Keychain is not getting opened after unlock when system.login.screensaver is updated to use authenticate-session-owner-or-admin

There’s a known bug with authorisation plug-ins where, when unlocking from the screen saver context, it fails to unlock the data protection keychain (FB13128730). I’m not aware of a good workaround.

I’m not 100% sure that this is the cause of the specific behaviour you’re seeing. While that seems likely, I think it’d be reasonable for you to file a new bug about your specific issue. I recommend that you reproduce this with a small test project, rather than your main product, and then attach the test project to your bug report. That’ll make it clear that this is nothing to do with your main product [1].

Please post your bug number, just for the record.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Or, if you can’t reproduce this with a test project, that’ll give you something to investigate (-:

Thank you Quinn,

Here is the bug number FB19544589 (Keychain is not getting opened after unlock when system.login.screensaver is updated to use authenticate-session-owner-or-admin)

Thank you very much for a quick response. I see you have already mentioned, "I’m not aware of a good workaround."

Here are the steps to reproduce with Mac provided settings:-

We modified the system.login.screensaver configuration to switch from the modern UI to the legacy UI method in order to support our custom SFAuthorizationPluginView.

Specifically, we replaced use-login-window-ui with authenticate-session-owner-or-admin.

Note: without our custom SFAuthorizationPluginView integration

After this change, attempting to launch Keychain access app triggers two consecutive password prompts, and the application fails to launch.

This issue is occurring with the released version of our agent, we would end up more support calls.

Again, checking if there are any suggestions, this was completely broken in unlock the screen flow with legacy UI configuration authenticate-session-owner-or-admin.

Any tentative release plans to get a fix for FB13128730

Any help would be highly appreciated.

Here is the bug number FB19544589

Ta!

Any tentative release plans to get a fix for FB13128730

I have no info to share on that front.

Something really messed up with the comment window when I added a comment.

Yeah. I generally recommend that you reply as a reply, rather than in the comments; see Quinn’s Top Ten DevForums Tips for this and other titbits.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thank you for your response.

We would greatly appreciate it if you could provide any recommendations, along with details(high-level) on the potential impacts of this issue.

This information will help us prepare and include an appropriate advisory in the released version and upcoming releases.

could [you] provide any recommendations, along with details (high-level) on the potential impacts of this issue

I’ve never done a detailed analysis of all the problems that this can cause.

I will say that the impact is getting worse as more system components and apps lean in to the data protection keychain )-:

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"