Skip to end of metadata
Go to start of metadata
Symptom

When you attempt to connect to a SecureAuth authentication page you receive the following prompt: "Your Java version is insecure" and prompts you to Update | Block | or Later.

If you choose update, your Java JRE version will be updated to the latest Java version (currently 1.7 Update 21)

IMPORTANT: This version of Java enforces new code signing requirements for java components which may not be met by the SecureAuth Java Applet currently installed and an update may be required.

 

Once Update 1.7 update 21 is installed and All browsers are restarted, attempting to connect to a SecureAuth authentication page will display the following prompt: "Block potentially unsafe components from being run?" prompting you to select "Block" or "Don't Block".

If you select "Block," you will not be able to continue. Select "Don't Block" at this time and contact your company SecureAuth administrator. An update to the Secureauth Java applet is required on the SecureAuth appliance.

Safari Browser

 

Internet Browser

Chrome Broswer

 


Verify your Java version by clicking here.

Cause

Java version 1.7 update 21 enforces new code signing requirements for java components which may not be met by the SecureAuth Java Applet currently installed and an update may be required.

Resolution

Update the Java Applet version on the SecureAuth appliance and configure the authentication realms to use the new applet. This will require users to trust the new Java Applets.

  1. Download and execute this MSI file: Applet Updater.msi
  2. Install to the "D:\MFCAPP_bin" location and click "Next"


  3. Go to "D:\MFCAPP_bin\Applets", run the "System Updater.exe" as an administrator and click "Update"

     

     

     

     

     

     

     



  4. Go to the SysInfo Tab, and select the "Web.config editor" (****This step only applies to versions 6.6.1 and older****)
    1. Once the Editor is loaded, do a search for "InstallCertType" and remove the value so that it is blank, and save. Note: This MUST be done for all of the realms.
      (Ex: Change <add key="InstallCertType" value="1024" /> to <add key="InstallCertType" value="" />)


  5. From the Web Admin Portal, select the "Sysinfo" tab on all authentication realms. Change the following two configuration settings:

Java Applet:

If the "Java Applet:" field currently shows 1.5.3.3 change it to 1.5.3.4
If the "Java Applet:" field currently shows 1.5.4.0 change it to 1.5.4.1 


Java Applet for JRE 7:

If the "Java Applet for JRE 7:" field shows 1.7.3.3 change it to 1.7.3.4
If the "Java Applet for JRE 7:" field shows 1.7.4.0 change it to 1.7.4.1

SA.Applets.zip 

 

 

Labels
  • None
  1. Apr 23, 2013

    Anonymous

    "This will require users to trust the new Java Applets."... After upgrading, users will see the pop up to trust the "new" SecureAuth Applet.  On SA6.5 log in screens the instructions say "If you are prompted to run applet, please check 'Always Trust Content' and click 'RUN'. The wording and the actual picture of the pop-up need to be updated on the SA screen as they don't match the new java pop-up.  There is no "Always trust content" it now says "Do not show this again for apps from  the publicher and location above"

     

  2. Apr 25, 2013

    Anonymous

    After upgrading the SecureAuth server applet and upgrading the end user JAVA version to 7.21, if the webconfig of any of the realms has the value set below, you will may have issues with the log in trying to create the JAVA cert to store.

    <add key="InstallCertType" value="1024" />

    you'll need to remove the 1024.

    <add key="InstallCertType" value="" />

    The newer JAVA (7.21) client software creates certs with key lengths longer than 1024.

  3. Apr 26, 2013

    Anonymous

    Note we had to do the above step (removing the 1024 from web.config) on 6.5.1 as well to make it work seamlessly...  Otherwise we were getting an error.

Write a comment…