Impossible to skip PIN entering

[microshine]

The application shows a PIN dialog if the token requires login. On Cancel button click it prompts PIN entering again and again

[alexgbv]

@microshine It seems we have a contradiction between layout and application, I think need to align

---

I suppose when click "Deny" we don't need to show an additional view. It should turn you to homepage. What do you think?

[microshine]

Agree. Looks like Fortify throes exception on PIN Denying. Mane we need to send a special code error to catch that behaviour

[donskov]

@alexgbv Also, we need to add a Logout button and show it only for smart cards and after successful authentication. After a click, we should trigger re-authentication for a smart card.

[alexgbv]

@donskov If I correctly understand you we need some indicator of smartcard connection in cert viewer, and also it must have the option of logout. Is it around?

[donskov]

@alexgbv We need to add the button login/logout for the removable provider (smart-card).

I think it's related for tools only for now.

[alexgbv]

It is for logout

I think we should deselect token from providers if logged out instead show empty page. IMHO it will be more natural behaviour than show nothing. And to login - select it in providers again.

[rmhrisk]

I like it

[rossinicolas]

Good Morning Dears, i think that the upgrade requested from my users is related to this issue. They told me if there are any way to grant greater security to PeculiarFortifyCertificates web component at moment of show and choose certificate to sign because if token card is plugin and they leave from your desk for a few minutes, other guys could be use it to sign. May be using a PIN or pass could be a solution for us. Thanks.

[rmhrisk]

@rossinicolas this should really be in a separate bug. That said pin cashing / policy is managed by smart card middleware and not fortify. Fortify could implement its own policy that is additive but it can not replace what is there. Please file a bug requesting this feature.