Smartcard authentication fails with “Unable to connect to server” using Firefox browser.

Problem

Smartcard authentication fails with “Unable to connect to server” using Firefox browser.  Starting NetBackup 10.3.1 smartcard authentication would require additional port 13731 to be accessible from the system you are invoking your browser from. If you can use smartcard authentication using browsers other than Firefox, then port 13731 is accessible from your system.

Error Message

To understand the issue better, launching “Web Developers Tool” (Ctrl+Shift+I) would be helpful. In the network tab you may notice “CORS Failed” as shown in the screen capture below.

Cause

This happens due to Firefox’s adherence to strict Cross-Origin Resource Sharing (CORS) policy, which prohibits performing mutual TLS authentication while performing CORS requests, including CORS pre-flight requests.

Solution

Firefox provides a configuration flag to toggle this default behavior, thereby performing mutual TLS authentication while performing CORS requests.

To toggle the configuration settings:

In a new tab of Firefox browser, for instance, enter ‘about:config’ in the address bar.
Post confirming the security warning in the browser instance, lookup for “network.cors_preflight.allow_client_cert” and double-click on it to toggle it to “true” as shown in the screen capture below.

Since Firefox shall be communicating with 13731 port on your primary server, you might as well have to add X.509 server certificate exception before attempting “smartcard” authentication. This exception you might have already added for 443 port.

Navigating to https://<your-primary-server>:13731/ shall present server certificate expectation and accepting the certificate presented by the server shall add the exception for port 13731 as well.