Second authentication screen - Java authentication popup

Friday, 25 November 2011 15:59

Contents
Java authentication popup.
Description:
java_auth
Summary/Sympthoms

 

When the user tries to open an HTML page containing the applet, there can be the following scenarios:

  1. The applet fails to load. We’re getting a ‘red cross’ screen. All the HTML elements except of the applet are loaded OK. From the IIS log we can see that the loading of the JAR file failed with the error code 401, the user name field in the log for the JAR is empty.
  2. The java asks for the user name and password showing a popup ‘Authentication required’. At this moment we can see the following message in the Java console:

network: Firewall authentication: site=/XX.XX.XX.XX:XX, protocol=http, prompt=, scheme=ntlm

If the user enters the correct credentials, the applet loads OK.

Even if the user checks the ‘Save the password in your password list’ checkbox, Java continues to ask for credentials on every page reload. I

t’s worth to note that the company’s external firewall doesn’t get any requests from the applet.

The problems happen even when the client and the server are located on the same machine, but never happens when we use localhost as the server name in the page URL.
Resolution

During investigations we found out the following workarounds:

  1. Enabling anonymous authentication on the virtual folder always solves the problem, but not always suitable for organization.
  2. Sometimes, changing security zone from ‘Trusted’ to ‘Local intranet’ solves the scenario 2 (‘Authentication required’ popup) problem. It’s worth to note that changing the security zone never helps if the page URL contains dots (for example, uses IP address instead the server name).
  3. Upgrading to IE9 solves the scenario 2 problem partly: Java asks for the credentials only once.

 

After further investigation, we released a workaround hotfix that resolves the problem but leaves the Windows authentication on NovaView application. 

Download Hotfix

The hotfix resolves a problem of second authentication screen that thrown by Sun Java after the user logs into NovaView Web access or Dashboard web client:

 

Instructions to apply the hotfix:

 

For Windows server  2003 (IIS 6)

 

  1. Unzip the JavaAuthenticationHF.zip and use the hotfix in JavaHf2003 folder
  2. Install the hotfix by clicking on HFDotNet2.exe

The hotfix will create needed backup files

  1. Open IIS and perform the change described in step 3 in readme.txt file
  2. Restart IIS

 

For For Windows server  2008 (IIS 7)

 

  1. Unzip the JavaAuthenticationHF.zip and use the hotfix in JavaHf2008 folder
  2. Install the hotfix by clicking on HF.exe
  3. 3. Restart IIS

 

The hotfix is fully reversible so that if any wrong behavior occurs, you may bring back the old file version by running the HFUnInstDotNet2.exe (for server 2003) or HFUninstall.exe (for server 2008)

 

It's recommended to clear Sun Java cache and cookies on all affected stations before testing.
Version
  • Not NovaView related, happens in Sun Java 1.6
< Prev   Next >
 
Free business joomla templates