{ "id": "171036", "key": "TIMOB-25755", "fields": { "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [ { "id": "20115", "name": "Release 7.3.0", "archived": false, "released": true, "releaseDate": "2018-08-17" } ], "resolution": { "id": "10000", "description": "", "name": "Done" }, "resolutiondate": "2018-07-10T00:31:08.000+0000", "created": "2018-02-06T09:44:11.000+0000", "priority": { "name": "Critical", "id": "1" }, "labels": [ "android", "titanium", "webview" ], "versions": [ { "id": "19906", "description": "", "name": "Release 6.3.0", "archived": false, "released": true, "releaseDate": "2017-11-01" } ], "issuelinks": [ { "id": "58869", "type": { "id": "10003", "name": "Relates", "inward": "relates to", "outward": "relates to" }, "outwardIssue": { "id": "175721", "key": "TIMOB-28241", "fields": { "summary": "Android: Remove \"WebViewClient.jar\" from SDK", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "Low", "id": "4" }, "issuetype": { "id": "4", "description": "An improvement or enhancement to an existing feature or task.", "name": "Improvement", "subtask": false } } } } ], "assignee": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "updated": "2020-11-13T03:19:32.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "10202", "name": "Android", "description": "Android Platform" } ], "description": "_*Edit:*_\r\n_Original issue turned out to be a {{WebView}} hardware acceleration bug on Google's end based on the web page's content, which was worked-around by adding a border to the {{WebView}}. However, we're keeping the code change where the {{WebView}} will prompt the end-user for a client certificate via a dialog if requested by the web server._\r\n\r\n*Original Post:*\r\nThe following page will not render in an Android Webview, however, it loads correctly the iOS webview and in all Android stock browsers.\r\n\r\n[https://idp.unilever.com/adfs/ls/?client-request-id=9b52f9a3-756e-4cde-99bd-64515d1e274a&wa=wsignin1.0&wtrealm=urn%%3afederation%%3aMicrosoftOnline&wctx=LoginOptions%%3D3%%26estsredirect%%3d2%%26estsrequest%%3drQIIAa2Qv4vUQACFM7c_PNcVjsNCLOQK5arZJJNkNhkQjKeLJ3d4blhFQWQymbmNJDNxJln1_go7UQtFO-0sBRvLK_TqAy2sxEIs1co9wd7C9sHjve_rWWR1WteVIbbdyLzgM67RgMpZXmxr1VQDpkp7S-maFnq5t_Ti5_iJbD5tPHqbXbl5cvXSS3DhH9t2Em9u2LExXNe5kmtKmqbkOuF6ljP-Dpy-FQxThNjQhwx7PvRxNIQRyjBEYcSiEAcRo3QPgC8A7C90EloW6NdC0GhJFDW5IZKW3JCakYMh4g7cP0meQaF0SWvSSFNxloucZ49b_U2Vzu_GVZUkl1-3TgmMBeUOgkHmYehHQQpTwR04DCkWIhIhx_xz60TFa64Hpqay4PfP_iU-oNxr97-2-w4gi4uHlsBxsGL9aIPnnbmy9-LZtw8fL55_Gh95RR8uW7sdm1Fv_Zx3Z3p7zfUEupbi0Xhyb2LCu42a4OtXp-t6J95yRqPxjjrjEvdB9-hu1_retd4c_j-293vHkOOGcM7rBCtuQPyAIHTjNw2&cbcxt=&username=peter.stanley%%40unilever.com&mkt=&lc=|https://idp.unilever.com/adfs/ls/?client-request-id=9b52f9a3-756e-4cde-99bd-64515d1e274a&wa=wsignin1.0&wtrealm=urn%%3afederation%%3aMicrosoftOnline&wctx=LoginOptions%%3D3%%26estsredirect%%3d2%%26estsrequest%%3drQIIAa2Qv4vUQACFM7c_PNcVjsNCLOQK5arZJJNkNhkQjKeLJ3d4blhFQWQymbmNJDNxJln1_go7UQtFO-0sBRvLK_TqAy2sxEIs1co9wd7C9sHjve_rWWR1WteVIbbdyLzgM67RgMpZXmxr1VQDpkp7S-maFnq5t_Ti5_iJbD5tPHqbXbl5cvXSS3DhH9t2Em9u2LExXNe5kmtKmqbkOuF6ljP-Dpy-FQxThNjQhwx7PvRxNIQRyjBEYcSiEAcRo3QPgC8A7C90EloW6NdC0GhJFDW5IZKW3JCakYMh4g7cP0meQaF0SWvSSFNxloucZ49b_U2Vzu_GVZUkl1-3TgmMBeUOgkHmYehHQQpTwR04DCkWIhIhx_xz60TFa64Hpqay4PfP_iU-oNxr97-2-w4gi4uHlsBxsGL9aIPnnbmy9-LZtw8fL55_Gh95RR8uW7sdm1Fv_Zx3Z3p7zfUEupbi0Xhyb2LCu42a4OtXp-t6J95yRqPxjjrjEvdB9-hu1_retd4c_j-293vHkOOGcM7rBCtuQPyAIHTjNw2&cbcxt=&username=peter.stanley%%40unilever.com&mkt=&lc=]\r\n", "attachment": [ { "id": "64830", "filename": "Android build log.txt", "author": { "name": "aislam", "key": "aislam", "displayName": "Aminul Islam", "active": false, "timeZone": "Etc/GMT-6" }, "created": "2018-02-08T13:22:14.000+0000", "size": 269284, "mimeType": "text/plain" }, { "id": "64829", "filename": "Android build log 6.3.txt", "author": { "name": "aislam", "key": "aislam", "displayName": "Aminul