Client certificate option screen is not prompted on "Add Account" screen
Reported by
iskandar...@g.hde.co.jp,
Jul 13 2017
|
|||||
Issue description
Steps to reproduce the problem:
1. Settings (Gear icon) -> Accounts -> Add account -> Google
2. After inputting email address which is handled by 3rd party Identity Provider, a transition screen is shown ("Your Google Account is managed by ... In a moment you'll be sent there to finish signing in.")
3. When the authentication requires client certificate, no certificate option box is prompted.
What is the expected behavior?
In app Chrome, if I access the 3rd party Identity Provider login page directly, "Choose Certificate - The app Chrome has requested a certificate ..." is shown.
What went wrong?
No client certificate option screen is prompted, which causes authentication failure.
Did this work before? No
Chrome version: 59.0.3071.125 Channel: stable
OS Version: 6.0.1
Flash Version:
"Acceptable client certificate CA names" is properly shown from running openssl command to the server.
,
Jul 17 2017
Bernhard, can you PTAL?
,
Jul 17 2017
Yes, some screenshots or ideally a video would be very helpful. Do you know if the third-party authentication is shown in a WebView (as opposed to Chrome or a Chrome Custom Tab)?
,
Jul 17 2017
Hi, Sorry for the late reply. As it's a long weekend in my country, I haven't been able to prepare enough video & logcat for this issue. For the last question, as far as I know, WebView needs to implement "onReceivedClientCertRequest" (https://developer.android.com/reference/android/webkit/WebViewClient.html#onReceivedClientCertRequest(android.webkit.WebView, android.webkit.ClientCertRequest) which is introduced in API 21. I attached an example of client certificate option screen with correct WebView implementation. Anyway, I'll provide more information as soon as possible.
,
Jul 17 2017
Yes, it seems like the WebView*Client* that is used for third-party authentication does not implement that method. As such, I think this is more of an Android than a Chrome issue. Drew, can you find a place for this bug in Android?
,
Jul 17 2017
Bartosz, where does this WebViewClient live? GMSCore? Should we translate this into a buganizer issue and escalate to Adam & co?
,
Jul 17 2017
LoggingThis WebView lives in the GmsCore auth module. I filed b/63754580 and assigned it to Carlos.
,
Jul 18 2017
Hi, Thanks for waiting. Since there's an attachment limit of 10 MB, I've uploaded videos & screenshots at the link below: URL: https://upload.hdedrive.com/ui/g.hde.co.jp/dl/SB1500348198-560720ae-5f7a-4e65-b590-2f63ed9e838c Password: 24t=p5h27RXb The URL link is valid for 14 days. Thanks!
,
Sep 28 2017
Hi, It seems I don't have permission to access b/63754580 which was written above. May I know whether there's a progress with this issue or not? Thanks.
,
Sep 28 2017
Looks like it's been fixed in a future GMSCore update, but not sure when that makes it out to devices. Bartosz, do you know?
,
Oct 12 2017
That GmsCore version should be coming out soon. We do not commit to future dates for GmsCore, so there is not much more I can share here. The internal link is go/gmscore-schedule. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ppolise...@chromium.org
, Jul 14 2017