Hope this will save you hours of research on how to use your browser (Chrome/Chromium/Firefox) to load PIV card using Smart Card reader (SCR3310) to do Single Sign-On such as login.gov.
$ sudo apt install libpam-sss
$ sudo apt install opensc-pkcs11
$ sudo apt install pcscd
$ p11-kit list-modules
At this point your card reader will blink and read your card. For my card it reads:
... token: FUHU XIA (Affiliate) manufacturer: piv_II model: PKCS#15 emulated serial-number: [###] ...
For Firefox, remove snap version of Firefox then install the .deb package
$ sudo apt install software-properties-common -y
$ sudo add-apt-repository ppa:mozillateam/ppa
$ sudo apt install firefox-esr
Go to Preferences > Privacy & Security > Certificates > Security Devices, click Load and set the Module Name to CAC Module and module filename to /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so.
We are done with Firefox. Chrome and Chromium need a few additional steps:
$ sudo apt install libnss3-tools
$ modutil -list -dbdir $HOME/.pki/nssdb/
Verify that you see the 1. NSS Internal PKCS #11 Module but not 2. CAC Module in the list:
1. NSS Internal PKCS #11 Module uri: pkcs11:library-manufacturer=Mozilla%20Foundation;... ...
Add CAC module
modutil -dbdir sql:$HOME/.pki/nssdb/ -add "CAC Module" -libfile /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
Verify CAC module is added now:
$ modutil -list -dbdir $HOME/.pki/nssdb/
You should see
1. NSS Internal PKCS #11 Module ... ... 2. CAC Module library name: /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so uri: pkcs11:library-manufacturer=OpenSC%20Project;library-description=OpenSC%20smartcard%20framework;library-version=0.22 slots: 1 slot attached status: loaded slot: SCM Microsystems Inc. SCR 3310 [CCID Interface] (... token: FUHU XIA (Affiliate) ...
References:
It is verified that the same steps work for Ubuntu 24.04.