Islam", "active": false, "timeZone": "Etc/GMT-6" }, "created": "2018-02-08T13:22:14.000+0000", "size": 301618, "mimeType": "text/plain" }, { "id": "64809", "filename": "AndroidWVTest.zip", "author": { "name": "marchief", "key": "marchief", "displayName": "Martin Williamson", "active": true, "timeZone": "Europe/London" }, "created": "2018-02-06T12:10:24.000+0000", "size": 5552829, "mimeType": "application/zip" }, { "id": "65011", "filename": "Screenshot.png", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-29T22:25:51.000+0000", "size": 1200250, "mimeType": "image/png" }, { "id": "64824", "filename": "ti.webdialog-android-1.0.0-6XX.zip", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-08T05:14:31.000+0000", "size": 114749, "mimeType": "application/zip" } ], "flagged": false, "summary": "Android: WebView should prompt user for client certificate if requested by server", "creator": { "name": "marchief", "key": "marchief", "displayName": "Martin Williamson", "active": true, "timeZone": "Europe/London" }, "subtasks": [], "reporter": { "name": "marchief", "key": "marchief", "displayName": "Martin Williamson", "active": true, "timeZone": "Europe/London" }, "environment": null, "closedSprints": [ { "id": 1028, "state": "closed", "name": "2018 Sprint 09 SDK", "startDate": "2018-04-22T22:53:08.928Z", "endDate": "2018-05-06T22:53:00.000Z", "completeDate": "2018-05-07T00:02:15.883Z", "originBoardId": 114 } ], "comment": { "comments": [ { "id": "434088", "author": { "name": "mrahman", "key": "mrahman", "displayName": "Mostafizur Rahman", "active": true, "timeZone": "Asia/Dhaka" }, "body": "Hello [~marchief], \r\n\r\nThanks for sharing with us. Please provide a full sample testcode that regenerates the issue. Better to provide a sample app as an attachment here. We will test the issue in our environment. Also, provide the SDK and CLI version you are testing on. Thanks.", "updateAuthor": { "name": "mrahman", "key": "mrahman", "displayName": "Mostafizur Rahman", "active": true, "timeZone": "Asia/Dhaka" }, "created": "2018-02-06T11:28:16.000+0000", "updated": "2018-02-06T11:28:16.000+0000" }, { "id": "434090", "author": { "name": "marchief", "key": "marchief", "displayName": "Martin Williamson", "active": true, "timeZone": "Europe/London" }, "body": "Axway Appcelerator Studio, build: 5.0.0.201712081732\r\nCli 7.0.1\r\nSDK 6.3.0.G.A\r\n\r\nSample Project attached, code below:\r\n\r\n{code}\r\n//Master View Component Constructor\r\nfunction MasterView() {\r\n\t//create object instance, parasitic subclass of Observable\r\n\tvar self = Ti.UI.createView({\r\n\t\tbackgroundColor:'white'\r\n\t});\r\n\t\r\nvar webView = Ti.UI.createWebView({\r\n\t\turl: 'https://idp.unilever.com/adfs/ls/?client-request-id=9b52f9a3-756e-4cde-99bd-64515d1e274a&wa=wsignin1.0&wtrealm=urn%%3afederation%%3aMicrosoftOnline&wctx=LoginOptions%%3D3%%26estsredirect%%3d2%%26estsrequest%%3drQIIAa2Qv4vUQACFM7c_PNcVjsNCLOQK5arZJJNkNhkQjKeLJ3d4blhFQWQymbmNJDNxJln1_go7UQtFO-0sBRvLK_TqAy2sxEIs1co9wd7C9sHjve_rWWR1WteVIbbdyLzgM67RgMpZXmxr1VQDpkp7S-maFnq5t_Ti5_iJbD5tPHqbXbl5cvXSS3DhH9t2Em9u2LExXNe5kmtKmqbkOuF6ljP-Dpy-FQxThNjQhwx7PvRxNIQRyjBEYcSiEAcRo3QPgC8A7C90EloW6NdC0GhJFDW5IZKW3JCakYMh4g7cP0meQaF0SWvSSFNxloucZ49b_U2Vzu_GVZUkl1-3TgmMBeUOgkHmYehHQQpTwR04DCkWIhIhx_xz60TFa64Hpqay4PfP_iU-oNxr97-2-w4gi4uHlsBxsGL9aIPnnbmy9-LZtw8fL55_Gh95RR8uW7sdm1Fv_Zx3Z3p7zfUEupbi0Xhyb2LCu42a4OtXp-t6J95yRqPxjjrjEvdB9-hu1_retd4c_j-293vHkOOGcM7rBCtuQPyAIHTjNw2&cbcxt=&username=peter.stanley%%40unilever.com&mkt=&lc=',\r\n\theight: '100%',\r\n\twidth:'100%'\r\n\t});\r\n\t\r\n\tself.add(webView);\r\n\r\n\treturn self;\r\n};\r\n\r\nmodule.exports = MasterView; [^AndroidWVTest.zip] \r\n{code}", "updateAuthor": { "name": "marchief", "key": "marchief", "displayName": "Martin Williamson", "active": true, "timeZone": "Europe/London" }, "created": "2018-02-06T12:10:34.000+0000", "updated": "2018-02-06T12:10:34.000+0000" }, { "id": "434091", "author": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "body": "Thanks [~marchief]! [~ybanev] Would you mind taking a peak?", "updateAuthor": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "created": "2018-02-06T13:02:04.000+0000", "updated": "2018-02-06T13:02:04.000+0000" }, { "id": "434107", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~ybanev], I have not handled certificate challenges with an Android WebView before.