The Omni Group Forums

The Omni Group Forums (http://forums.omnigroup.com/index.php)
-   OmniWeb Bug Reports (http://forums.omnigroup.com/forumdisplay.php?f=27)
-   -   OW cannot access keychain for digital certificates (http://forums.omnigroup.com/showthread.php?t=13240)

technomage 2009-07-29 06:13 AM

OW cannot access keychain for digital certificates
 
My employer uses digital certificates for login to webmail, etc... These are re-issued each year, and I cannot get OW 5.10 SP#116127 or the current 5.9.2 release version to successfully log in using this method after updating certificates. Here is the code on the login page:

Log in with your xxx digital certificate:
<a href="http://www.xxx.xxx.edu/identity/certificate/">
</a>
</td>
<td>
<form method="POST" name="query" action="use-cert.cgi">
<fieldset>
<legend>Log in with xxx Digital Certificate</legend>
<div align="left">
<input type="submit" value="Log In">
<input type="hidden" name="reply" value="2cert">

The error mesage OW returns is: NSURLErrorDomain error -1206
A link is also displayed: [url]https://netbadge.xxx.edu/use-cert.cgi[/url]

I received this message regularly with the current release and sneaky peeks using the old certificate. The work around was to click on the [url]https://netbadge.xxx.edu/use-cert.cgi[/url] link embedded on the error page, and OW would ask for my keychain password and return back to the login page. Hitting the login link a second time would then work. If the keychain had been accessed for another web password recently, OW would skip the asking for the keychain pw and go to the login page where you could then log in successfully. With the new certificate loaded into the keychain, clicking on the cgi link just returns you to the error page. You are never asked for the keychain password. Other web password access is unaffected.

MacBook Pro, MacOS 10.5.7

technomage 2009-08-01 05:58 AM

Troy-this issue unexplainably fixed itself yesterday. The certificate page also has a username/pw section which can be used as a substitute for the certificate login. Since reporting the problem, I have been revisiting the page regularly over the last 3 days. Each time I visit, I've tried the certificate login to see if anything is different, but no change. OW has been quit multiple times, all cookies have been cleared, etc... I have not logged out of the computer, although it has been slept (keychain set to lock after inactivity or on sleep) and taken between multiple locations. Yesterday evening, I went to the login page and once again hit the digital certificate login link. This time, OW put up the dialogs for granting access, instead of the keychain dialog, I granted permission always, and it is now able to use the new certificate. I expect to see the error page return at some point, as there is still an issue of the state of the keychain when I hit the login page. I really want to know what's going on with this, since this exact same issue happened last year (there is another post from me on it in this forum). Safari 4 picked up the change and asked for permissions on the very first attempt.

--Craig


All times are GMT -8. The time now is 04:17 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2022, vBulletin Solutions, Inc.