New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 632534 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Aug 2016
Cc:
sdavern@chromium.org
dskaram@chromium.org
johnsonrichard@chromium.org
certificate-enrollment-cros@google.com
ltong@chromium.org
gbirtchnell@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

Certificate Extension policy enable_auto_enrollment value ineffective

Project Member Reported by gbirtchnell@chromium.org, Jul 29 2016 
Chrome OS Version: 52.0.2743.85
Chrome OS Platform: 8350.60.0

Prerequisite:
The forced installed Certificate Enrollment for Chrome OS extension requires a config JSON file to be applied via CPanel.
Extension: fhndealchbngfhdoncgcokameljahhog
Extension policy: https://support.google.com/chrome/a/answer/6321820?hl=en
Managed profile for EAP-TLS wifi network.

Issue:

The "enable_auto_enrollment" value in the policy is ineffective, True or False do not behave differently:

  "enable_auto_enrollment": {
    "Value": false
  }


The extension policy documentation states:
enable_auto_enrollment — Control whether the extension initiates enrollment automatically or waits for the user attempt at connecting to the EAP-TLS network. Default is false.

This suggests True would automatically prompt the user once the policy has come down to enroll to get a certificate, this doesn't occur.

Steps To Reproduce:
(1) Setup the Certificate Enrollment extension to be forced installed.
(2) Create a managed EAP-TLS wifi profile (Client Enrollment URL: chrome-extension://fhndealchbngfhdoncgcokameljahhog/html/request_certificate.html )
(3) Have the policy JSON "enable_auto_enrollment" set to True.

Expected Result:

The user should be prompted or immediately directed to chrome-extension://fhndealchbngfhdoncgcokameljahhog/html/request_certificate.html once the Certificate Enrollment extension policy has come down.
It should not wait for the user to select the EAP-TLS AP that requires certificate before the extension is initiated for enrollment.

Actual Result:
The extension is not automatically initiated to prompt the user to enroll for a certificate.
User still needs to select the EAP-TLS AP, as though this value was set to False.

Customer would like to have the users prompted immediately upon first sign-in to enroll for a certificate, so that it can automatically switch to the EAP-TLS network without user action.
Certs_Policies_1.pdf
119 KB Download
debug-logs_20160729-105027.tgz
72.1 KB Download

Comment 1 by gbirtchnell@chromium.org, Aug 16 2016 

Updated version 1.1.0.2 in CWS performs much better.

Comment 2 by dchan@google.com, Aug 20 2016

Components: Security>UX Enterprise
per comment #1, does it solve your problem ? or do you still have issue with the performance.

Comment 3 by bartfab@chromium.org, Aug 29 2016

Labels: Enterprise-Triaged
It sounds like you are having problems with the cert installer extension itself. I suspect that bugs with that are tracked in b/, not here.

Comment 4 by dchan@chromium.org, Aug 30 2016

Status: WontFix (was: Unconfirmed)
I assume 1.1.0.2 fixed the issue. please reopen if this is still a problem

Comment 5 by lafo...@chromium.org, Dec 9 2016

Components: -Security>UX
Labels: Team-Security-UX
Security>UX component is deprecated in favor of the Team-Security-UX label

Sign in to add a comment