IDP Requesting client Certificate

Cantor, Scott cantor.2 at
Tue May 20 09:23:55 EDT 2014

On 5/20/14, 1:55 PM, "Kobi Seviliya" <kobi at> wrote:
>I have an Shibboleth IDP installed on a linux machine with Jetty and i
>have a strange issue .
>when users connect to the SP and being redirected to the IDP, some of
>them (mostly Mac users) are getting a popup window asking the to identify
>themselves using a client certificate ...
>I only happens if a use has a client certificate on his local machine ,
>other users don't get that prompt ...

Unless you're deliberately configuring client certificate support, that
usually means you turned on the Jetty option to require, or at least ask
for, client authentication. Self inflicted, in other words.

-- Scott

More information about the users mailing list