Known browser issues with Express for Mac 5.4.2 using High Sierra 10.13.6?

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 2
Registered: ‎08-07-2018
#1 of 3 469
Accepted Solution

Known browser issues with Express for Mac 5.4.2 using High Sierra 10.13.6?

I am a US federal employee (non-military).  We use Express  (not Direct Control) for authenticating to VPN and web sites. I've noticed some odd behavior when trying to use our PIV cards with brand new installs of Mac High Sierra 10.13.6. 

 

The problem is that web browsers (Safari, Chrome, and Firefox) are unable to recognize the Certificates we are trying to pass from our cards.  I don't even get a chance to authenticate, just a browser error saying, "no card inserted".  But I do see the Certificate in KeyChain Access, and it works for VPN.

 

What I mean by a brand new install is, a brand new machine out of the box that has high Sierra already on it, and nothing else.  I install Centrify Express 5.4.2, and everything works fine except for authenticating in browsers.  (Previous versions of express do not work with High Sierra.)

 

The weird thing is, I have machines that were running older OSs, and after upgrading them to High Sierra, I have no problems.  I also have a brand-new machine that I performed a time-machine restore of an old desktop that was running OS El Capitan 10.11.  That one worked just fine after upgrading Express to 5.4.2.  Both of these types of installs have no problems at all.  But if I try to start with a brand new laptop, I cant get browser authentication to work.

 

To reiterate, I am able to see the card's certificates in KeyChain access, and I am also able to use the card to authenticate to our VPN (we are at a University-infrastructure site and use VPN to access federal websites).  So I know I have a functional login, just not for all applications.

 

I already reviewed a lot of posts on this and other sites, so I have already tried an uninstall, then clearing all the files from /var/db/TokenCache/tokens,  and clearing /Library/Security/tokend, then reinstalling. 

 

I can provide any other details or screenshots needed, but first I'm just wondering if anyone else is aware of known issues with 10.13.6 and how to resolve them.

 

Thanks,

Jerry

 

Dr. Jerry L. Johnson

Biological Science Laboratory Technician/LITS

USDA-ARS Cereal Disease Laboratory

 

Participant II
Posts: 2
Registered: ‎08-07-2018
#2 of 3 449

Re: Known browser issues with Express for Mac 5.4.2 using High Sierra 10.13.6?

Okay, everyone can disregard this, as I found the problem.

 

I had neglected to check if the CA's that the browsers need were installed--they weren't.

 

As I said, this was my first attempt at an install on a new machine, my others were upgrades or migrations, and of course, the CA's come along for the ride in those cases...

 

Once I imported/exported the CA's from a working machine, everything works now.

 

Jerry

 

Dr. Jerry L. Johnson

Biological Science Laboratory Technician/LITS

USDA-ARS Cereal Disease Laboratory

Participant I
Posts: 1
Registered: 3 weeks ago
#3 of 3 125

Re: Known browser issues with Express for Mac 5.4.2 using High Sierra 10.13.6?

Did you take a look at this: Acer Support.