Client Certificate Prompting
Environment:
Windows 2003 Server
IIS 6.0
Java Applets
JVM 1.6
I currently have IIS set to "accept client certificates" and have a valid list in my Certificate Trust List of certificates I want to accept. I also have Windows Authentication set in the event the user does not have a valid client certificate type then they will be prompted for their Windows Login. My problem is that even though they authenticate via Windows they are still being prompted for certificates by the JVM and of course there are none in IEs store.
Is there a way to stop this or is this just a way of life.
I think it is related to the certificate you are using: what are the available CRL's (Certificate Revocation List) in that certificate? You can see that by opening the properties of the cert. The client might want to check the CRL of your CA and has no permission
to do it.
You might want to check if the CRL distribution point as configured in the certification is accessible by the client or generate a different certificate with a different distribution point.
Technical Specialist Microsoft OCS & UC Voice Specialisation - http://www.uwictpartner.be
Similar Messages
-
Slow client certificate prompt on IE - Windows 7, Windows 8
Hi
I would like to ask for help with client certificate authentication and IE. In our company we are using widely smart cards and client certificate authentication for intranet web sites. Everything worked fine until we have started upgrading Windows XP to
newer Windows 7 and Windows 8.
Users have started complaining about very slow certificate selection when web site is prompting for certificate - window containing certificates for selection (client certificates of current user) is appearing after about 30 seconds or even more. After selecting
proper certificate user is entering PIN and web site shows fine.
On Windows XP and IE window containing certificates appears immediately - on Windows 7 and Windows 8 after 30 seconds or more..Maybe the reason is because on current Windows user there are many certificates (20 or more) but it didn't matter on Windows
XP.Please help, because my users never let me to upgrade their Windows XP and they will have good argument - on previous operating system everything worked smoothly - now I have to wait for ages..
Thanks in advance
RegardsHi,
I'm having this issue on Windows XP... it happened after i installed updates, it could be related with some security improvement...
If someone knows the KB number of the update related with this issue i would be very grateful! -
Outlook client certificate prompt
Hi
i have exchange 2010 environment with 2 mailbox & 2 hub/cas server role.
when outlook client connects with exchange server he got certificate prompt. when i saw the certificate he got exchange mailbox certificate.
why he got certificate which is installed on mailbox server
this certificate is a certificate which is generated automatically during installation.
please help. its urgent & critical
thanks in advanced
Anuj GuptaHi,
According to your description, there is a sercurity alert when Outlook client connect to Exchange server. And I'd like to confirm the following information to narrow down the cause:
1. The detail name in the security alert
2. Does the issue happen on internal users or external users?
3. Are all your URLs configured with the name mail.domain.com or other name in the certificate?
Thanks,
Angela Shi
TechNet Community Support -
IOS prompts for a client certificate each time i change webpages on a site
The company intranet is published through a TMG 2010 box and we use client certificates as an extra level of authentication in addition to AD user / pass.
With any PC based browser you are prompted once for the certificate to use, however in IOS 5.1.1 on iphone and ipad we get a prompt each time you go to a new page, safari prompts for the certificate to use however the more times you change the page the more it relists the certificate in the selection window. The certificate you see in the screen shot is installed once. The first time I change the page, safari reprompts and lists 2 certificates (both the same) next time i change the page it then lists the certificate 3, then 4 then 5 times etc. The client certificate is issued directly from the root CA so this isnt the issue of IOS not supporting 2 or 3 tier certificates.
All other PC based browsers work fine and only prompt once then happily reuse that certificate when you change pages without reprompting.We're experiencing the same problem. We are also publishing internal web applications via TMG 2010, using forms based authentication with client SSL certificate authentication.
We see this problem on devices using iOS 5.1.1. Devices with iOS 6 are automatically selecting the client certificate. Unfortunately upgrading to iOS 6 is currently not an option. -
Document Library: Open in Explorer - Client Certificate Selection Prompt
Hello,
when a User in a Document Library clicked on "Open in Explorer" a Window Prompting where the user can choose a Certificate. If the user clicked on Abort (Abbrechen in German) the Library open correct in a Windows-Windows and the user can work.
Clicked the User in the same Webapplication in a other Document Library on "Open in Explorer" no Certificate-Windows prompt. After the next Restart of the Client the Certificate-Windows prompt for the First Time. Is this a WebDav Problem or a wrong
IIS configuration? We use for all Webapplications https.
