Skip to main content

Issues with SecureAuth IdP Java Applets Running 7u25, 7u40, 7u45

Issue

On end-user workstations running JRE 7u45, the SecureAuth IdP Java applet may not execute under Java's default security settings. When monitored on the console, the message "security: LiveConnect (JavaScript) blocked due to security settings." appears when the SecureAuth IdP Java applet runs.

Applies to

This issue affects workstations running JRE 7u25, 7u40, and 7u45 in an environment with the following specifications

SecureAuth IdP Version

OS Version

7.x+ (see Disclaimer)

  • Windows Server 2008

  • Windows Server 2008 R2

  • Windows Server 2012

  • Windows Server 2012 R2

Note

Disclaimer

As of May 2015, SecureAuth IdP appliances began supporting Java Version 8, starting with Version 8u25

See the Java section of the SecureAuth Compatibility Guide for supported versions of Java

Cause

The SecureAuth IdP Java applet uses the Java LiveConnect functionality to interact with JavaScript elements on the page. With the release of JRE 7u45, JRE 7u25 and 7u40 were driven beneath the security baseline, causing inbound calls to LiveConnect to be untrusted and therefore blocked.

Resolution

This issue was resolved with the release of JRE 7u51 in January 2014 which treats all inbound LiveConnect calls from the SecureAuth IdP Java applet as being trusted, even when the JRE falls below the security baseline.

If running JRE 7u25, 7u40 or 7u45, download the latest manual install from Oracle

Tip

Whenever possible, always use the latest supported version of Java from Oracle which has the most up to date security and bug fixes

Or contact SecureAuth Support for information about using Device Fingerprinting.

References

See the following Oracle documentation for more information