Comment by dannyw
4 days ago
Why do you say that’s most likely?
This is a common pattern for connecting to smart cards / hardware security devices. Probably a service or hardware that’s run on official CBP machines that should be disabled for prod, but forgot.
This is by far the most likely reason.
I personally use pages that authenticate via a smartcard using this exact scheme.
There is a Java "plugin" that is nothing but a mini webserver that listens on a specific port and performs authentication.