chrome://certificate-manager/ was created on top of options cert manager code. Webui options code is deprecated and MD settings code should be used. We need to migrate this UI to MD version.
Kiosk app is like a regular user but we only run an app with no other UI exposed. Settings UI etc are not available and there is no way to change any settings when the kiosk app runs for security reasons.
However, to support EAP-TLS, we need to have a way for kiosk apps to import client certs. That is why the certificate manager UI is needed. We don't want to expose all the settings/options. The dialog is thus created to extract only the cert manager portion of settings.
xiyuan@ - This looks like it's the exact same UI as the old options UI?
I would like to do the exact same thing for the (in progress) network configuration Settings UI, i.e. allow it to be wrapped in a dialog and make it available from login/oobe.
Eventually I would like to make all of the Settings network UI, and possibly others (e.g. Display) available in a similar manner.
Let's look into generalizing this so that we can open a settings page or subpage (e.g. chrome://settings/certificates) in a dialog without too much hassle.
Keeping the old code around is going to get costly so I am upping this to a P2. If you don't have time to look into this I should be able to look into it in a few weeks.
Cc: xiy...@chromium.org Labels: M-62 Owner: steve...@chromium.org Status: Started (was: Assigned)
I confirmed that this is CertificateManagerDialog/CertificateManagerDialogUI. I will replace this with a dialog using elements shared with the new Settings UI.
I would like to verify this change in kiosk mode. I can get the Network Settings UI with ctrl + alt + n as the kiosk app is launching, but can that UI appear automatically when there is no network connection?
(See Issue 748432 for a use case: A touch-screen chromebase device is enterprise enrolled with a wired ethernet connection, then the device is sent to another location without a keyboard, so ctrl+alt+n is not an option. When the device boots, it is expected to notice that it has no internet connection and should bring up the Network Settings UI to connect via wifi).
Re #13: The network config UI should show up when there is no network. I am asking whether "DeviceLocalAccountPromptForNetworkWhenOffline" policy is set to false in 748432 #30. When that policy is set to false, it disables the network config UI. Can you clarify on that?
DeviceLocalAccountPromptForNetworkWhenOffline is unset.
According to the chromium.org website (https://www.chromium.org/administrators/policy-list-3#DeviceLocalAccountPromptForNetworkWhenOffline) unset defaults to True. There is an extra condition, though "...and a device-local account is configured for zero-delay auto-login and the device does not have access to the Internet, Google Chrome OS will show a network configuration prompt."
The device policy "DeviceLocalAccountAutoLoginDelay" is unset, but chromium.org says it is only applicable to public sessions, so it's unclear to me what is expected for the network config UI in kiosk mode.
With the policy unset, the network config UI should show up. The kiosk app does not even need to be auto launched. We would show it as long as the app does not claim to be offlineEnabled.
Just tried it on my device and network config UI popped up. What is the chrome version you saw the problem? 61.0.3163.108?
Yes, M61 Beta channel, build 9765.72.0, chrome 61.0.3163.108.
Just noticed this issue has a M-62 label, so will try the latest M-62 Beta and see if the condition persists.
Just tried M-62 Beta, build 9901.35.1, chrome 62.0.3202.43 on my sumo. I still get the "There is no Internet connection" message when Chrome Sign Builder tries to launch.
Double-checked my policies:
DeviceLocalAccountPromptForNetworkWhenOffline: unset [True]
DeviceLocalAccountAutoLoginDelay: unset [0 milliseconds]
System logs attached.
Tried the same M-62 Beta build 9901.35.1 on a Veyron-Tiger (small chromebase with a touch-screen), and went through the same steps as the sumo:
(1) Device had a wired ethernet connection. Recovered the above build. In System Settings > Accessibility made sure on-screen keyboard was Enabled.
(2) Enterprise-enrolled the device to domain crosprqa4.com, assigned it to the Org. Unit "Virtual Keyboard" which auto-launches Chrome Sign Builder (CSB) kiosk app. The app also has kiosk settings that allow the on-screen keyboard to be enabled.
(3) Rebooted the device to make sure the auto-launch was successful and an on-screen keyboard could be accessed.
(4) Turned the Tiger off. Disconnected the ethernet cable and the keyboard/mouse. Powered on.
CSB tries to launch, but quickly displays the "There is no Internet connection" message. No Network Selection UI.
On my next reboot I cancelled the CSB launch (ctrl+alt+s), and then the Network Selection UI appeared.
In the logs attached to #18, I noticed this line:
2017-10-11T21:41:46.411435+00:00 ERR chrome[1093]: [1093:1093:1011/144146.411106:INFO:startup_app_launcher.cc(193)] MaybeInitializeNetwork, requires_network=0, network_ready=1
It says "requires_network=0". This means the app claims to be offline_enabled. In this case, the network check is skipped. And "There is no Internet connection" message does not look like from chrome. I suspect it is from the app. And we would not show network config after the app is launched and creates its own window.
Can you use a different app to test?
@stevenjb, xiyuan: Is this migration complete? At comment #7, issue 748199 was merged with this one, but the CertificateManagerDialogUI code seems to have not been removed yet, even though this bug here is marked as Fixed.
Re-opening for now.
CertificateManagerDialogUI is used to configure network for kiosk sessions. There was a mis-understanding that the code should be removed. The dialog should stay but it is only meant to be used during kiosk app launch, not inside a user session. The UI itself has migrated to MD. That is why this issue is marked as fixed.
> The dialog should stay but it is only meant to be used during kiosk app launch, not inside a user session. The UI itself has migrated to MD
I am confused. When I manually visit chrome://view-cert-dialog, I still see the old UI, see screenshot. Is there a plan to remove the old Options UI for this dialog? Or is the plan to maintain this UI for "kiosk app launch" mode indefinitely?
Ok, I think my confusion was that there is a new and an old "certificate viewing" UI, when in fact there isn't. chrome://view-cert-dialog displays the only such UI that exists.
On the other hand, there was an old and new "certificates management" UI, which has already been migrated. So feel free to re-close this issue, if that's the case.
Yep, this issue is about chrome://certificate-manager/, which is a UI to manager certificate. And this is migrated to MD. Old manager code is gone now.
chrome://view-cert-dialog is a viewer for a given certificate and is NOT used for "kiosk app launch". I am not sure whether we will migrate the viewer UI or not. If we do, think we need a new bug to track the work.
Comment 1 by dbeam@chromium.org
, Jun 8 2017