1

While logging to IDP server with user credentials on webbrowser, It asks the browser to present it's certificate and a certificate pop up appears on browser listing the certificates installed on the local machine where a user selects the certificate (installed in the local machine's keystore/truststore). Once the certificates is selected in the certificate selection pop up, browser on local machine(client in this case) presents the certificate to IDP server and handshake is successful.

In another scenario, I am using Javafx webview to simulate the above mentioned behavior for my program. When i execute my program, it does redirect to idp server where i provide user credentials. Now, after user credentails authentication IDP server asks for client certificate. However, in this case, a built in pop up with certificate list doesn't occurs. Hence, I am not manually able to select the certificate.

As per my understanding, Javafx WebView is a mini browser with full browser functionality.

Please share your thoughts on why a popup with certificate lists doesn't occur for my program written in javafx webview when IDP server asks for client certificate ?

Initialized keystore and truststore in my javafx program which reads the certificates present on my local machine (windows). After this, javafx webview program is supposed to login to IDP server with user credentials and once IDP server asks for local machine(client) certificate, my program written in javafx webview should list the certificates imported in my local machine in a popup (which is not working).

Discovery
  • 29
  • 2
  • Have you tried implementing the "user interface callbacks" on the `WebEngine` (e.g., [`promptHandler`](https://openjfx.io/javadoc/19/javafx.web/javafx/scene/web/WebEngine.html#promptHandlerProperty))? – Slaw Mar 12 '23 at 20:30
  • *”As per my understanding, Javafx WebView is a mini browser with full browser functionality.”* -> this is a misconception, in my opinion. – jewelsea Mar 12 '23 at 23:51
  • Internally, recent releases of `WebView` use the JRE [http client](https://www.baeldung.com/java-9-http-client) for networking. You probably would need to know that the client is being asked to provide a certificate, hook into that event and service it to display a custom client certificate selection UI in JavaFX, then provide that certificate and private key to the network http connection so that it can negotiate the SSL connection. Likely none of that will be easy for you. – jewelsea Mar 12 '23 at 23:59
  • If the client knows by convention or configuration which client certificate and key to use, then perhaps you can skip a selection dialog and preconfigure the client trust store to use the configured client certificate and key. You might be able to do this [through `-D` parameters provided to the JVM](https://www.baeldung.com/java-https-client-certificate-authentication). – jewelsea Mar 13 '23 at 00:07

0 Answers0