Unable to use 2FA with local Smartcard Certificate

%3CLINGO-SUB%20id%3D%22lingo-sub-563958%22%20slang%3D%22en-US%22%3EUnable%20to%20use%202FA%20with%20local%20Smartcard%20Certificate%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-563958%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20unable%20to%20use%20my%20local%20Smartcard%20to%20login%20to%20corporate%20websites.%26nbsp%3B%20Instead%20of%20the%20Smartcard%20Pin%20Prompt%2C%20I%20get%20the%20error%20message%20below.%26nbsp%3B%20The%20same%20smartcard%20works%20in%20the%20non-Chromium%20Edge%20and%20IE.%26nbsp%3B%20I%20have%20added%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcertauth.msft.sts.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcertauth.msft.sts.microsoft.com%3C%2FA%3E%26nbsp%3Bto%20the%20trusted%20sites%20list.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22groupMargin%20bigText%22%3EAn%20error%20occurred%3C%2FDIV%3E%3CDIV%20class%3D%22groupMargin%22%3ENo%20valid%20client%20certificate%20found%20in%20the%20request.%20No%20valid%20certificates%20found%20in%20the%20user's%20certificate%20store.%20Please%20try%20again%20choosing%20a%20different%20authentication%20method.%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CUL%3E%3CLI%3EActivity%20ID%3A%2021664ca3-f4c8-4ddb-9eb1-8fe1a193ea18%3C%2FLI%3E%3CLI%3ERelying%20party%3A%20Microsoft%20Federation%20Gateway%3C%2FLI%3E%3CLI%3EError%20time%3A%20Mon%2C%2013%20May%202019%2015%3A17%3A35%20GMT%3C%2FLI%3E%3CLI%3ECookie%3A%20enabled%3C%2FLI%3E%3CLI%3EUser%20agent%20string%3A%20Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F76.0.3782.0%20Safari%2F537.36%20Edg%2F76.0.152.0%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-567164%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20use%202FA%20with%20local%20Smartcard%20Certificate%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-567164%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F341457%22%20target%3D%22_blank%22%3E%40MWardekar%3C%2FA%3E%2C%20thank%20you%20for%20alerting%20us%20to%20this%20issue.%26nbsp%3B%20I%20was%20able%20to%20find%20a%20work%20item%20in%20our%20database%20tracking%20this%20issue%2C%20and%20have%20added%20your%20scenario%20to%20the%20item.%26nbsp%3B%20Thank%20you%20for%20self-hosting%20our%20Insider%20Channels.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1180075%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20use%202FA%20with%20local%20Smartcard%20Certificate%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1180075%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239638%22%20target%3D%22_blank%22%3E%40Elliot%20Kirk%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20still%20happening%20today%20-%20I%20am%20getting%20the%20same%20error%20when%20trying%20to%20use%202FA%20with%20a%20SmartCard.%26nbsp%3B%20The%20same%20exact%20website%20(aka.ms%2Fbenefits)%20works%20fine%20with%20the%20old%20Edge%20and%20I%20get%20prompted%20for%20a%20PIN.%26nbsp%3B%20On%20Chromium%20Edge%2C%20I%20get%20the%20error%20below%20and%20no%20PIN%20prompt.%26nbsp%3B%20This%20is%20now%20a%20fresh%20install%20of%20Windows%2010%20(2%20months%20ago)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22groupMargin%20bigText%22%3EAn%20error%20occurred%3C%2FDIV%3E%3CDIV%20class%3D%22groupMargin%22%3ENo%20valid%20client%20certificate%20found%20in%20the%20request.%20No%20valid%20certificates%20found%20in%20the%20user's%20certificate%20store.%20Please%20try%20again%20choosing%20a%20different%20authentication%20method.%3C%2FDIV%3E%3CDIV%3E%3CDIV%20class%3D%22groupMargin%22%3E%3CA%20href%3D%22https%3A%2F%2Fcertauth.corp.sts.microsoft.com%2Fadfs%2Fcertauth%2FIdpInitiatedSignOn.aspx%2F%3Flogintorp%3Dhttps%3A%2F%2Fbenefits.microsoft.ehr.com%26amp%3BRedirectToIdentityProvider%3DAD%2BAUTHORITY%26amp%3Bclient-request-id%3Da094521f-d6e9-4b93-5f08-0080040000f9%23%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESign%20in%20with%20other%20options%3C%2FA%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcertauth.corp.sts.microsoft.com%2Fadfs%2Fcertauth%2FIdpInitiatedSignOn.aspx%2F%3Flogintorp%3Dhttps%3A%2F%2Fbenefits.microsoft.ehr.com%26amp%3BRedirectToIdentityProvider%3DAD%2BAUTHORITY%26amp%3Bclient-request-id%3Da094521f-d6e9-4b93-5f08-0080040000f9%23%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EError%20details%3C%2FA%3E%3C%2FP%3E%3CUL%20class%3D%22indent%20block%20smallText%22%3E%3CLI%3EActivity%20ID%3A%20a094521f-d6e9-4b93-5f08-0080040000f9%3C%2FLI%3E%3CLI%3ERelying%20party%3A%20HRIT-Health-TWProd%3C%2FLI%3E%3CLI%3EError%20time%3A%20Tue%2C%2018%20Feb%202020%2017%3A17%3A34%20GMT%3C%2FLI%3E%3CLI%3ECookie%3A%20enabled%3C%2FLI%3E%3CLI%3EUser%20agent%20string%3A%20Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F80.0.3987.100%20Safari%2F537.36%20Edg%2F80.0.361.53%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

I am unable to use my local Smartcard to login to corporate websites.  Instead of the Smartcard Pin Prompt, I get the error message below.  The same smartcard works in the non-Chromium Edge and IE.  I have added https://certauth.msft.sts.microsoft.com to the trusted sites list.  

 

An error occurred
No valid client certificate found in the request. No valid certificates found in the user's certificate store. Please try again choosing a different authentication method.
 
  • Activity ID: 21664ca3-f4c8-4ddb-9eb1-8fe1a193ea18
  • Relying party: Microsoft Federation Gateway
  • Error time: Mon, 13 May 2019 15:17:35 GMT
  • Cookie: enabled
  • User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3782.0 Safari/537.36 Edg/76.0.152.0
2 Replies
Highlighted

Hi @MWardekar, thank you for alerting us to this issue.  I was able to find a work item in our database tracking this issue, and have added your scenario to the item.  Thank you for self-hosting our Insider Channels.

Highlighted

@Elliot Kirk 

 

This is still happening today - I am getting the same error when trying to use 2FA with a SmartCard.  The same exact website (aka.ms/benefits) works fine with the old Edge and I get prompted for a PIN.  On Chromium Edge, I get the error below and no PIN prompt.  This is now a fresh install of Windows 10 (2 months ago)

 

An error occurred
No valid client certificate found in the request. No valid certificates found in the user's certificate store. Please try again choosing a different authentication method.

Error details

  • Activity ID: a094521f-d6e9-4b93-5f08-0080040000f9
  • Relying party: HRIT-Health-TWProd
  • Error time: Tue, 18 Feb 2020 17:17:34 GMT
  • Cookie: enabled
  • User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.100 Safari/537.36 Edg/80.0.361.53