Handling Okta TLS client-certificate prompt & MFA in Katalon E2E tests

bobby.saputra1 · September 29, 2025, 10:24am

We’re automating E2E flows for an internal app protected by Okta. On first navigation to our tenant, Chrome shows a “Select a certificate” dialog for *.mtls.okta.com (mTLS client auth). This blocks our Katalon tests because the dialog is outside the page DOM.

Environment

Katalon Studio on macOS
Chrome/Edge (Chromium)
Okta sign-in → mTLS to ….. (company domain)
Certificate is issued by our corporate CA and lives in the local device keychain

What happens

When navigating to the app’s SSO URL, the browser displays the native client-cert picker (“Subject / Issuer / Serial”).
Because it’s a native sheet/dialog, Selenium/Katalon can’t click OK or choose a cert via normal WebUI keywords.
What we’ve confirmed
- The certificate in the dialog is fetched from the local device (keychain), not provisioned through the web page.
- This is expected behavior for mutual TLS (mTLS) endpoints.
- WebDriver’s “accept insecure certs” does not apply here (that flag is for server TLS trust, not client-cert selection).
  
  Kindly suggest/recommend any tips on
  
  how to handle and bypass such MFA case, as it is needed to perform as 1:1 testing procedure in the company. There are 2 ways i tried ,
- one is with a personal account which binded with certificate from local device
- Screenshot 2025-09-24 at 10.15.242386×908 73.1 KB
and the second one with dedicated test account which has no ceritificate linked but it is however showing the native pop up from okta that i need to resolve within the automation running. (note: this element is not captured with the tool and popped up from the device)

nghi.phan · September 29, 2025, 2:21pm

May I bring in the experts here to take a look @Monty_Bagati @kazurayam @dineshh

grylion54 · September 29, 2025, 5:02pm

Have you tried to use Robot, like to hit the Enter button:

import java.awt.Robot
import java.awt.event.KeyEvent

Robot robot = new Robot();
robot.keyPress(KeyEvent.VK_ENTER);
robot.keyRelease(KeyEvent.VK_ENTER);

If there is more to what you need to do, then keep looking outside of Katalon forum for other sites that use Selenium and see if they offer something.

Note: You cannot use the mouse or keyboard when you are using the Robot as that is what it is trying to “use”.

dineshh · September 30, 2025, 6:46am

please try grylion54’s suggestion of robot class which would help your case

bobby.saputra1 · November 4, 2025, 11:03am

Thanks for your recommendation, yes i’m able to do it with Robot. Would this work for testcloud execution too? any recommendation how to trigger it on remote execution?

grylion54 · November 4, 2025, 3:38pm

Start another post and put your question out there for others to review. You will have to give more information about what you mean by “how to trigger” because I’m not sure what you have going on.

dineshh · November 16, 2025, 12:21pm

let us know your solution on remote execution

Topic		Replies	Views
Certificate / SSO Bypass to access standard login screen Miscellaneous	8	156	November 3, 2025
Select a certificate to connect to our application Web Testing katalon-studio	11	6413	February 13, 2020
How to handle multifactor authentication by OAuth for a web portal Miscellaneous	3	227	July 23, 2025
Chrome + MacOS - keychain problems Web Testing katalon-studio	1	484	March 10, 2020
How to handle certificate Miscellaneous	1	489	August 8, 2022

Handling Okta TLS client-certificate prompt & MFA in Katalon E2E tests

Related topics