Q: PIV Card Woes with Citrix Viewer
-
Mar 21, 2016 7:30 AMby GunnyFitz,Dan
Before posting my thread I did a search and did NOT find yours until afterward for some reason. I think we are both dealing with the same crazy issue and I was wondering if you found anything to use with your Mac system for a PIV Card?
This is what I just posted now:
I was told there are ZERO chances of using a PIV Card on any Mac but this cannot be so (Can it?) lol.
Ive read there are others using "CAC Cards" via Mac but why no PIV use? And why isn't there any software to allow the Gov Car Reader to be recognized for the purpose of using our VA Badges to log on? Are you also using the Mobile Pass OTP Token System to log in via CAG? UGH!!
-
Mar 21, 2016 8:35 PMby Danielfromst petersburg,GunnyFitz
I am using my PIV card with my Mac but it is pretty clunky. Here's what I have to do.
Insert the PIV card in the reader before connecting to the CAG site
Log in by Clicking the PIV login Icon and entering my PIN
Wait for Citrix to load- THEN REMOVE THE CARD FROM THE CARD READER
If you don't remove the card you cannot start any applications
When you start an application- you get a Windows Log On screen- DON'T TRY TO USE YOUR CARD- click Other User and use your password
The App will start
When you start subsequent apps- a dialog box will pop up with a certificate highlighted- click CANCEL and the app will start (if you click CONTINUE it will prompt you 3 times and crash)
Not elegant, tiresome, but it works.
The only thing is that if you need to log back on with in an hour or so of logging off- you may have to restart your computer.
-
Mar 21, 2016 8:41 PMby Danielfromst petersburg,Forgot to mention- I am in a "PIV Enforced" group, from my understanding I am not permitted to use Mobile Pass so I haven't tried. (But, I have considered removing my Sun Pass transponder from my car and sticking it on the computer- If it works at all- it might be better than my PIV card.)
-
Jul 18, 2016 7:02 AMby dr.nixon,Absolutely. This is the same "fix" that was found to work at our VA - pull card out BEFORE launching the CAG. However, once CAG has been launched, and you get the login prompt, you're safe to plug the card back in again and then use PIV for login (as of Aug 4 2016, you will HAVE to do this - no password accepted for login after that date).
One user has had issues with incorrect credentials - he has to open Keychain and clear anything saved that includes "CAG" between logins, but otherwise things work.
With proper middleware installed (OpenSC, pre-release beta) we got it to work in Firefox as well, same issue with having to pull card, but the behavior was more erratic - user was unable to log out without a program hang, and was hit with weird repeated login requests during the process. Stick with Safari for now, unless the middleware has finally been updated to a release version that works with El Capitan.
