Any update on this issue? Was anybody able to resolve it? A similar issue on Safari gets resolved by unchecking "Prevent cross-site tracking". We could see cookies shared in request. But on native mac client using WKWebview, there is no way we can do it.

@eskimo

@eskimo any help here

Hi,403 is an expected response. It is just that in one case I see 403 in console output, and in another i get 403 as response in urlsession delegate.It's just that Earlier I get NSURLErrorClientCertificateRequired next time I don't. Also, this behavior is only with catalina. In mojave I get 403 response with any NSError. This behaior is expected.Can it be related to caching of certificate by urlsession? First time it throws auth chalLenge along with NSError and next time it's no auth challenge and no NSError. Just reponse.

Thanks for the reply. I have been looking into this for a while.The certificate is from trusted CA and same as I get in safari.Following the steps with observation:1. Make request2. Auth challenge thrown, and I share certificate identity.3. Request fails with NSURLErrorClientCertificateRequired error, though I can see 403 response in console by enabling CFNETWORK DIAGNOSTICS. 403 is expected in response.4. Make the same request again.5. 403 received in response. (No Authchallenge thrown this time)6. Request completes without any error.I am not able to understand why the above beahvior is observed. Why the response is not received first time when I actually share certificate with auth challenge.

No, there is no localhost between client and server.There are multiple calls to delegate method-(void)URLSession:(NSURLSession *)sessiondidReceiveChallenge:(NSURLAuthenticationChallenge *)challengecompletionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential * _Nullable))completionHandlerBoth kinds of authentication method are received, NSURLAuthenticationMethodServerTrust and NSURLAuthenticationMethodClientCertificate. I share NSURLCredential for both. For NSURLAuthenticationMethodClientCertificate, along with certificate identity, I have tried sharing nil as well as certificate chain for certificate parameter for NSURLCredential. The authentication via smarcard.

Any workaround or fix for the issue? I am getting the same error only on macOS Catalina, it works fine on mojave or lower OS.Even after fetching the error and converting to 403 error and retrying, I am still getting the same "Code=-1206 "The server "..." requires a client certificate"" error.Have verified the certicates and they meet the new requirements for Catalina.