Thank you
SebastianHi Sebastian,
For troubleshooting your issue, please refer to the steps as below:
1.Open up your IIS manager, go to Sites and select the site which is having the issue.
2.Click on SSL Settings and set Client certificates to Ignore.
Best Regards,
Eric
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Client certificate authentication with custom authorization for J2EE roles?
We have a Java application deployed on Sun Java Web Server 7.0u2 where we would like to secure it with client certificates, and a custom mapping of subject DNs onto J2EE roles (e.g., "visitor", "registered-user", "admin"). If we our web.xml includes:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>certificate</realm-name>
<login-config>that will enforce that only users with valid client certs can access our app, but I don't see any hook for mapping different roles. Is there one? Can anyone point to documentation, or an example?
On the other hand, if we wanted to create a custom realm, the only documentation I have found is the sample JDBCRealm, which includes extending IASPasswordLoginModule. In our case, we wouldn't want to prompt for a password, we would want to examine the client certificate, so we would want to extend some base class higher up the hierarchy. I'm not sure whether I can provide any class that implements javax.security.auth.spi.LoginModule, or whether the WebServer requires it to implement or extend something more specific. It would be ideal if there were an IASCertificateLoginModule that handled the certificate authentication, and allowed me to access the subject DN info from the certificate (e.g., thru a javax.security.auth.Subject) and cache group info to support a specialized IASRealm::getGroupNames(string user) method for authorization. In a case like that, I'm not sure whether the web.xml should be:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>MyRealm</realm-name>
<login-config>or:
<login-config>
<auth-method>MyRealm</auth-method>
<login-config>Anybody done anything like this before?
--ThanksWe have JDBCRealm.java and JDBCLoginModule.java in <ws-install-dir>/samples/java/webapps/security/jdbcrealm/src/samples/security/jdbcrealm. I think we need to tweak it to suite our needs :
$cat JDBCRealm.java
* JDBCRealm for supporting RDBMS authentication.
* <P>This login module provides a sample implementation of a custom realm.
* You may use this sample as a template for creating alternate custom
* authentication realm implementations to suit your applications needs.
* <P>In order to plug in a realm into the server you need to
* implement both a login module (see JDBCLoginModule for an example)
* which performs the authentication and a realm (as shown by this
* class) which is used to manage other realm operations.
* <P>A custom realm should implement the following methods:
* <ul>
* <li>init(props)
* <li>getAuthType()
* <li>getGroupNames(username)
* </ul>
* <P>IASRealm and other classes and fields referenced in the sample
* code should be treated as opaque undocumented interfaces.
final public class JDBCRealm extends IASRealm
protected void init(Properties props)
throws BadRealmException, NoSuchRealmException
public java.util.Enumeration getGroupNames (String username)
throws InvalidOperationException, NoSuchUserException
public void setGroupNames(String username, String[] groups)
}and
$cat JDBCLoginModule.java
* JDBCRealm login module.
* <P>This login module provides a sample implementation of a custom realm.
* You may use this sample as a template for creating alternate custom
* authentication realm implementations to suit your applications needs.
* <P>In order to plug in a realm into the server you need to implement
* both a login module (as shown by this class) which performs the
* authentication and a realm (see JDBCRealm for an example) which is used
* to manage other realm operations.
* <P>The PasswordLoginModule class is a JAAS LoginModule and must be
* extended by this class. PasswordLoginModule provides internal
* implementations for all the LoginModule methods (such as login(),
* commit()). This class should not override these methods.
* <P>This class is only required to implement the authenticate() method as
* shown below. The following rules need to be followed in the implementation
* of this method:
* <ul>
* <li>Your code should obtain the user and password to authenticate from
* _username and _password fields, respectively.
* <li>The authenticate method must finish with this call:
* return commitAuthentication(_username, _password, _currentRealm,
* grpList);
* <li>The grpList parameter is a String[] which can optionally be
* populated to contain the list of groups this user belongs to
* </ul>
* <P>The PasswordLoginModule, AuthenticationStatus and other classes and
* fields referenced in the sample code should be treated as opaque
* undocumented interfaces.
