[cas-dev] More login flow gotchas
Stephen A. Cochran
stephen.a.cochran at Dartmouth.EDU
Tue Jun 27 08:32:19 EDT 2006
(This probably should have been on the cas list, but not going to
switch it over now.)
This is one of those areas where client certs is less than ideal.
Each browser handles the situation slightly differently.
- Firefox prompts you to select which cert to send whenever it is
asked for a client cert.
- Safari loops through all the certs available until one is accepted
by the web server or it runs out of certs.
- I believe IE prompts as well, but I can't say I'm 100% sure on that
(having never actually used it).
These are all the little problems with PKI that come up when you
actually start trying to use it. If anyone's interested, Dartmouth
did a lot of work in the area and documented lots of the limitations.
http://www.dartmouth.edu/~pkilab/
On Jun 27, 2006, at 8:22 AM, Scott Battaglia wrote:
> Does the browser always ask for a certificate on every connection
> request? When I was trying it out, it only asked me once for the
> entire
> browser session (but then I also only had one certificate installed).
More information about the cas-dev
mailing list