CrateDB is a distributed and scalable SQL database for storing and analyzing massive amounts of data in near real-time, even with complex queries. It is PostgreSQL-compatible, and based on Lucene.
When a user has a client-side certificate installed in their browser, accessing the Admin UI triggers a client-cert selection popup. If they cancel that popup, CrateDB continues and asks for a username & password.
Steps to reproduce:
CrateDB is started with these (among other but unrelated) arguments:
If the config option auth.host_based.config.99.ssl=on is removed, browsers don't ask for the client certificate, even when connecting via SSL/TLS in a browser.
CrateDB version:
Tested and reproduced on 4.2 and 4.3, but likely before as well.
Environment description:
Running the official CrateDB Docker image on Kubernetes (k8s.bregenz.a1, k8s.westeurope.azure, et. al).
Internal issue
Problem description:
When a user has a client-side certificate installed in their browser, accessing the Admin UI triggers a client-cert selection popup. If they cancel that popup, CrateDB continues and asks for a username & password.
Steps to reproduce:
CrateDB is started with these (among other but unrelated) arguments:
If the config option
auth.host_based.config.99.ssl=on
is removed, browsers don't ask for the client certificate, even when connecting via SSL/TLS in a browser.