\r\n\r\nI suppose the only work-around that'll work \"today\" is to use Ti.Platform.openURL() to display the webpage via the Android device's default web browser.\r\nhttp://docs.appcelerator.com/platform/latest/#!/api/Titanium.Platform-method-openURL\r\n\r\nThe above works well on Android because pressing the Back button from the browser app will return the end-user back to the app.", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-06T18:03:49.000+0000", "updated": "2018-02-06T18:03:49.000+0000" }, { "id": "434108", "author": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "body": "Maybe https://github.com/appcelerator-modules/titanium-web-dialog is a good solution as well?", "updateAuthor": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "created": "2018-02-06T18:14:48.000+0000", "updated": "2018-02-06T18:14:48.000+0000" }, { "id": "434115", "author": { "name": "marchief", "key": "marchief", "displayName": "Martin Williamson", "active": true, "timeZone": "Europe/London" }, "body": "We need the solution in the app as it is part of an SSO solution so we need to grab the SAML for authentication that is generated after authentication has been performed and placed in a named div for the app to retrieve. ", "updateAuthor": { "name": "marchief", "key": "marchief", "displayName": "Martin Williamson", "active": true, "timeZone": "Europe/London" }, "created": "2018-02-06T18:31:23.000+0000", "updated": "2018-02-06T18:31:23.000+0000" }, { "id": "434121", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "{quote}We need the solution in the app{quote}\r\n\r\nSounds like a feature request to me. :)\r\n\r\n[~ybanev], can you see what our options are in making this work on Android 4.x please? There's no point in supporting that WebViewClient.onReceivedClientCertRequest() API since it's not supported on older Android OS versions. And let's avoid the \"ignore SSL error\" technique that devs use on stackoverflow since that's considered a security risk.\r\n\r\nAlternatively, we could look into switching our WebView implementation over to Google's \"Chrome Custom Tab\" implementation, but that's a much bigger change that I don't see us doing in the near future.\r\nhttps://developer.chrome.com/multidevice/android/customtabs\r\n", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-06T18:59:58.000+0000", "updated": "2018-02-06T18:59:58.000+0000" }, { "id": "434125", "author": { "name": "marchief", "key": "marchief", "displayName": "Martin Williamson", "active": true, "timeZone": "Europe/London" }, "body": "Accessing data through evaljs is a supported feature ;) and works perfectly well in iOS on the URL given.\n\nIgnoressl doesn't make any difference on the URL given in android. ", "updateAuthor": { "name": "marchief", "key": "marchief", "displayName": "Martin Williamson", "active": true, "timeZone": "Europe/London" }, "created": "2018-02-06T19:23:14.000+0000", "updated": "2018-02-06T19:23:14.000+0000" }, { "id": "434128", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Probably should reference this account for fixes as have enterprise support. ", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-06T20:03:59.000+0000", "updated": "2018-02-06T20:03:59.000+0000" }, { "id": "434130", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~marchief], you may want to give the following module a try...