To All,
I encountered the same problems you describe with the Air Force portal. Followed all recommendations to no avail. After lots of trial and error this is what I did in my setup and worked:
1. close all open programs. Open keychain access, connect the reader, insert CAC, select CAC keychain by clicking on it once, you will see a list with 3 certificates and 3 private keys to the right.
2. double click on the certificates and find the one that shows "Usage Digital Signature, Non-Repudiation" and Purpose #1 Smartcard Logon, Purpose #2 Email Protection, Purpose #3 Client Authentication". This is the right certificate for online CAC authentication.
3. control-click the CAC certificate identified as the right one in step 2 and create an identity preference for each server addresses that the AF Portal has:
https://www.my.af.mil/EAI_JUNCTION/eai/
https://www.my.af.mil/EAI_JUNCTION/eai/auth
https://www.my.af.mil
I had to create an identity preference for each; for some reason if I don't use all three, login fails.
If you also want to access the virtual MPF, also create an identity preference with the following server:
https://w20.afpc.randolph.af.mil/afpcsecurenet20/
Note that these server addresses
are case-sensitive and you need to put the "/" just as I did above.
4. verify the identity preferences were created by selecting the login keychain, you should see them in there.
5. open safari and enter:
https://www.my.af.mil in the safari address bar. Enter PIN number if requested. I have noticed that sometimes it will work flawlessly and sometimes the server will reject the certificate and ask you to select a different one. If I select the one that says DOD EMAIL CA-15 and hit enter (sometimes repeatedly) it will then work. Don't know why this happens but have read is a USAF server-side issue.
Once you are able to access the portal, logout and try the vMPF by entering
https://w20.afpc.randolph.af.mil/afpcsecurenet20/ in the Safari address bar
hit OK if presented with a consent screen. You may be given a username/password screen, reenter
https://w20.afpc.randolph.af.mil/afpcsecurenet20/ into the address and try again, you should be in AFPC secure.
I tested this in a 2008 white macbook with an OmniKey 3121 USB reader and an Oberthur ID One v5.2 CAC card. My OS is 10.5.6.
Please let me know if this helps.
R Burgos