* <P>Sample setting in server.xml for JDBCLoginModule
* <pre>
* <auth-realm name="jdbc" classname="samples.security.jdbcrealm.JDBCRealm">
* <property name="dbdrivername" value="com.pointbase.jdbc.jdbcUniversalDriver"/>
* <property name="jaas-context" value="jdbcRealm"/>
* </auth-realm>
* </pre>
public class JDBCLoginModule extends PasswordLoginModule
protected AuthenticationStatus authenticate()
throws LoginException
private String[] authenticate(String username,String passwd)
private Connection getConnection() throws SQLException
}One more article [http://developers.sun.com/appserver/reference/techart/as8_authentication/]
You can try to extend "com/iplanet/ias/security/auth/realm/certificate/CertificateRealm.java"
[http://fisheye5.cenqua.com/browse/glassfish/appserv-core/src/java/com/sun/enterprise/security/auth/realm/certificate/CertificateRealm.java?r=SJSAS_9_0]
$cat CertificateRealm.java
package com.iplanet.ias.security.auth.realm.certificate;
* Realm wrapper for supporting certificate authentication.
* <P>The certificate realm provides the security-service functionality
* needed to process a client-cert authentication. Since the SSL processing,
* and client certificate verification is done by NSS, no authentication
* is actually done by this realm. It only serves the purpose of being
* registered as the certificate handler realm and to service group
* membership requests during web container role checks.
* <P>There is no JAAS LoginModule corresponding to the certificate
* realm. The purpose of a JAAS LoginModule is to implement the actual
* authentication processing, which for the case of this certificate
* realm is already done by the time execution gets to Java.
* <P>The certificate realm needs the following properties in its
* configuration: None.
* <P>The following optional attributes can also be specified:
* <ul>
* <li>assign-groups - A comma-separated list of group names which
* will be assigned to all users who present a cryptographically
* valid certificate. Since groups are otherwise not supported
* by the cert realm, this allows grouping cert users
* for convenience.
* </ul>
public class CertificateRealm extends IASRealm
protected void init(Properties props)
* Returns the name of all the groups that this user belongs to.
* @param username Name of the user in this realm whose group listing
* is needed.
* @return Enumeration of group names (strings).
* @exception InvalidOperationException thrown if the realm does not
* support this operation - e.g. Certificate realm does not support
* this operation.
public Enumeration getGroupNames(String username)
throws NoSuchUserException, InvalidOperationException
* Complete authentication of certificate user.
* <P>As noted, the certificate realm does not do the actual
* authentication (signature and cert chain validation) for
* the user certificate, this is done earlier in NSS. This default
* implementation does nothing. The call has been preserved from S1AS
* as a placeholder for potential subclasses which may take some
* action.
* @param certs The array of certificates provided in the request.
public void authenticate(X509Certificate certs[])
throws LoginException
// Set up SecurityContext, but that is not applicable to S1WS..
}Edited by: mv on Apr 24, 2009 7:04 AM -
OTP 2FA Problems with DA 2012 R2 and Windows 8.1 Client - Not prompting or OTP Code
Hi
Just seeing if anyone has come across the same issue with their WIn 8.1 clients not prompting for 2FA once configured with DirectAccess 2012 R2?
I have created the 2x OTP certificates, enabled OTP via PowerShell and set up the RADIUS server but whatever happens the Win 8.1 client does not get prompted for 2FA - They connect seamlessly?
I have also configured the DAProbeUser on the RADIUS server
Any help appreciated
ThanksI was afraid that you'll said that
I hate to be the annoying guy but take a look at this KB article:
http://support.microsoft.com/kb/2787534
Applied to: Windows 8\2012,
Doesn't Apply to: Windows 8.1\2012 R2
and - for a fact, doesn't include in Windows 8.1\2012 R2 as this bug still exists in those operating systems.
another annoying fact - No other update was released for these version yet.
this example approves that not every hotfix \ updates that was released for 8\2012 before 8.1\2012 R2, is already included in 8.1\2012 R2
and allow me to add another fact.
when you configure DirectAccess via the remote access wizard it creates a WMI query called
DirectAccess - Laptop Only WMI Filter.
after you create it in Windows Server 2012 R2 - look at the WMI Query and you'll see that by default it doesn't apply to version 6.3! the version for Windows 8.1.
if you want to add the support for Windows 8.1 you have to modify manually the query which is of course, not supported by Microsoft.
