Windows Hello doesn't work
Categories
(Core :: Security: PSM, defect)
Tracking
()
People
(Reporter: code.5772156649, Unassigned, NeedInfo)
Details
Attachments
(2 files)
p1.tif
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.18 Safari/537.36 Edg/75.0.139.4
Steps to reproduce:
Using x64 build 67.0b17 on Windows 10 (enterprise version 1903, build 18361.1)
Repro:
* make sure you're connected to the domain and login with PIN works
*just in case, set security.enterprise_roots.enabled (I don't think it's related)
* log in to an internal site that requires AAD authentication (a site where you can use Windows Hello in Edge or Chrome)
Actual results:
See picture 1 - AAD auth prompt offers "sign in with PIN or smartcard"
See picture 2 - when you click on on it, Firefox complains that "No valid client certificate found in the request."
Expected results:
Similar experience to Edge/Chrome
|
Reporter | |
Comment 1•6 years ago
|
||
|
|
Reporter | |
Comment 2•6 years ago
|
||
One of the few related articles, see https://news.thewindowsclub.com/firefox-66-to-come-with-windows-hello-support-94380 states that it should work, doesn't look like they were correct.
|
||
Comment 3•6 years ago
|
||
I don't think this is using Web Authentication. Given the language around submitting Client Certificates, which are a different thing, I think this is actually a client cert bug.
Do you have any client certificates installed in Firefox? You might need to import them directly using the Firefox Certificate Manager, potentially exporting them as PKCS12 files from Windows in the process.
https://www.jscape.com/blog/firefox-client-certificate seems a general overview of importing, whereas https://certsimple.com/help/windows-export-pem-private-key seems accurate-ish about exporting pkcs12 files from Windows.
|
||
Updated•6 years ago
|
Description
•