ISAM for Web – WebSEAL – Firefox doesn’t ask for client certificate

Just spent a while troubleshooting why my browser wouldn’t ask me for the client certificate even when I went to a certificate protected webseal instance. After a while, I worked it out, and thought I’d make a note of it here. Title Note: It was actually happening on both Firefox AND Internet Explorer.

Pre-conditions:

  • forms-auth = https
  • require-client-cert = optional
  • Client certificate mapping rule defined from here.

Everytime I accessed the page, both Firefox and Internet Explorer would just display the login page:

loginform

After checking and rechecking what I had done to configure client – authentication (it’s really pretty simple after all) I was scratching my head. Turns out, I hadn’t deployed the change from adding the CA certificate into the SSL Certificate keystore pdsrv.kdb.

Once I had deployed that, Firefox was my friend again!

certificateprompt

So it would seem that when asking for client authentication, WebSEAL will tell your browser which CA’s it will accept certificates from, and therefore your browser will only offer a cert in the event it has one that matches.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

WordPress.com.

Up ↑

%d bloggers like this: