Google Chrome Support for Java Enabled SecureAuth IdP Realms
Introduction
This document discusses changes to the Google Chrome browser which affect Java support.
Applies to
This issue affects workstations running Java 7+ in an environment with the following specifications:
SecureAuth IdP Version | OS Version | Java Version |
|---|---|---|
7.x+ |
| 7+ |
Discussion
Saying "good-bye" to NPAPI in Chrome
Netscape Plugin Application Programming Interface (NPAPI) is a cross-platform plugin architecture in use by many web browsers since 1995, including current versions of Chrome. Google believes the '90s-era architecture used in NPAPI has become a leading cause of hangs, crashes, security incidents, and code complexity. Therefore Chrome will be phasing out NPAPI support in September 2015.
How does this impact Java support in Chrome?
The Java plugin for web browsers uses the NPAPI plugin architecture slated for deprecation in Chrome at the end of 2015. At this time, Oracle has not announced a replacement plugin and is recommending that Java users consider alternatives to Chrome as soon as possible. Starting in September 2015, there will be no available Java support for the Chrome browser from Oracle.
How does this impact Java realms in SecureAuth IdP?
When Google deprecates NPAPI support from Chrome in September 2015, there will be no Java support for the browser. Since a SecureAuth IdP Java workflow requires a JRE, Chrome users will not meet the prerequisites for accessing a Java realm. While some functionality could be offered with the SecureAuth IdP Fallback function, it is not recommended in this use case. See the alternatives section below for best practices.
Alternatives for Java in SecureAuth IdP
SecureAuth recommends that customers looking for alternatives to Java in their SecureAuth IdP environment to reconfigure the Java realm to use Device Fingerprinting. This solution requires no client software to be installed on the user workstation, supports the desktop and mobile version of IE, Chrome, Firefox and Safari, and all information is stored securely on the server-side data store. Contact SecureAuth Support for a consultation on switching the workflows to Device Fingerprinting.