Closed Bug 280552 Opened 20 years ago Closed 19 years ago

Client authentication dialog cannot be disabled with KPKCS11 security module

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: richterd, Assigned: bugzilla)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

We use a portal (no way to give a link; sorry) that utilizes the KPKCS11
security module from http://www.citi.umich.edu/projects/kerb_pki/.  This type of
authentication involves utilizing short-term credentials generated from
long-term kerberos creds; the short-term cert has an unchanging, user-specific
filename.

Whenever a page is loaded, a "Client AUthentication" dialog appears, prompting
"Select the certificate to use when connecting" and then giving what I presume
to be a graphical file-chooser with OK, Cancel, and Details buttons.

Nothing at all is visible in the dialog; I don't know if the security module is
responsible for exporting likely certificate names or if Firefox guesses. 
Nevertheless, there isn't a real file-chooser; OK and Cancel do nothing but
close the dialog; Details does nothing at all.  Even though I could provide a
filename, I have no way to.

The only options in Preferences are to give a default cert or prompt the user
every time.  There should be a no-prompt option, since the security module
doesn't need any help.  Attempts to disable this in about:config did nothing.

Because of this, Firefox itself now spawns more pop-ups than it blocks.

Reproducible: Always

Steps to Reproduce:
1. Load any page on a site that requires the KPKCS11 module.

Actual Results:  
As described in "Details".

Expected Results:  
1. give a "no-prompt" option; Mozilla, e.g., behaves like this.
2. give a real file-chooser if the user wants to specify a default certificate.
This works here from Firefox with the kpkcs11 module from Umich. You need the
Tools -> Options -> Advanced -> Certificates -> Client Certificate Selection
option set to 'Select Automatically'

Our setup here has our servers, and our client certificates, share a common root
CA. I'm not sure if that helps with the selection process or not.
I am now using:

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050715 Firefox/1.0.6
SUSE/1.0.6-4.3

The problem no longer exists; indeed, 'Select Automatically' is now behaving as
expected.  Sorry to have bothered you.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.