I use Chromedriver for an application where 2 factor authentication (2FA) is required at log in. This application allows the use of Trusted Platform Module (TPM) as 2FA. With the normal use of Chrome this works fine. No input is required since Chrome recognizes the hardware automatically because of the TPM. The only thing I had to do is to register my device once as Trusted Platform in this application. However, when I use Chromedriver my computer is not recognized anymore as Trusted Platform and moreover it is not even possible to register a device in the application (this option is grayed out). It seems that Chromedriver disables the use of TPM.
I have looked for a startup option for the Chromedriver to solve this. Nothing found. Furthermore I tried to find an option in the Chrome settings without any result.
Chromedriver disables Trusted Platform Module (TPM)
Moderators: Dorian (MJT support), JRL
- Dorian (MJT support)
- Automation Wizard
- Posts: 1394
- Joined: Sun Nov 03, 2002 3:19 am
- Contact:
Re: Chromedriver disables Trusted Platform Module (TPM)
Our hunch here is that ChromeDriver will not allow selenium to automate a chrome session that requires a hardware security method - for security reasons.
Yes, we have a Custom Scripting Service. Message me or go here
Re: Chromedriver disables Trusted Platform Module (TPM)
Thanks for you quick reply Dorian.
The strange thing is that a Security Key is actually accepted by ChromeDriver as a hardware security method in this application, however this requires a physical push on the button of the Security Key which makes it useless for Robotic Process Automation.
Up till now we could use SMS as 2FA for this application however this is going to be depreciated sone. It is unfortunately not possible to switch off 2FA for this application. All other methods of 2FA requires user interference (QR-scan, push button, NFC contact, PIN-code on mobile phone). It would really be a big issue for us if we can not log in automatically since this needs to be done 30 times per day. I also expects that those kinds of forced 2FA is going to me more normal for other applications since security becomes more and more an issue. The problem would also be solved if I could find a Fido U2F Security Key without the requirement of physical input (i.e. button, finger print). After a thorough Google search I think that those simply do not exist.
The strange thing is that a Security Key is actually accepted by ChromeDriver as a hardware security method in this application, however this requires a physical push on the button of the Security Key which makes it useless for Robotic Process Automation.
Up till now we could use SMS as 2FA for this application however this is going to be depreciated sone. It is unfortunately not possible to switch off 2FA for this application. All other methods of 2FA requires user interference (QR-scan, push button, NFC contact, PIN-code on mobile phone). It would really be a big issue for us if we can not log in automatically since this needs to be done 30 times per day. I also expects that those kinds of forced 2FA is going to me more normal for other applications since security becomes more and more an issue. The problem would also be solved if I could find a Fido U2F Security Key without the requirement of physical input (i.e. button, finger print). After a thorough Google search I think that those simply do not exist.
Re: Chromedriver disables Trusted Platform Module (TPM)
I know nothing about this device. May not work but maybe there's something similar out here that will work. Just a thought.
https://www.amazon.com/Pankia-Physical- ... r=8-1&th=1
https://www.amazon.com/Pankia-Physical- ... r=8-1&th=1
- Grovkillen
- Automation Wizard
- Posts: 1131
- Joined: Fri Aug 10, 2012 2:38 pm
- Location: Bräcke, Sweden
- Contact:
Re: Chromedriver disables Trusted Platform Module (TPM)
If it's a button and you're able to solder some wires onto it you could use a USB HID relay. I've used this approach before:
https://github.com/pavel-a/usb-relay-hid
https://a.aliexpress.com/_EzDyCKd
I've used it to reboot devices during flashing of software (at our company).
As seen here, open up the dongle and you'll find some pcb with short curcuit pads to solder onto: https://core-electronics.com.au/fido-u2 ... urity.html
https://github.com/pavel-a/usb-relay-hid
https://a.aliexpress.com/_EzDyCKd
I've used it to reboot devices during flashing of software (at our company).
As seen here, open up the dongle and you'll find some pcb with short curcuit pads to solder onto: https://core-electronics.com.au/fido-u2 ... urity.html
Re: Chromedriver disables Trusted Platform Module (TPM)
Thanks JRL and Grovkillen for those creative ideas. I still hope someone comes up with a way to use Trusted Platform Module in combination with ChromeDriver since this 2FA does not need any physical interaction.
- Grovkillen
- Automation Wizard
- Posts: 1131
- Joined: Fri Aug 10, 2012 2:38 pm
- Location: Bräcke, Sweden
- Contact:
Re: Chromedriver disables Trusted Platform Module (TPM)
I understand your point but that leaves you playing the waiting game.