In comparison to simply using passwords, two-factor authentication with a smartcard or smart token offers an additional layer of security. When configuring login with a smartcard, you have to define smartcard middleware to be used. In this area of the IGEL Setup, you select the middleware (PKCS#11 module) which matches your card or your token. Alternatively, you can specify here your own PKCS#11 module.

The middleware selected here will be used for the following logins:

For more information on smartcard authentication in IGEL OS, see the how-to Smartcard Authentication in IGEL OS.

If you use IGEL smartcards, see Authentication with IGEL Smartcard.

Menu path: Security > Smartcard > Middleware

For smartcard authentication to Citrix and Active Directory / Kerberos, you can use several middleware libraries at the same time. The concurrent usage of multiple smartcard middleware libraries may be required, for example, if multiple users with different smartcard types must have access to the device.

Note: If no middleware is activated, OpenSC is used as a fallback.

Gemalto SafeNet

The middleware for Gemalto/SafeNet eToken, IDPrime smartcards and Token is used.

cryptovision sc/interface

The middleware for cryptovision smartcards is used.

Gemalto IDPrime

The middleware for Gemalto IDPrime smartcards is used.

Enable this Gemalto middleware when you want to operate Gemalto Common Criteria devices in unlinked mode.

Athena IDProtect

The middleware for Athena IDProtect smartcards is used.

A.E.T. SafeSign

The middleware for SafeSign smartcards is used.

SecMaker Net iD Enterprise

The SecMaker Net iD Enterprise middleware, formerly known as "Secmaker Net iD", is used.

Enable this SecMaker middleware if you use Net iD implementation with CID (Certificate Identity Declaration).

SecMaker Net iD Client

The SecMaker Net iD Client middleware is used. SecMaker Net iD Client is the next generation of Net iD Enterprise, see

The SecMaker Net iD Client must also be installed on the server side.


The middleware Coolkey is used.


The middleware OpenSC is used.


The 90meter middleware is used.

Licensed Feature

This feature requires an add-on license; see Add-On Licenses. Please contact your IGEL reseller.

Custom PKCS#11 module

The PKCS#11 module stored under the Path to the library is used. See also Using a Custom PKCS#11 Library.

In case of the installation of a custom PKCS#11 library, the file(s) (in .so format) must be placed on the endpoint device either via UMS file transfer or Custom Partition.

The use of the /wfs folder is NOT recommended because of its space limit.

Path to the library

Path to the custom PKCS#11 module. Example: /usr/lib/pkcs11/[name of the library].so