\r\nhttps://github.com/appcelerator-modules/titanium-web-dialog\r\n\r\nThis module uses a \"Chrome Custom Tab\" within your app to display web content instead of the Android OS' built-in Java \"WebView\". I haven't tried it for myself, but since you said that you're able to display this webpage via the device's Chrome browser, it should theoretically work via this module as well. And Google's \"Chrome Custom Tabs\" is supported on Android 4.x.\r\n\r\n_Edit: Thanks goes to [~hknoechel] for pointing this out above._", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-06T21:47:36.000+0000", "updated": "2018-02-06T22:18:37.000+0000" }, { "id": "434131", "author": { "name": "marchief", "key": "marchief", "displayName": "Martin Williamson", "active": true, "timeZone": "Europe/London" }, "body": "THe module says it's for 7.1 and we are only able to use 6.3 max due to modules currently. ", "updateAuthor": { "name": "marchief", "key": "marchief", "displayName": "Martin Williamson", "active": true, "timeZone": "Europe/London" }, "created": "2018-02-06T22:01:19.000+0000", "updated": "2018-02-06T22:01:19.000+0000" }, { "id": "434169", "author": { "name": "ybanev", "key": "ybanev", "displayName": "Yordan Banev", "active": true, "timeZone": "Europe/Athens" }, "body": "[~jquick] After a bit more testing:\r\n - the problem does not exist on APIs 16-18. The page with Authentication warning is loaded which I assume is fine provided the expected certificate is not installed on the system. \r\n- on API 19 this specific request does not trigger any significant WebViewClient events before `onPageFinshed` that would help us work around the problem. Trying to get some clue from the native error if we can somehow avoid big changes in order to get it done.\r\n\r\n", "updateAuthor": { "name": "ybanev", "key": "ybanev", "displayName": "Yordan Banev", "active": true, "timeZone": "Europe/Athens" }, "created": "2018-02-07T15:45:55.000+0000", "updated": "2018-02-07T15:45:55.000+0000" }, { "id": "434175", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "I tried the custom tab option, whilst this does load the page, the \"load\" event is not fired, therefore we can't read data returned via evalJS.\r\nAlso the tab option does not load the URL directly, you have to be redirected through as it has issues with URL parameters.", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-07T17:13:19.000+0000", "updated": "2018-02-07T17:13:19.000+0000" }, { "id": "434225", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-08T05:16:12.000+0000", "updated": "2018-02-08T05:16:12.000+0000" }, { "id": "434232", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~gmatthews] We have tried that, it loads the URL but no events work and can't access the content for evalJS", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-08T08:49:18.000+0000", "updated": "2018-02-08T08:49:49.000+0000" }, { "id": "434837", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~marchief], we'll look into experimenting more with a week from now (after our 7.1.0.GA release).\r\nUnfortunately, nothing on the native Android side just automatically works.\r\n\r\nThe web dialog module is the only work-around at the moment since it works via the installed Chrome browser app... and whatever works in that app will work in the web dialog. They share the same web cache and certificates and is often used for SSO. But unfortunately, it comes with its own limitations. We can improve it in the future, but it may not be possible to give it the same feature set that a WebView has (such as evalJS).