Issues with SecureAuth IdP Java Applets Running 7u25, 7u40, 7u45
Issue
On end-user workstations running JRE 7u45, the SecureAuth IdP Java applet may not execute under Java's default security settings. When monitored on the console, the message "security: LiveConnect (JavaScript) blocked due to security settings." appears when the SecureAuth IdP Java applet runs.
Applies to
This issue affects workstations running JRE 7u25, 7u40, and 7u45 in an environment with the following specifications
SecureAuth IdP Version | OS Version |
|---|---|
7.x+ (see Disclaimer) |
|
Note
Disclaimer
As of May 2015, SecureAuth IdP appliances began supporting Java Version 8, starting with Version 8u25
See the Java section of the SecureAuth Compatibility Guide for supported versions of Java
Cause
The SecureAuth IdP Java applet uses the Java LiveConnect functionality to interact with JavaScript elements on the page. With the release of JRE 7u45, JRE 7u25 and 7u40 were driven beneath the security baseline, causing inbound calls to LiveConnect to be untrusted and therefore blocked.
Resolution
This issue was resolved with the release of JRE 7u51 in January 2014 which treats all inbound LiveConnect calls from the SecureAuth IdP Java applet as being trusted, even when the JRE falls below the security baseline.
If running JRE 7u25, 7u40 or 7u45, download the latest manual install from Oracle
Tip
Whenever possible, always use the latest supported version of Java from Oracle which has the most up to date security and bug fixes
Or contact SecureAuth Support for information about using Device Fingerprinting.
References
See the following Oracle documentation for more information