SecureAuth IdP Java Troubleshooting
Introduction
This article discusses the supported Java versions for SecureAuth IdP and basic troubleshooting techniques to resolve Java-related issues.
Applies to
SecureAuth IdP Version | OS Version | Java Version |
|---|---|---|
6.x+ |
| Java 7+ |
Note
Disclaimer
Any link to third-party software available on this page is provided "as is" without warranty of any kind, either expressed or implied. Information about products not made by SecureAuth Corporation is provided for information purposes only and does not constitute SecureAuth Corporation's recommendation or endorsement.
Discussion
JRE Version Support
SecureAuth IdP supports Java 8 for SecureAuth IdP, starting with Java 8u25
If the appliance is running SecureAuth IdP 8.0.1 or later, then full support for Java 8 is and available and no further actions are needed
If the appliance is running SecureAuth IdP 8.0.0 or earlier, then the Java Applet Updater needs to be applied to properly support Java 8
If the appliance is running SecureAuth IdP 5.x – which does not support Java 8 – and Java capabilities are required, then contact Support about upgrading the SecureAuth IdP appliance
NOTE: See the Java section of the SecureAuth compatibility guide for more information about supported SecureAuth IdP versions of Java
Tip
The latest supported version of Java is always the recommended version as it contains feature updates, vulnerability fixes and performance improvements to previous versions
As of October 2016, SecureAuth IdP supports Java SE 8 Update 111 (Java 8u111)
NOTE: If the Java Applet Updater needs to be installed in the SecureAuth IdP environment, contact SecureAuth Support to schedule an appointment with a representative to apply the update
Note
Questions about compatibility with Java and 64-bit Windows systems, are addressed in the Oracle document Which Java download should I choose for my 64-bit Windows operating system?
Browser Support
Google Chrome™ has stopped supporting Java (and other NPAPI Plugins) since September 2015
See the SecureAuth support document Google Chrome Support for Java Enabled SecureAuth IdP Realms for further information on this change
Known Issues
Java 7 Issues
Users on Java 7u55 and later receive a security warning when visiting a SecureAuth IdP realm "Allow access to the following application from this web site"
See the support document Java Security Warning: Allow access to the following application from this web site? for further information about this issue
Users on Java 7u25, 7u40 and 7u45 may have issues running the SecureAuth IdP applet after the release of Java 7u51
See the article Issues with SecureAuth IdP Java Applets Running 7u25, 7u40, 7u45 for more information
Java Upgrade Issues
Users are prompted to upgrade their version of Java to version 8 when accessing a SecureAuth IdP realm
Starting on or after March 18th, 2014 users report that SecureAuth IdP is asking them to upgrade their Java installation to version 8
The upgrade request is being generated by the Java Deployment Toolkit add-on distributed by Oracle
To resolve this issue, SecureAuth recommends disabling or removing the add-on since it is not required for the normal operation of Java
Users are prompted to upgrade their version of Java when accessing a SecureAuth IdP realm
See support document Users are Being Prompted for a Java Update for further information
Users are prompted to install an outdated version of Java when they visit a SecureAuth IdP realm
See the support document Windows JRE Download Configuration Guide for more information
Other Java Issues
Users are redirected to the java.com website when accessing a SecureAuth IdP realm
See the Oracle support document Why do I see the Java Update Needed messages: Your Java version is out of date or Your Java version is insecure? for more information
On SecureAuth IdP realms not configured for a Java workflow, and Java Runtime Environment (JRE) is still running when users visit the realm, execute the following steps
Troubleshooting
Use these methods to resolve issues with the Java client and SecureAuth IdP
Basic Java Troubleshooting Tips
Use the Cleancert utility to clear existing certificates
1. Access the cleancert page (https://<appliance IP or FQDN>/<realm number>/cleancert.aspx
e.g. https://company.secureauth.com/SecureAuth0/cleancert.aspx
2. Click Delete All SecureAuth Certs and Delete All Security Files
Verify multiple Java versions are not present on the impacted workstation
Verify the impacted workstation does not have multiple versions of Java installed (Java Control Panel → Java Tab → View)
If multiple Java versions are present, remove outdated versions
64-bit Java
If running the 64-bit version of Java, try using the 32-bit version instead
There have been cases in which issues were found using the 64-bit version which were not found in the 32-bit JRE
The 32-bit version can be run on a 64-bit operating system without issue
Re-install Java Runtime Environment (JRE)
Under certain circumstances, the Java Runtime Environment (JRE) can become corrupted and must be re-installed
To properly re-install the JRE
1. Uninstall Java from the impacted workstation (Windows) (Mac OS X)
2. Reboot the workstation
3. Install Java on the impacted workstation
Tip
If using the online Java installer causes issues, or if the Java installer is inaccessible it due to security restrictions on the network, then download a manual installer from the Offline Installation site provided by Oracle
Verify the Java Applet Updater has been applied
If running a SecureAuth IdP version prior to 7.4, verify the Java Applet Updater has been applied to all appliances in the environment
Contact SecureAuth Support if unsure whether this patch has been applied or if it needs to be installed on SecureAuth IdP appliance(s)
IIS Binding Cert / SSL Termination Point Error
If Java is unable to properly validate the IIS binding certificate, then a Java error appears
Follow these steps to ensure certificate validation is working properly