4 Replies Latest reply on May 28, 2011 8:02 AM by JohnDCCIU

    FileMaker fails to use Keychain record properly during Relogin script step

    JohnDCCIU

      Summary

      FileMaker fails to use Keychain record properly during Relogin script step

      Product

      FileMaker Pro

      Version

      v9, v10 and v11

      Operating system version

      OS X 10.5.x and 10.6.x

      Description of the issue

      FileMaker logins normally work well with the OS X Keychain.  The problem occurs if the Relogin step is used (we use it for automating authentication systems).

      During a relogin, although the user gets a chance to mark the checkbox to store their username and password in the Keychain, and even though it gets successfully stored in the Keychain, subsequent relogins to not successfully populate the relogin authentication dialog with the stored Keychain record.  The relogin authentication dialog is always blank.

      Steps to reproduce the problem

      *  Create a database with two users, a completely unprivileged default user and an admin user

      *  Set the database prefs to autologin using the default unprivileged user

      *  Create a script that does a Relogin script step and set it to appear in the Scripts menu.

      *  Close and reopen the database so that it logs in with the default user.

      *  Run the Relogin script.

      *  Enter the admin user's username and password, and mark the checkbox to store the credentials in the Keychain.

      *  Close the database

      *   Verify that the Keychain now contains the credentials for the database

      *  Open the database again and run the Relogin script

      *  Note that the Relogin authentication dialog is not properly populated with the information from the Keychain record

      Expected result

      The Relogin authentication dialog should be populated with the username and password from the Keychain record.

      Actual result

      The Relogin authentication dialog is empty.

      Exact text of any error message(s) that appear

      NA

      Configuration information

      OS X 10.5 or 10.6 (any version).  Not sure about 10.4 (not tested).
      FileMaker v10 or v11, any subversion.  Not sure about v9 (not tested).

      Workaround

      None

        • 1. Re: FileMaker fails to use Keychain record properly during Relogin script step
          TSGal

          JohnDCCIU:

          Thank you for your post.

          The actions you described is by design.  The Keychain allows you to automatically login to a database file when it is opened; not via a relogin script.  You should instead use a table to store values for a relogin script, and then reference the fields in the relogin script.

          If you had a file that does not have an automatic login, the Keychain value will be used to automatically log in to the file instead of being prompted for the name and password.

          TSGal
          FileMaker, Inc.

          • 2. Re: FileMaker fails to use Keychain record properly during Relogin script step
            JohnDCCIU

            Then that's just improper design, or somebody's copping out on what is actually a bug.  The Keychain is designed to be used for any authentication dialog in the system, and there's no reason that I can think of why it would be limited to an initial login.  If there's a good reason, then I'd be very interested in hearing it.  I highly doubt that there's any good rationale.

            Underscoring my point, the authentication dialog brought up by the ReLogin script step even has the checkbox allowing the user to store the credentials in the Keychain.  If this was truly by design, that checkbox wouldn't be there.

            Storing passwords in tables is by definition insecure and bad practice, so that's not something that FileMaker should be recommending.

            Unless there's a strong rationale why a ReLogin authentication wouldn't respect the system-wide Keychain functionality in OS X, this is a bug that someone doesn't want to admit to.

            • 3. Re: FileMaker fails to use Keychain record properly during Relogin script step
              JohnDCCIU

              Once again:  this "design" is faulty.  It's improper app interaction with the OS.

              They Keychain is for any credentials, anywhere.  There's no excuse for it being limited to when a database is opened.  It's perfectly valid for a Relogin script.

              Please revisit this, as the currently behavior is wrong and the design logic is faulty and not well thought out.

              The points in my previous post also haven't been addressed:  "the authentication dialog brought up by the ReLogin script step even has the checkbox allowing the user to store the credentials in the Keychain.  If this was truly by design, that checkbox wouldn't be there."

              Someone in development is making bogus excuses for bad app behavior instead of fixing behavior bugs.  "That's by design" is the first refuge of a lazy developer.  Probably the same bunch as have been ignoring the Dock-bounce nonsense (http://forums.filemaker.com/posts/ebf9e8ba75).

              • 4. Re: FileMaker fails to use Keychain record properly during Relogin script step
                JohnDCCIU

                We are suffering from this silly and bad design with hundreds of users on a daily basis.  Bumping this to hopefully get an answer; the previous non-answer hasn't addressed why the relogin dialog has a "Store in Keychain" checkbox that is completely ignored by FileMaker:  that's not intentional design, that's a bug.  Please revisit this and ask the developers to make relogins work with the Keychain just as initial logins do (there is no difference between the two from the credentialing perspective: they should act exactly the same).