x509-related question

[Bengt Wällstedt]

Hi!

As one thing is resolved new questions arise immediately. I think this is more of an Apache2 -question than SimpleSAMLphp, but I have done quite a bit of googling without finding anyting about it (which puzzles me, seems like a very obvious thing). Sometimes, when the browser asks the user if the user certificate shoulde be sent to the server, the user accidentally clicks "No", or if they forgot to put the card or Yubikey in, the IdP sends them to an alternative auth source. The only way to fix this situation is for the user to close the entire browser, check that the card or Yubikey is in place and start over. And make sure to click "Yes" or "Ok" in the certificate selection popup.

What I would like to do is to provide some kind of retry option for the user to click when (s)he realises that the certificate login didn't happen. I think that means forcefully doing whatever is done when the browser is closed, or possibly make Apache forget about the present session and start over. Any ideas about what can be done here would be much appreciated!

Kind regards

Bengt