\r\n\r\nWe'll look into what our options are for WebView later. The trick is getting it to use the same certificate that the Chrome app is using to satisfy the server's certificate challenge. This may or may not involve adding a new WebView API for you to use to respond to the certificate challenge. And we may not be able to support this in Android 4.x due to limitations on Google's end. We'll see when we experiment with this later.", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-23T19:45:56.000+0000", "updated": "2018-02-23T19:45:56.000+0000" }, { "id": "434854", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "body": "master: https://github.com/appcelerator/titanium_mobile/pull/9882", "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-24T03:53:45.000+0000", "updated": "2018-02-24T03:53:45.000+0000" }, { "id": "434936", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Here's an SDK build incorporating the above PR: [mobilesdk-7.2.0.v20180226131340-osx.zip|https://www.dropbox.com/s/lallawg0954fd9x/mobilesdk-7.2.0.v20180226131340-osx.zip?dl=1]\r\n\r\nYou can use this to determine if the changes solve your issue. You may need to install the necessary certificate/s on your device first.", "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-26T21:43:25.000+0000", "updated": "2018-02-26T21:43:25.000+0000" }, { "id": "434968", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Using the above SDK (the webView runs so much smoother btw) when it reaches the idp page it asks for certificate storage access and then to choose a certificate, cancelling this gives the blank page as before. we are sourcing the certificate to see if this gets around the issue, but I am still not sure why the certificate is not needed when using the stock browser?", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-27T16:55:10.000+0000", "updated": "2018-02-27T16:55:10.000+0000" }, { "id": "434982", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "bq. but I am still not sure why the certificate is not needed when using the stock browser?\r\n\r\n[~marchief], the certificate must have been selected/installed by the stock browser app at some point. Is this a work phone you're using to test this? Are your sure IT at your workplace hasn't already installed a certificate to it? I'm thinking the answer must be yes.\r\n\r\nNote that when I copy-and-paste the URL you gave us to my desktop web browser, I too get a dialog asking me for a certificate, which I don't have.", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-02-28T01:34:36.000+0000", "updated": "2018-02-28T01:34:36.000+0000" }, { "id": "435388", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "We got the client to test this on their work phone, they are unable to locate the certificate on the device, even though the browsers on the device are ok.\r\n\r\nI have tried this from several machines and web browsers and none prompt for a certificate, the page just loads and the SSL (secure) lock shows correctly.", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-08T15:08:23.000+0000", "updated": "2018-03-08T15:08:23.000+0000" }, { "id": "435427", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~anvil_martin] Are you able to provide us with another URL we could use for testing? I'm not sure what https://idp.unilever.com/adfs/ls is meant to be showing, a login prompt? I receive {{An error occurred}} on all browsers I've used navigating to it.", "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-09T18:29:42.000+0000", "updated": "2018-03-09T18:29:42.000+0000" }, { "id": "435449", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "try this one\r\n[SSO link|https://idp.unilever.com/adfs/ls/?client-request-id=32c6a80d-2be5-4ceb-91bd-6414b19fc94b&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQIIAa2QvWsUQRyGd3MfxOMCIgmIjSkUC5nbmf3OiOChEYk5LrIxYBqZ2_2NbtydWWZmz8T_QVBLG0EbsRC0CQQEsRBMlTqlIIg2lmLlRrC3sH3h5X2fp2fRc3eNqTR1nFrkBUxBuQMmpnlxR8m6GqSydNakMqxQJ3rH515-dL-c_776-F02_-bZp-uv7OV_bDvJcLTqDLUGZXIpLkuh6xJUAmqap_DBPns7TiGL_DREADEgf2nio9gPYoQZZoTEvs9wdGDbX237cKaTsLJwf80EtRJUMp1rKlgJmpqUHg1RMiB_kjxDXKqSGVoLXUGa8xyyp63-SE6au8OqSpLx29YZHoacAXZRkHlhsx1M0IQDRlHMQs6XeAwhfG6dqsCAGmjDRAE7l_4SH1EetPvf2n3cobOzjaWTrUXrZ9t-3mmUPZEvhq8vyNHD97unA71g7XecjZV7Y721mdRm-8bNesVb37m2HYzLrfrBRhQanl25Za6uGyzW7i9fjCl51J3b71o_utbesf9j-7A372LSmPUQwYskop5HSbj5Gw2&cbcxt=&username=peter.stanley%40unilever.com&mkt=&lc=]", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-10T17:34:03.000+0000", "updated": "2018-03-10T17:34:03.000+0000" }, { "id": "435647", "author": { "name": "turbomonkey", "key": "turbomonkey", "displayName": "Brian