That is just another symptom that makes me wonder if Microsoft did ANY change or update to DirectAccess 2012 R2
Tamir Levy -
Client certificate based authentication
We have a JAVA web start application that needs to connect to an apache server and use client certificate based authentication. When javaws initiates a connection with apache server, it tries to retrieve the certificate/key from the PKCS12 keystore to present it to the apache server. We have made this work, however, javaws is prompting user to enter the password for accessing the keystore password. We do not want our users to enter this password and are looking into ways to either supply the password as one of the javaws deployment property or create an unprotected keystore. Both of our attempts have been unsuccessfull. We have tried the following
1. we passed the 3 discussed properties (javax.net.ssl.keyStore,
javax.net.ssl.keyStorePassword, javax.net.ssl.keyStoreType) in Java
Control Panel, according to the following procedure: open Control Panel,
select Java tab, click View under Java Applet Runtime Settings, set
values in Java Runtime Parameters table column. This operation added the
properties to the user's deployment file (in a new attribute named
deployment.javapi.jre.1.5.0_09.args, which held all 3 properties as a
value), but there was no effect (password window still popped up).
2. We setup the deployment.property file manually with the 3 attributes
[javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword,
javax.net.ssl.keyStoreType], it didn't have any affect either.
3. When launching java applications you can set system properties as
part of the command line using the follwing format
"-D<property_name>=<property_value>", we failed to find the analogous in
javaws.
Has anyone got any ideas on how to workaround this problem? Really appreciate any help here.Hi, client cert auth is not realy the best way to protect your resources. It needs to install client cert on every workstation to access application. I think it conflict with javaws concept!
I have the same situation (protect resources and avoid password promt on start) and my solution is:
Using tomcat as web server:
Direct structure as follow:
/ApplicationRoot
/WEB-INF
/resources
- private.jar
- private.jnlp
/resources
- icon.png
- public.jarAs you can see there is no direct access to protected resources. All protected resources availiable only thrue ResourceProvider servlet, configured as follow (web.xml):
<servlet-mapping>
<servlet-name>ResourceProvider</servlet-name>
<url-pattern>/resources/secret/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>protected resources awailiable from browser</web-resource-name>
<url-pattern>/resources/secret/browser/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>somerole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>somerole</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name></realm-name>
</login-config>Code your ResourceProvider servlet to grant access only if:
- Connection is secure (ssl).
- URL pattern is "/resources/secret/browser/*" and client has pass realm.
- URL pattern is "/resources/secret/javaws/secretkey/*" (where secretkey is a pin kept both by client and server)
To Install app from browser (access private.jnpl) use "/resources/secret/browser/*" url pattern and basic auth.
To download app resources configure jnlp file as follow:
<jnlp spec="1.0+" codebase="https://host:port/AppRoot/resources/" href="secret/javaws/secretkey/private.jnlp
<information>
<icon href="icon.png"/>
</information>
<resources>
<j2se version="1.6+"/>
<jar href="secret/javaws/secretkey/private.jar" />
<jar href="public.jar" />
</resources>
</jnlp>
{code}
And last you need to do is configure ssl connector on tomcat server as follow:
{code}
<Connector port="port"
scheme="https"
secure="true"
SSLEnabled="true"
clientAuth="false"
sslProtocol="TLS"
/>
{code}
Pay attention to "clientAuth" param. Set it to "false" to avoid javaws splash cert choose dialog on every app update.
Hope it help! -
No pop-up for client certificate in spite of icm/HTTPS/verify_client = 1
Dear experts,
on my WebAS 6.40 I have set icm/HTTPS/verify_client = 1 so that it requests a client certificate every time a new SSL connection is established.
However, only on one client machine with IE 6 I really get a pop-up asking for a client certificate. On all other machines there's no such pop-up. Although on ALL clients I have set the IE setting "Don't prompt for client certificate selection when no certificates or only one certificate exists" to "disable". The setting seems to be correct, because when I want to go the SAP Service Marketplace with these clients, this pop-up comes up with an empty list of suitable certificates.
Can anybode explain this to me? Why does the one browser open the pop-up and the others don't althought this one setting is identical? Why do the IE's that get the pop-up for the SAP Service Marketplace don't get the popup for my WebAS 6.40?
Thanks and kind regards
ChristianYou will have to check the specific service (probably in SICF) to see if the Logon Procedure is set to 'Required with Client Certificate (SSL).' Is this for a BSP page?
Hope that helps.
J. Haynes -
UTL_HTTP and client certificate request
I am hoping that someone can help me. We have a web site that we need to hit and pull the html code back from the pages and we have the code to get what we need but the website now has an option where it requests a client certificate from a user for authentication or if you cancel the request it will then ask you for username and password. I cannot figure out how to submit a cancel on the client certificate request so that my application can submit the username and password authentication. Does anyone have an idea or example to do this? Also if you submit a bad certificate it will prompt you for authentication. So if someone knows how to submit client certificates that would be helpful as well.
