The Mattermost-desktop application does not read the user’s NSSDB in ~/.pki/nssdb/ so it’s unable to use the opensc module for smart card authentication. Is there a way to configure the chromium applet included with the application to use the NSSDB on RHEL 7?
Mattermost works in Chrome after adding the OpenSC module with “modutil -dbdir sql:~/.pki/nssdb/ -add “OpenSC” -libfile /usr/lib64/pkcs11/opensc-pkcs11.so”
The need to run the application arises from several other conditions. We only run Firefox on our systems but Mattermost calls and screen sharing do not work in Firefox when the OS is configured in FIPS mode. This is a separate issue with should probably also be reported as a bug.
As a workaround we tried installing Chrome and it works perfectly after configuring OpenSC in the user’s NSSDB. Unfortunately, Chrome is not approved for installation in our organization. The Mattermost-Desktop app uses chromium so it would be viable but it doesn’t read the NSSDB so it fails to read the smartcard when authenticating through ADFS.
While I cannot answer your questions, I’ve alerted the responsible teams for the desktop app and the calls feature to check out this post. Please stay tuned.
The original issue was incorrectly marked as deprecated version even though it’s still an issue on the current version, so it was re-created as a new issue that went stale.
We only run Firefox on our systems but Mattermost calls and screen sharing do not work in Firefox when the OS is configured in FIPS mode. This is a separate issue with should probably also be reported as a bug.
@WillD It honestly sounds like a potential issue with Firefox but if there’s anything we can do to make Calls work I am happy to have look. Could you please create an issue at Issues · mattermost/mattermost-plugin-calls · GitHub with all the relevant details, and possibly some logs to show what’s failing? Thanks
However, since Chrome is working we just moved forward with using Chrome instead so I haven’t tried the two suggestions provided in the issue response.