Known limitations in Digital Access

This impacts Digital Access versions 6.0.5 and above.

Background:

As per https://datatracker.ietf.org/doc/html/rfc8446#section-4.6.2, and in case of TLS1.3, the client must send post_handshake_auth extension in negotiating TLS connection with the server. 

• Currently this is not supported by Chrome and other browsers, so user certificate authentication method will not work if TLS1.3 is enabled.

Workaround:

• Disable TLS1.3 and use TLS1.2 instead.

This issue is only present on the VMware platform, and not on other virtualization platforms, to our knowledge.

Background:

If you use the network card VMXNET3, there may be an issue with the docker swarm overlay network. The issue is that the swarm containers can ping each other (ICMP protocol), but TCP and UDP fail.

Solution:

Change the network card for all involved servers to E1000. This is done in the VMware configuration of the guest virtual machine.

See also Deploy Digital Access component on Docker.

When using the Nexus GO authentication method, Digital Access requires a tmp folder - java.io.tmpdir. This is configured through an environment variable which is not present in DA 6.4.0 onwards. You can configure this by using the work-around described below.

Configure the environment variable

1. Add the following to the environment section for all policy services in docker-compose.yml:
   
   

   environment:

     - java.io.tmpdir=/var/tmp/

2. Restart the docker stack.