Thanks in advance.I've never faced this issue but you might want to look at using UTL_TCP rather than UTL_HTTP.
http://www.psoug.org/reference/utl_tcp.html -
help!
Some websites require a special client certficate for access. If you don't have that certficate, you'll have to contact the site operator to find out how to get one.
Sometimes the problem is caused by a web server that is configured to request an optional client certificate. Safari treats the request as mandatory. In that case, other browsers such as Firefox and Chrome may be able to connect to the site, because they ignore the request.
The first time you were prompted for a certificate, you may have clicked through a dialog that requested access to the Apple certificate in your keychain that is used to secure the iMessage service. In that case, you may be able to regain access to the site in Safari by doing as follows.
Back up all data.
Double-click anywhere in the line below on this page to select it:
com.apple.idms.appleid.prd
Copy the selected text to the Clipboard by pressing the key combination command-C.
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
Paste into the search field in the Keychain Access window by clicking in it and pressing the key combination command-V. An item may appear in the list of keychain items. The Name will begin with string you searched for, and the Kind will be "certificate."
Delete the item by selecting it and pressing the delete key. It will be recreated automatically the next time you launch the Messages or FaceTime application.
The next time you visit a site that prompts for an optional client certificate, cancel out of the prompt. You may have to do this several times before the server stops asking.
Credit for this idea to Christian Braukmueller of SAP. -
SSL (https) set up in ABAP - pop-up Request Client Certificate
Hi,
We just configured SSL in ABAP. Accessing the website that the certificate is assigned to results in a pop-up appearing in IE7 that states:
The website you want to view requests identification. Please choose a certificate, with a blank screen.
Can the server be set so that it does not prompt for the client certificate?
Thanks, NeetaYou will have to check the specific service (probably in SICF) to see if the Logon Procedure is set to 'Required with Client Certificate (SSL).' Is this for a BSP page?
Hope that helps.
J. Haynes -
Manually sign the netware client certificate
We have Netware 6.5 SP8 and we want to upgrade our Windows 7 clients to "Netware client 2 SP3 for Windows 7 IR4". I have 2 questions:
1) what is command line to digitally sign the client certificate? Or another way to ask it, what is the DOS command line to digitally sign the client certificate so that I do not have the popup box confirming the installation of the certificate?
2) I can export the certificate from a computer, but what type of certificate is it? When I go into the certmgr.msc utility to export the certificate, there is a list of types to choose from and I don't which type to select?
Thanks....On 01/11/2013 14:46, ncharleyhog wrote:
> We have Netware 6.5 SP8 and we want to upgrade our Windows 7 clients to
> "Netware client 2 SP3 for Windows 7 IR4". I have 2 questions:
>
> 1) what is command line to digitally sign the client certificate? Or
> another way to ask it, what is the DOS command line to digitally sign
> the client certificate so that I do not have the popup box confirming
> the installation of the certificate?
>
> 2) I can export the certificate from a computer, but what type of
> certificate is it? When I go into the certmgr.msc utility to export the
> certificate, there is a list of types to choose from and I don't which
> type to select?
Section 2.6.1 of the Novell Client 2 SP3 for Windows Administration
Guide[1] includes the following (note the two Microsoft links in the
last paragraph):
--begin--
For the Novell Client, the certificate used for Authenticode signing is
the Verisign public certificate for Novell, Inc. The best way to obtain
the correct certificate for use in the Trusted Publishers list is to
install the Novell Client on a Windows machine, then select the Always
trust software from Novell, Inc. option when prompted. Then use the
Microsoft Certificate Management Console (certmgr.msc) to export the
Novell, Inc. certificate visible in this Windows machine's Trusted
Publishers certificate list.
The exported certificate can be used to pre-distribute Novell, Inc. as a
Trusted Publishers certificate on Windows machines using any of the
methods Microsoft makes available for pre-loading certificates used by
Authenticode-signed software. This includes Microsoft support for
distributing certificates during unattended installations of Windows, or
through the use of Group Policies.
For more information on the options provided by Microsoft Windows for
distributing software publisher certificates, see the "Deploying
Authenticode Digital Certificates in an Enterprise" section of Using
Authenticode to Digitally Sign Driver Packages for Windows Server 2003
(Authenticode.doc,
http://www.microsoft.com/whdc/driver...henticode.mspx), and the
Microsoft Windows Group Policy documentation
(http://www.microsoft.com/grouppolicy/).
---end---
HTH.
