Skip to main content

SecureAuth IdP Java Troubleshooting

Introduction

This article discusses the supported Java versions for SecureAuth IdP and basic troubleshooting techniques to resolve Java-related issues.

Applies to

SecureAuth IdP Version

OS Version

Java Version

6.x+

  • Windows Server 2008

  • Windows Server 2008 R2

  • Windows Server 2012

  • Windows Server 2012 R2

Java 7+

Note

Disclaimer

Any link to third-party software available on this page is provided "as is" without warranty of any kind, either expressed or implied. Information about products not made by SecureAuth Corporation is provided for information purposes only and does not constitute SecureAuth Corporation's recommendation or endorsement.

Discussion

JRE Version Support

SecureAuth IdP supports Java 8 for SecureAuth IdP, starting with Java 8u25

If the appliance is running SecureAuth IdP 8.0.1 or later, then full support for Java 8 is and available and no further actions are needed

If the appliance is running SecureAuth IdP 8.0.0 or earlier, then the Java Applet Updater needs to be applied to properly support Java 8

If the appliance is running SecureAuth IdP 5.x – which does not support Java 8 – and Java capabilities are required, then contact Support about upgrading the SecureAuth IdP appliance

NOTE: See the Java section of the SecureAuth compatibility guide for more information about supported SecureAuth IdP versions of Java

Tip

The latest supported version of Java is always the recommended version as it contains feature updates, vulnerability fixes and performance improvements to previous versions

As of October 2016, SecureAuth IdP supports Java SE 8 Update 111 (Java 8u111)

NOTE: If the Java Applet Updater needs to be installed in the SecureAuth IdP environment, contact SecureAuth Support to schedule an appointment with a representative to apply the update

Note

Questions about compatibility with Java and 64-bit Windows systems, are addressed in the Oracle document Which Java download should I choose for my 64-bit Windows operating system?

Browser Support

Google Chrome™ has stopped supporting Java (and other NPAPI Plugins) since September 2015

See the SecureAuth support document Google Chrome Support for Java Enabled SecureAuth IdP Realms for further information on this change

Known Issues

Java 7 Issues

  • Users on Java 7u55 and later receive a security warning when visiting a SecureAuth IdP realm "Allow access to the following application from this web site"

See the support document Java Security Warning: Allow access to the following application from this web site? for further information about this issue

  • Users on Java 7u25, 7u40 and 7u45 may have issues running the SecureAuth IdP applet after the release of Java 7u51

See the article Issues with SecureAuth IdP Java Applets Running 7u25, 7u40, 7u45 for more information

Java Upgrade Issues

  • Users are prompted to upgrade their version of Java to version 8 when accessing a SecureAuth IdP realm

Starting on or after March 18th, 2014 users report that SecureAuth IdP is asking them to upgrade their Java installation to version 8

The upgrade request is being generated by the Java Deployment Toolkit add-on distributed by Oracle

To resolve this issue, SecureAuth recommends disabling or removing the add-on since it is not required for the normal operation of Java

  • Users are prompted to upgrade their version of Java when accessing a SecureAuth IdP realm

See support document Users are Being Prompted for a Java Update for further information

  • Users are prompted to install an outdated version of Java when they visit a SecureAuth IdP realm

See the support document Windows JRE Download Configuration Guide for more information

Other Java Issues

  • Users are redirected to the java.com website when accessing a SecureAuth IdP realm

See the Oracle support document Why do I see the Java Update Needed messages: Your Java version is out of date or Your Java version is insecure? for more information

  • On SecureAuth IdP realms not configured for a Java workflow, and Java Runtime Environment (JRE) is still running when users visit the realm, execute the following steps

Troubleshooting

Use these methods to resolve issues with the Java client and SecureAuth IdP

Basic Java Troubleshooting Tips
Use the Cleancert utility to clear existing certificates

1. Access the cleancert page (https://<appliance IP or FQDN>/<realm number>/cleancert.aspx

e.g. https://company.secureauth.com/SecureAuth0/cleancert.aspx

2. Click Delete All SecureAuth Certs and Delete All Security Files

Verify multiple Java versions are not present on the impacted workstation

Verify the impacted workstation does not have multiple versions of Java installed (Java Control Panel → Java Tab → View)

If multiple Java versions are present, remove outdated versions

64-bit Java

If running the 64-bit version of Java, try using the 32-bit version instead

There have been cases in which issues were found using the 64-bit version which were not found in the 32-bit JRE

The 32-bit version can be run on a 64-bit operating system without issue

Re-install Java Runtime Environment (JRE)

Under certain circumstances, the Java Runtime Environment (JRE) can become corrupted and must be re-installed

To properly re-install the JRE

1. Uninstall Java from the impacted workstation (Windows) (Mac OS X)

2. Reboot the workstation

3. Install Java on the impacted workstation

Tip

If using the online Java installer causes issues, or if the Java installer is inaccessible it due to security restrictions on the network, then download a manual installer from the Offline Installation site provided by Oracle

Verify the Java Applet Updater has been applied

If running a SecureAuth IdP version prior to 7.4, verify the Java Applet Updater has been applied to all appliances in the environment

Contact SecureAuth Support if unsure whether this patch has been applied or if it needs to be installed on SecureAuth IdP appliance(s)

IIS Binding Cert / SSL Termination Point Error

If Java is unable to properly validate the IIS binding certificate, then a Java error appears

Follow these steps to ensure certificate validation is working properly