Open
Bug 531379
Opened 16 years ago
Updated 3 years ago
Aladdin eToken users are allways prompted for a password even when token supports SSO
Categories
(Firefox :: Security, defect)
Tracking
()
NEW
People
(Reporter: fbreedijk, Unassigned)
Details
Attachments
(1 file)
|
20.37 KB,
text/plain
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
In the Aladdin eToken driver there is an option to enable SSO. This means that when a correct pin is used to log into the token, the token can then be used without a password. However, Firefox does not seem to obey this. User is allway prompted for the "Master password" of the token wheneve the token is accessed.
I have talked to eSafe support and they indicate that: "
November 25, 2009 2:33:13 PM from eToken Tech Support to All Participants: It seems the following:
November 25, 2009 2:33:34 PM from eToken Tech Support to All Participants: We have a function in our Cryptography world which is called "C_Login"
November 25, 2009 2:33:41 PM from eToken Tech Support to All Participants: This is how you login to the token
November 25, 2009 2:33:59 PM from eToken Tech Support to All Participants: Now - most products uses "C_Login Null"
November 25, 2009 2:34:29 PM from eToken Tech Support to All Participants: Which means that they're trying to authenticate with no password - if they get rejected, we pop-up for a PIN dialog
November 25, 2009 2:35:07 PM from eToken Tech Support to All Participants: Now, Firefox, unlike most other applications, uses PKCS#11 and actually forcing "C_Login" without Null
November 25, 2009 2:35:22 PM from eToken Tech Support to All Participants: Which means that each time they're doing a login operation, a login is required.
November 25, 2009 2:36:12 PM from eToken Tech Support to All Participants: Once the Firefox Logs in once to the token - it'll always try to re-login to it upon launch of the Firefox session.
November 25, 2009 2:37:09 PM from eToken Tech Support to All Participants: Firefox is not checking if they can get the certificate which is stored on the token without a PIN - they're trying to do a login directly with a PIN.
"
Reproducible: Always
Steps to Reproduce:
1.Make sure PKI Client has SSO enabled
2.Insert token en log into the token
3.Start firefox
4. Visit an HTTPS page
5. Password dialog
Actual Results:
I was prompted for the token password
Expected Results:
Token would be used without password dialog as SSO is on
|
Reporter | |
Comment 1•16 years ago
|
||
|
||
Comment 2•15 years ago
|
||
Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode? If not, please close. These links can help you in your testing.
http://support.mozilla.com/kb/Safe+Mode
http://support.mozilla.com/kb/Managing+profiles
You can also try to reproduce in Firefox 4 Beta 8 or later, there are many improvements in the new version, http://www.mozilla.com/en-US/firefox/all-beta.html
Whiteboard: [CLOSEME 2011-1-30]
|
|
Reporter | |
Comment 3•15 years ago
|
||
Yes, the behaviour hasn't changed in either 3.6.13 or 4 Beta 8. even if the token is authenticated on the OS level FireFox will continue to prompt for the PIN.
|
|
Reporter | |
Updated•15 years ago
|
OS: Windows Vista → Windows 7
|
|
||
Comment 4•15 years ago
|
||
No reply, INCOMPLETE. Please retest with Firefox 3.6.13 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INCOMPLETE
|
|
Reporter | |
Comment 5•15 years ago
|
||
I have deleted my profile and recreated a new one. The device now doesn't prompt for a password, but is also not used in certificate selection.
When I try to log into e.g. https://sbpvpn.schubergphilis.com/+CSCOE+/logon.html?a0=86&a1=&a2=&a3=1&reason=1 which should as me if I want to present my eToken certificate (I have it set to prompt me) only does that if I manually log into my token first via Tools->Options->Advanced->Security devices
Status: RESOLVED → UNCONFIRMED
Resolution: INCOMPLETE → ---
|
|
||
Updated•15 years ago
|
Whiteboard: [CLOSEME 2011-1-30]
|
|
||
Updated•15 years ago
|
Version: unspecified → 4.0 Branch
|
|
||
Comment 6•15 years ago
|
||
This bug was reported using a pre-release version of Firefox 4. Now that Firefox 4.0.1 final has been released, can you please update and retest your bug? A fresh profile would be a good starting place to test,
http://support.mozilla.com/kb/Managing+profiles. If you continue to see the issue, can you please update this bug with your results?
Filter: firefox4prebugsunco
|
|
||
Comment 7•12 years ago
|
||
I am using latest (v26) firefox version, still encountering the same behaviour.
|
|
||
Comment 8•12 years ago
|
||
UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
|
|
||
Updated•11 years ago
|
Status: UNCONFIRMED → NEW
Component: General → Security
Ever confirmed: true
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•