Disable Net iD SSO for a specific application

The SSO feature of Net iD is highly appreciated. But in some scanarios you want a specific applications

Web

In a web scenario with mutual TLS/SSL you can use the Net iD Plugin to logout from the card before the negotiation starts.

web

Test it here:
check_for_smartcard_clearpin.html

Note: Make sure that your Logout-operation does not interfere with other running applications

Traditional clients (exe)

One method is of cause to build you own PIN-dialog and enforce that so the user has to enter PIN no matter if the PIN is cached by Net iD SSO.

You could also call the Net iD Plugin (COM-object) to do Logout just in the web scenario described above.

By maybe the best method is to change the configuration of Net iD to exclude the binary itself from the SSO system

Net iD 5.x

disable_client_exe_cfg

Net iD 6.x

HKEY_LOCAL_MACHINE\SOFTWARE\SecMaker\NetiD\Enterprise\SingleSignOn
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SecMaker\NetiD\Enterprise\SingleSignOn

disable_client_exe

Net iD SSO active, no PIN required  

SSOactive

Net iD SSO active, PIN required even if the PIN is cached

SSOnotactive