Installation BeIDConnect remote desktop or terminal server clients
When the chrome extension is installed for the TS clients, The browser will look into registry in “nativemessaginghosts” for be.bosa.beidconnect to locate the json file. This json file contains the exact location for the binary (beidconnect.exe). For users (non-admins) the browser uses the current_user registry settings. For admin installs, this is HKLM.
For installation on TS and to make beidconnect available to clients, it is best to install the admin version of beidConnect so the binary is installed in program files on the server, so that the native binary becomes available for every client.
In short de steps to follow for a TS or Citrix setup for BeIDConnect. (extension+native client)
1. Install admin version of BeIDConnect: https://eid.belgium.be/en/download/beidconnect
This will install beIDConnect.exe and json files for Chrome and Firefox into C:\Program Files (x86)\BOSA\BeIDConnect\
Also activeX dll will be installed for use with IE. (if ActiveX is desired, make sure clients are allowed to execute ActiveX)
In the picture below you can see the registry setting (for chrome in this case) that is set during the admin install.
2. To enable TS clients to find the native BeIDConnect client, the administrator of the system needs to set this registry setting for the clients [HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts\be.bosa.beidconnect] @="C:\\Program Files (x86)\\BOSA\\beidconnect\\chrome.json”
3. Push Chrome extension to clients (group policies …) https://chrome.google.com/webstore/detail/beidconnect/pencgnkbgaekikmiahiaakjdgaibiipp
4. Ensure that smartcard redirect is enabled, so windows server clients can attach a reader to their local client.
When testing the sign application on the BOSA qa url, when the message “no such native application be.bosa.beidconnect” appears in the console, it is or a missing registry setting in HKCU nativemessaginghosts, or an error in the json file (referred to by that reg-setting)
The json file should contain the complete path of the binary (including double backslash) starting from c:\\
When the pin entry box appears, this means that the connection with the chrome extension and the binary is ok, otherwise you wouldn’t get to this point.