Select client certificate for authorization in Chrome headless mode - google-chrome

I'm trying to run tests in headless Chrome using Geb. Before enter the page, I have to select client certificate for authentication. How to do this in headless mode?
Robot class not working without UI.
Is there any way to handle certificate selection? I read about policies and AutoSelectCertificateForUrls but I can't find way to load policy from file or set this particular parameter as option/argument (Chrome on Linux).
In PhantomJS there is option to provide certificate as argument but how to do this using Chrome driver?

I had the same problem and ended up running in headful mode instead. There are some stuff required to be installed on the server though to be able to run Selenium in headful mode. I wrote an article on the subject using Selenium with .NET Core in linux with environment setup through docker.
https://sgedda.medium.com/running-selenium-with-chromedriver-together-with-client-certificate-set-in-headful-mode-with-net-a79bde19e472
Dockerfile
https://gist.githubusercontent.com/sgedda/584aa35a0d9162ad24f9cca836266959/raw/1fc0b4e6e8c76b791437bc847b67b2ed676c5d9b/Dockerfile

Related

How to run Chromedriver in Java Selenium in BOTH headless and incognito?

The problem I am trying to solve is to login into a site that has SSO. I will need to login with different credentials at times so I don't want to SSO in. Therefore, I will open up an incognito tab in Chrome so the SSO login popup will show up every time: chromeOptions.addArguments("incognito"); This works fine when I am running not in a headless mode and using Java Robot to input the credentials.
However, when I run this in headless mode: chromeOptions.addArguments("headless"); I am back to square one where I got SSO'd in into my personal account without the manual control of inputting in different credentials. That's not what's happening when I have incognito in non-headless mode.
How exactly do I configure my Chromedriver through Java to be BOTH headless and incognito?
I need headless mode because I need to run this inside a Docker container.

Self signed certificate for communication between local Win10 native app and web app

Background: I have a web app that is accessed via Chrome on a Windows 10 machine.
I also have a native Win10 application installed on the device. The web app sends data to the Win10 application via a local web service running on the machine in IISExpress.
To allow for HTTPS communication on port 44300, I've created a self-signed certificate via PowerShell:
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddMonths(60)
And then imported it to 'Local Computer\Trusted Root Certificates\Certificates'
From within the web app I send a command to the win10 app that looks something like this:
https://localhost:44300/CMTService.svc/JumpToAssignment?Param=Key=418584577
The win10 app is polling for these requests and picks up the message.
Issue:
Different versions of Chrome behave differently with the acceptance of the self-signed certificate. For instance versions 62, 64 and 75 all accept the certificate and allow for communication with the web service. But other versions of Chrome like 76 and 78 block communication. The Security tab in the Chrome DevTools shows https://localhost:44300 as "Unknown / cancelled" and my requests fail with ERR_SSL_CLIENT_AUTH_CERT_NEEDED. Whereas in working versions of Chrome my URL shows under "Secure origins". The only thing that I change is the Chrome version to get these different results.
I've tried enabling the Chrome setting to allow for invalid certs for localhost (chrome://flags/#allow-insecure-localhost). This temporarily works, but then after closing and reopening chrome, my requests start failing again with the same error code.
If I take one of my failing URLs and paste it into a new Chrome tab, suddenly communication with my native app in my web app resumes as normal. But it only works for that session - when I close and reopen Chrome my communication is broken again.
Question:
How do I allow for communication between my Chrome v78 web app and my local native app?
ERR_SSL_CLIENT_AUTH_CERT_NEEDED means the server is asking the browser for a certificate for client authentication.
You've described how you setup server authentication, but not described how you setup client authentication.
Likely you have enabled certificates for client authentication, but have not configured the web app to send the correct client certificate or have not configured the native app to accept the correct client certificate. That's a very open ended topic to be prescriptive without knowing more about your development efforts, but you can confirm if client authentication is enabled by inspecting a packet capture. One description of the handshake is here : https://blogs.technet.microsoft.com/nettracer/2013/12/30/how-it-works-on-the-wire-iis-http-client-certificate-authentication/.
Just an update: I implemented a javascript workaround to get around my communication issues. When first loading the web app, I simply send my first communication to IIS (destined for Win10 native app) in a separate chrome browser tab. For whatever reason this allows for successful acceptance of the certificate and kick starts the communication with IIS. This is my code to send the command in a new tab and then close it:
var inst = window.open(launchWinAppURL);
if (inst != null) {
window.setTimeout(function() {
inst.close();
}, 1000);
}
This is not the most elegant solution, but it seems to work on all chrome versions, so i'm satisfied.
Is the web app only communicating with the one win10 machine? Have you installed the self-signed cert directly to the machine? I would try installing it directly to the machine and see if the later instances of chrome allow communication.

Setting cookies to chrome running in headless mode

I am planning to use chrome.exe to take a png snapshot of a web page.
The web page has references to js files that are served by an application server. Application server needs session cookies to authrize and server the pages.
I could not find any options to pass cookies to chrome.ext.
I have searched in google, but most suggestions are pointing to use selenium web driver. Making use of selenium web driver for chrome is making me choose compatible versions only. I have to frequently update the driver if the chrome version changes. It is not acceptable for my use case.
Executing the command mentioned below using java process builder.
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe " -headless -hide-scrollbars -disable-gpu -screenshot=C:\Users\abc\Desktop\tmp\file1.png C:/Users/abc/test.html
I need a way to pass cookies without using any third party libraries (webdriver, puppeteer etc..)

chrome headless with no ssl error

I want to use chrome headless browser for my FT suite. I don't have ssl certificates on my local machine.
Is there a way to ignore SSL errors. In phantom I just pass following commands: --web-security=no --ssl-protocol=any --ignore-ssl-errors=yes and it works. But phantom is not supporting ES6 so want to try chrome.

Using getUserMedia() on insecure origins in Chrome

I am developing a webpage that uses camera. When I test in Chrome in my local network, camera doesn't work and I get warning in the console:
getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See link for more details.
In the link provided there is an instruction to set some flags in Chrome. So I tried. My command looks like this:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --unsafely-treat-insecure-origin-as-secure="192.168.0.15" --user-data-dir=c:\chrome-dev-profile
But when I run Chrome I get this message:
You are using an unsupported command-line flag: --unsafely-treat-insecure-origin-as-secure. Stability and security will suffer.
What am I doing wrong?
Is there another way I can test in local network without setting up https server? I need this just for development.
Luka,
I've run into this bug just yesterday. I have not found out how to get Chrome to honor that flag on the command line yet. But I did find a workaround that works for my case.
I'm running my web services on a Linux machine that is running an ssh server. I'm testing on windows with chrome, and used putty to connect to the linux box from windows and then created a "local port forward" to make my remote linux box's ipaddress:port appear on localhost:port on windows. Depending on your platform this workaround may work for you. This approach isn't too cumbersome if you only have a few ports to forward.
In my particular case my setting for putty looked like
L8080 localhost:8080
To see more about port forwarding and ssh see: https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding