About this release > Known issues

Known issues

This topic contains information about potential issues that you may encounter while using Kofax Token Vault 3.5.0. Workarounds are included, as applicable.

Potential security warning when opening TokenVault from Mozilla Firefox

Even if TokenVault is configured properly with https protocol and a certificate which is added to the Trusted Root Certificates in the Windows certificate store, a potential security risk warning might appear when opening TokenVault from Mozilla Firefox browser. By default, the Mozilla Firefox browser does not trust Root authorities in the Windows certificate store.

Workaround:

Enable the Firefox security.enterprise_roots.enabled feature to allow Firefox to trust Root authorities in the Windows certificate store by performing the following steps:

  1. Type about:config into the address bar of the Firefox browser and accept any warnings if prompted.
  2. Search for the security.enterprise_roots.enabled setting and modify its value to true or, if this setting does not exist, create a new setting with this name and boolean value and set its value to true.
  3. Restart the Firefox browser.

TokenVault configuration migration limitation note

In this release, the TokenVault client configuration has been discontinued, and the role of TokenVault client ID has been taken by the authorization provider ID. This means that instead of a TokenVault client ID, the authorization provider ID must be configured in the client applications for a client application to be able to request authentication tokens from TokenVault.

During the upgrade, TokenVault connector configurations are migrated as authorization provider configurations, and TokenVault client IDs are preserved as authorization provider IDs to avoid reconfiguring client applications. This is only possible for those TokenVault clients where only one TokenVault connector is associated on the client page of the earlier version of TokenVault because the authorization provider IDs must be unique. Otherwise, a new authorization provider ID is generated for the migrated configuration.

This means that the authorization provider IDs must be checked in the TokenVault and in the client applications after upgrading an earlier version of TokenVault, and the TokenVault authorization provider IDs must be configured in the client applications accordingly.