Double Pin prompts with 2FA (badges)

6 views
Skip to first unread message

Hoang (US), Victor T

unread,
Feb 15, 2022, 1:20:19 PM2/15/22
to enter...@mozilla.org

Hello all,

 

My company is experiencing what we are calling “double pin prompts” when end users have to use the badge feature for various authentication methods. Essentially, when a user goes to a website, certain internal websites ask for a badge followed by its pin. They’ll enter their pin, and then a follow up window will ask for their pin again.

 

After doing it twice, they’ll proceed as normal, however this used to be less common but now it’s more widely spread. I do know that I’m using these preferences policies:

  • security.osclientcerts.autoload
  • pointing to a CSSI library security device for a third party tool called Charismathics (middleware smartcard authentication): "C:\\\\Windows\\\\system32\\\\cmp1164.dll".

 

My suspicion is that Firefox does it’s pin request, followed by charismathics doing its own. Was wondering if anyone experienced anything similar and any suggestions. I fear that disabling security.osclientcerts.autoload, Firefox won’t pull certificates from the Windows cert store to function properly (but perhaps that’s more in line with the ImportEnterpriseRoots policy?)

 

Thanks!

Victor

Mike Kaply

unread,
Mar 3, 2022, 2:56:40 PM3/3/22
to Hoang (US), Victor T, enter...@mozilla.org
I wouldn't think you would need to install the security device if you are using osclientcerts.autoload.

ImportEnterpriseRoots is definitely different, it's focused on CAs. It doesn't do client certificates..

So I would try either removing the security device or flipping osclientcerts.

Mike

--
You received this message because you are subscribed to the Google Groups "enter...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to enterprise+...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/enterprise/79939d75e15e410a9dddadae54eea075%40boeing.com.
Reply all
Reply to author
Forward
0 new messages