Electron smart card authentication is not working on Linux. The smart card authentication relies on client certifications. This gist has instructions for testing client certifications, which will be used to test smart card authentication.
The main.js
handles the 'select-client-certificate' event from the
App class which prints the list of certificates, and selects the first
certificate in the list. The example then creates a BrowserWindow
and load the Test Page.
Use the following commands to run start electron:
electron main.js
If there are no client certificates installed, the website will load
with and displays Error: No TLS client certificate presented
.
If smart card support is enabled and a smart card is inserted, the
website should load and prompt for a password/pin to access the
certificates on the smart card. However, this fails to happen. However,
if you load the Test Page using the Chrome browser, a password/pin
prompt is displayed. It should be noted that the Chrome Browser and
Electron should be using the same certificate store: ${HOME}/.pki/nsssdb
Lastly, to test that the 'select-client-certificate' is working, a dummy client certificate can be added to certificate store (see instructions below). After adding the dummy certificate, the website will load, the 'select-client-certificate' event should get fired, and the certificates will get printed out. If a smart card is inserted, the available certificates on the smart card should be printed. However, as in the case above, Electron fails to display the password prompt to access the smart card.
Install NSS Tools and smart card libraries on Ubuntu/Debian:
sudo apt-get install -y libnss3-tools opensc-pkcs11 opensc
Add smart card support to Chromium:
modutil -dbdir ${HOME}/.pki/nssdb -add "Smart Card" -libfile /usr/lib/$(uname -m)*/opensc-pkcs11.so
Install NSS Tools and smart card libraries on RHEL8:
sudo yum install -y nss-tools opensc
Add smart card support to Chromium:
modutil -dbdir ${HOME}/.pki/nssdb -add "Smart Card" -libfile /usr/lib64/pkcs11/opensc-pkcs11.so
Use the following command to add a client certificate:
certutil -S -d ${HOME}/.pki/nssdb -n "John Doe" -x -t ',,' -s "CN=John Doe"