Testing Smart Card Authentication with Smart Card Utility Browser
When a website requires smart card authentication, it sends back to the browser some hints about the certificate to be selected for authentication. This may include what entity issued the certificate, the type of cryptography required, and details. The browser determines which certificate to show to the user to select. However, sometimes the browser does not show a certificate as expected.
In order to troubleshoot this issue, we have created the Smart Card Utility Browser. It is a browser that uses the same rendering engine as Safari, but will show any available certificates rather than filtering them. It also allows any untrusted or self signed certificate. The browser should only be used to troubleshoot issues and should not be used on a regular basis.
Smart Card Utility Browser logs activity related to smart card and certificate authentication and is helpful for determining the root cause of issues. The log can be viewed and exported. The log does not contain any password or PIN information, but does contain the website name, information about the smart card certificate including the issuer and the person’s name (if included in the certificate), as well as other user and smart card certificate related information.
Install
To install Smart Card Utility Browser, we use Testflight from Apple to install. Follow the instructions below for installing. On the iOS device that is installing the browser:
- Sign up for the beta by selecting this link: https://testflight.apple.com/join/tqE9oCTS. This will open Testflight and give the option to join and download. Tap the button to download and install.
- From the Apple App Store, search for and install Testflight.
Using the Browser
Once the browser has been installed, test a website:
- If you have not already done so, insert a certificate into iOS with Smart Card Utility to make it available to Smart Card Utility Browser (and other apps such as Safari).
- Open Smart Card Utility Browser and type in the website you want to test.
- If you are prompted to allow access to Tokens, select Allow.
- Attempt to authenticate and select the correct certificate when prompted.
- If you receive an error, take a screenshot of the error.
- In the lower left corner, select Log. The log should show information related to the test.
- Tap the Share icon in the upper right corner and send the log to support@twocanoes.com, along with an explanation of the issue.