INT and follow the same prompts, when I select Smartcard it gives the 400_645 error.
It looks like the issue itself was actually related to the environment I was running my development IDE under. We have to run visual studio under an admin account but this couldn’t pick up smartcard connect.