[1]
http://www.novell.com/documentation/...a/bqgnrgi.html
Simon
Novell Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks. -
SSL client certificate problem with exchange owa
Since a week I've been having the strangest problem when trying to connect to an exchange webmail server.
When I try to log on to the server, I now get a a safari warning telling me that the website requests a client certificate and prompts me to choose one.
Safari presents me with a few .mac and mobileme certificates, none of which are valid for this site obviously.
I cannot get through this dialog because it seems I do not have the required certificate.
What baffles me though, is that when I disable my mobileme settings in system preferences, safari connects to the exchange webmail perfectly without ever prompting me for a certificate.
I do not understand what mobileme has to do with this exchange server at all.
What is even more strange is that I have been having this on 4 different mac's here at home, with two different user accounts on the exchange server, and I have a family mobileme pack... so every system is a little different, but they all behave exactly the same.
Can anybody point in the right direction please ?
For what it's worth, I could have installed a 10.7.1 update on one of the systems which may have caused this, but definatly not on all 4 at the same time....
Another strange bit, when setting up the exchange server inside mail.app, it works perfectly...Since a week I've been having the strangest problem when trying to connect to an exchange webmail server.
When I try to log on to the server, I now get a a safari warning telling me that the website requests a client certificate and prompts me to choose one.
Safari presents me with a few .mac and mobileme certificates, none of which are valid for this site obviously.
I cannot get through this dialog because it seems I do not have the required certificate.
What baffles me though, is that when I disable my mobileme settings in system preferences, safari connects to the exchange webmail perfectly without ever prompting me for a certificate.
I do not understand what mobileme has to do with this exchange server at all.
What is even more strange is that I have been having this on 4 different mac's here at home, with two different user accounts on the exchange server, and I have a family mobileme pack... so every system is a little different, but they all behave exactly the same.
Can anybody point in the right direction please ?
For what it's worth, I could have installed a 10.7.1 update on one of the systems which may have caused this, but definatly not on all 4 at the same time....
Another strange bit, when setting up the exchange server inside mail.app, it works perfectly... -
IOS4, apple-mobile-web-app-capable and client certificates
IOS4 (4.0 and 4.0.1) seems to have broken apple-mobile-web-app-capable. I have a webbapplication using client certificates to authenticate the user. This worked flawless on IOS3.x. However, after having upgraded my iPhone to IOS4, the application fails when started from the springboard with an error message telling a client certificate is required (I have one installed). When I start the application from within Safari it works OK. I tracked the error down to the following line in the HTML code:
<meta name="apple-mobile-web-app-capable" content="yes" />
When I remove this line, the application works again flawless when started from the springboard. However the native look and feel are gone. As soon as I add this line to the HTML, the application works when started from Safari, but fails when started from the springboard.
Does anyone have a glue or is this a bug on the apple-mobile-web-app-capable function of IOS4?I have also experienced this problem on iOS 4.1. I want to authenticate access to a web-app using SSL client certificates but I get an error "Cannot Open ... requires a client certificate" when launching the app from the home screen. Very annoying!
Navigating to the page in Safafi prompts the user to choose which certificate to use and then loads the page successfully. Just as a side question, is there anyway to automatically associate a client certificate with a web site so that the user is never prompted to choose a certificate when accessing the site? I want an authentication process that is transparent to the user.
Maybe you are looking for
-
Any one having , ABAP Check list for unicode conversion
Now I am in one upgrade project. Its new to me. Can anyone have ABAP checklist for unicode conversion in upgrade projects
-
How to by-pass a recorded screen in lsmw, if the field in it is initial?
Hi I am doing recording for AS02 ttransaction. In this (AS02) transaction,we have Time dependent tab.And I am recording all fields in that tab .And then go to other screen by pressing 'Add interval ' button and will update the only field date(ANLZ-
-
2 macs sharing internet connection
I am new to wireless networking and would like to know if there is a relatively inexpensive way to "wirelessy" hook up my newly purchased Powerbook G4 to my existing cable modem connection. Currently I already have my IMAC G5 (no wireless card) conne
-
HT201303 When down loading a free app from the App Store it is asking the credit card entries
When down loading a free app from App Store it is asking the credit card informations at present I do not have credit card what have to do Ajithkumar
-
How to disable auto connect feature in SQLDeveloper's connections manager
Hi Guys, I work with SQLDeveloper 2.1.1 (Patch 1) It attempts to connect to the target always after you Right click on saved connection from within the connections' manager list. Does any one know how to disable that auto connect feature in SQLDevelo