burns", "active": true, "timeZone": "America/New_York" }, "body": "I am having the same issue with this URL https://stripe.com/connect-account/legal. ", "updateAuthor": { "name": "turbomonkey", "key": "turbomonkey", "displayName": "Brian burns", "active": true, "timeZone": "America/New_York" }, "created": "2018-03-15T17:21:56.000+0000", "updated": "2018-03-15T17:21:56.000+0000" }, { "id": "435653", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~turbomonkey] Thanks, that makes a nice test case\r\n{code:js}\r\nvar win = Ti.UI.createWindow({ backgroundColor: 'gray' }),\r\n webView = Ti.UI.createWebView({\r\n \turl: 'https://stripe.com/connect-account/legal'\r\n });\r\n\r\nwin.add(webView);\r\nwin.open();\r\n{code}", "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-15T18:23:04.000+0000", "updated": "2018-03-15T18:23:04.000+0000" }, { "id": "435656", "author": { "name": "turbomonkey", "key": "turbomonkey", "displayName": "Brian burns", "active": true, "timeZone": "America/New_York" }, "body": "Are you seeing the same issue? I am building with Ti SDK 7.0.2 and Android SDK API 26.\r\n", "updateAuthor": { "name": "turbomonkey", "key": "turbomonkey", "displayName": "Brian burns", "active": true, "timeZone": "America/New_York" }, "created": "2018-03-15T20:18:24.000+0000", "updated": "2018-03-15T20:18:24.000+0000" }, { "id": "435863", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Is there any update to this? Been over a week with no update", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-23T12:45:36.000+0000", "updated": "2018-03-23T12:45:36.000+0000" }, { "id": "435949", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~marchief], I'm not sure what else we can do here. The way [~gmathews] implemented it matches what Google recommends here...\r\nhttps://developer.android.com/reference/android/webkit/WebViewClient.html#onReceivedClientCertRequest(android.webkit.WebView,%20android.webkit.ClientCertRequest)\r\n\r\nLike I said before, the server is doing a certificate challenge and expects the WebView to respond with a client certificate. You can see this happening in your desktop browser when you click on the 2 offending URLs you gave us. My desktop browser displays a dialog asking for a client certificate. My Android phone's main Chrome browser app prompts me for a certificate too. Gary's change makes it do the same, because I'm pretty sure that's all we can do.\r\n\r\nSo, let's take a step back here. Do you not want a dialog to prompt the end-user for a certificate? If that's the case, then the only solution is to change the web server side to not perform a certificate challenge.", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-27T01:52:38.000+0000", "updated": "2018-03-27T01:52:38.000+0000" }, { "id": "436100", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "We have had feedback from the clients IT team, seems that the Webview request is not SNI compliant, therefore they are rejecting the connection.\r\n{quote}\r\n I found that ADFS server is configured to reject any client connection where the client is not SNI Compliant. Can application team confirm if the application is sending server name in the client hello?\r\n{quote}", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-29T16:34:27.000+0000", "updated": "2018-03-29T16:34:27.000+0000" }, { "id": "436102", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Also, just to test out if there is a difference in the HttpClient request i tried this \r\n\r\n{code}\r\n\r\nvar webView = Ti.UI.createWebView({\r\n\t\r\n\t });\r\n\t\r\n\t\r\n\tvar url = \"https://idp.unilever.com/adfs/ls/idpinitiatedsignon.aspx\";\r\n var client = Ti.Network.createHTTPClient({\r\n \tvalidatesSecureCertificate:true,\r\n // function called when the response data is available\r\n onload : function(e) {\r\n Ti.API.info(\"Received text: \" + this.responseText);\r\n webView.html = this.responseText;\r\n },\r\n // function called when an error occurs, including a timeout\r\n onerror : function(e) {\r\n Ti.API.debug(e.error);\r\n alert('error');\r\n },\r\n timeout : 5000 // in milliseconds\r\n });\r\n // Prepare the connection.