Skip to main content
Skip table of contents

Known limitations in Digital Access

This article describes the known limitations in the released versions of Digital Access.

User certificate authentication method does not work when TLS1.3 is enabled

This impacts Digital Access versions 6.0.5 and above.

Background:

As per https://datatracker.ietf.org/doc/html/rfc8446#section-4.6.2, and in case of TLS1.3, the client must send post_handshake_auth extension in negotiating TLS connection with the server. 

  • Currently this is not supported by Chrome and other browsers, so user certificate authentication method will not work if TLS1.3 is enabled.

Workaround:

  • Disable TLS1.3 and use TLS1.2 instead.
Known issue with the network card VMXNET3 on VMware virtualization platform

This issue is only present on the VMware platform, and not on other virtualization platforms, to our knowledge.

Background:

If you use the network card VMXNET3, there may be an issue with the docker swarm overlay network. The issue is that the swarm containers can ping each other (ICMP protocol), but TCP and UDP fail.

Solution:

Change the network card for all involved servers to E1000. This is done in the VMware configuration of the guest virtual machine.

See also Deploy Digital Access component on Docker.

Nexus GO authentication fails after upgrade to DA 6.4.0 or above

When using the Nexus GO authentication method, Digital Access requires a tmp folder - java.io.tmpdir. This is configured through an environment variable which is not present in DA 6.4.0 onwards. You can configure this by using the work-around described below.

Configure the environment variable

  1. Add the following to the environment section for all policy services in docker-compose.yml:

    environment:

      - java.io.tmpdir=/var/tmp/

  2. Restart the docker stack.



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close