I am a US federal employee (non-military). We use Express (not Direct Control) for authenticating to VPN and web sites. I've noticed some odd behavior when trying to use our PIV cards with brand new installs of Mac High Sierra 10.13.6.
The problem is that web browsers (Safari, Chrome, and Firefox) are unable to recognize the Certificates we are trying to pass from our cards. I don't even get a chance to authenticate, just a browser error saying, "no card inserted". But I do see the Certificate in KeyChain Access, and it works for VPN.
What I mean by a brand new install is, a brand new machine out of the box that has high Sierra already on it, and nothing else. I install Centrify Express 5.4.2, and everything works fine except for authenticating in browsers. (Previous versions of express do not work with High Sierra.)
The weird thing is, I have machines that were running older OSs, and after upgrading them to High Sierra, I have no problems. I also have a brand-new machine that I performed a time-machine restore of an old desktop that was running OS El Capitan 10.11. That one worked just fine after upgrading Express to 5.4.2. Both of these types of installs have no problems at all. But if I try to start with a brand new laptop, I cant get browser authentication to work.
To reiterate, I am able to see the card's certificates in KeyChain access, and I am also able to use the card to authenticate to our VPN (we are at a University-infrastructure site and use VPN to access federal websites). So I know I have a functional login, just not for all applications.
I already reviewed a lot of posts on this and other sites, so I have already tried an uninstall, then clearing all the files from /var/db/TokenCache/tokens, and clearing /Library/Security/tokend, then reinstalling.
I can provide any other details or screenshots needed, but first I'm just wondering if anyone else is aware of known issues with 10.13.6 and how to resolve them.
Thanks,
Jerry
Dr. Jerry L. Johnson
Biological Science Laboratory Technician/LITS
USDA-ARS Cereal Disease Laboratory