\r\n client.open(\"GET\", url);\r\n // Send the request.\r\n client.send();\r\n{code}\r\nwhich does render the page (i.e. passes the client certificate checks) and presents the basic page.", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-29T16:52:41.000+0000", "updated": "2018-03-29T16:52:41.000+0000" }, { "id": "436114", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~marchief], something is still amiss here. Forget about the mobile and Titanium side.\r\nWhy can't anyone on my end display the web page via their desktop web browsers?\r\n\r\nWe can't display the web page in Chrome or Safari. If we can't do this, then there's nothing we can do on the mobile side. This is the root problem. What do we need to do to get a successful response from the server?", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-29T21:23:11.000+0000", "updated": "2018-03-29T21:23:11.000+0000" }, { "id": "436115", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Use the link i put in the http request. When it asks you to install a certificate just click allow or cancel and the page should still load. ", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-29T21:32:24.000+0000", "updated": "2018-03-29T21:32:24.000+0000" }, { "id": "436119", "author": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~anvil_martin] What should the page look like after it loads? Because I see an {{Authentication Error}}", "updateAuthor": { "name": "gmathews", "key": "gmathews", "displayName": "Gary Mathews", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-29T22:17:38.000+0000", "updated": "2018-03-29T22:17:38.000+0000" }, { "id": "436120", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Okay. I see. So, the client certificate request is the expected behavior then. If I hit \"continue\" in my desktop browser, then I see the attached login page here:\r\n!Screenshot.png|thumbnail! \r\n\r\nThis is what we should be seeing on the mobile web view, right?", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-29T22:26:21.000+0000", "updated": "2018-03-29T22:26:31.000+0000" }, { "id": "436121", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~jquick] yes that is correct, when going to [This link|https://idp.unilever.com/adfs/ls/idpinitiatedsignon.aspx] you are asked for a certificate if your browser doesn't find one automatically or you are from an untrusted connection, but continuing doesn't stop you getting to the site, however from the webview it doesn't give you the option to accept / continue and only shows a blank page.\r\n\r\nOur client has done some digging and found that the webview on android is not presenting the server name (not SNI compliant) not sure if that makes a difference or not. However if you use the Ti.Network.createHTTPClient this returns the page without an issue, it just doesn't render properly.", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-29T22:34:35.000+0000", "updated": "2018-03-29T22:34:35.000+0000" }, { "id": "436122", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Okay. So the issue here is Android's native WebView is not \"generating\" a client certificate. What [~gmathews] has implemented will display a dialog asking for a client certificate like how desktop browser's do it, but unfortunately that approach won't generate one. Hmm...\r\n_(FYI: How Gary is doing it follows Google's examples.)_", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-29T22:55:34.000+0000", "updated": "2018-03-29T22:57:21.000+0000" }, { "id": "436137", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Quick update. The most common solution to this (other than displaying a dialog asking for a certificate) is to bundle a certificate with the app and use that as the client certificate. However, theoretically, we should be able to generate a client certificate and public key based on the digital signature applied to the APK. I'm going to experiment with this and see how it goes.", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-03-30T19:58:11.000+0000", "updated": "2018-03-30T19:58:11.000+0000" }, { "id": "436201", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~marchief], do you know if the web server accepts self-signed client certificates?", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-04-02T23:43:13.000+0000", "updated": "2018-04-02T23:43:13.000+0000" }, { "id": "436204", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~marchief], this appears to be a hardware acceleration bug on Google's end. It turns out the WebView is receiving the HTML content just fine (even though it's not sending a client certificate), but the content is not getting rendered when hardware acceleration (via OpenGL and the GPU) is enabled, which is the default setting on Android. Something in the HTML is triggering this naughty behavior.\r\n\r\nThere is a work-around. If you add a border to the WebView, then this will trick the code into disabling hardware acceleration and the content of the page will then appear.\r\n{code:javascript}\r\nvar window = Ti.UI.createWindow();\r\nvar webView = Ti.UI.createWebView(\r\n{\r\n\turl: \"https://idp.unilever.com/adfs/ls/idpinitiatedsignon.aspx\",\r\n\tborderWidth: \"1dp\",\r\n\tborderColor: \"black\",\r\n});\r\nwindow.add(webView);\r\nwindow.open();\r\n{code}\r\n", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-04-03T02:49:50.000+0000", "updated": "2018-04-03T02:49:50.000+0000" }, { "id": "436217", "author": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~jquick] Thanks for all of your hard work, I can confirm that workaround fixes the issue.\r\nAlso, it will work with a self-signed certificate.\r\n\r\nThanks\r\nMartin", "updateAuthor": { "name": "anvil_martin", "key": "anvil_martin", "displayName": "Martin Williamson", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-04-03T10:00:13.000+0000", "updated": "2018-04-03T10:00:13.000+0000" }, { "id": "436246", "author": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "body": "[~turbomonkey], the HTML content from your URL is triggering the same Google hardware acceleration bug [~marchief] ran into. I've confirmed that adding a border to the {{WebView}} will make it shows its content. Have a look at my code example above.", "updateAuthor": { "name": "jquick", "key": "jquick", "displayName": "Joshua Quick", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-04-03T17:40:08.000+0000", "updated": "2018-04-03T17:40:08.000+0000" }, { "id": "436281", "author": { "name": "turbomonkey", "key": "turbomonkey", "displayName": "Brian burns", "active": true, "timeZone": "America/New_York" }, "body": "[~jquick] the workaround works for me as well. Thanks for figuring it out and sharing!", "updateAuthor": { "name": "turbomonkey", "key": "turbomonkey", "displayName": "Brian burns", "active": true, "timeZone": "America/New_York" }, "created": "2018-04-04T13:55:14.000+0000", "updated": "2018-04-04T13:55:14.000+0000" }, { "id": "439016", "author": { "name": "smohammed", "key": "smohammed", "displayName": "Samir Mohammed", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Closing ticket, as suggested above.", "updateAuthor": { "name": "smohammed", "key": "smohammed", "displayName": "Samir Mohammed", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2018-07-05T17:38:40.000+0000", "updated": "2018-07-05T17:38:40.000+0000" } ], "maxResults": 62, "total": 62, "startAt": 0 } } }