Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Java securityexception error on Web VPN

Hello,

I have a problem with my Cisco ASA 5510 Clientless SSL Webvpn.

After Oracle updates its Java Version, our JAVA Webportal ist not completly working.

Our clientless SSL Web Portal is running on a Cisco ASA 5510 with Version 9.1.3.

On this portal we provide the JAVA RDP Plugin and the JAVA Citrix Plugin.

All Java Plugins are working with Java 7 Update 25.

But with the newest Version Java 7 Update 45 it is not working.

It is comming the following Error.

-----------------------------------

"SecurityException"

com.sun.deploy.net.JARSigningException: Unsignierter Eintrag gefunden in Ressource:

https://XXXXXXX/ica/JICA-configN.jar

---------------------------------

XX=our portal-url

Has somebody the same problem?

I need a solution, because we are using this solution for round about 200 User.

Thank you very much.

Florian

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re:Java securityexception error on Web VPN

ASA WebVPN Java Plugins fail after upgrade to Java 7 Update 45
CSCuj88114


Sent from Cisco Technical Support Android App

Re:Java securityexception error on Web VPN

9.1.4 was released on the 9th December which claims to fix this bug.

GTG

Please rate all helpful posts.

Please rate all helpful posts.
43 REPLIES
Super Bronze

Java securityexception error on Web VPN

Hi,

We dont have much use for Clientless VPN environments and I have not been the person responsible for managing them (until now when one of our employees changed employer)

Though we only had reports from a single user and had to resort to changing to Java SE 6 Update 45. Though even then it seemed that Internet Explorer wouldnt work and "had" to use Firefox.

I have personally not run into many problems with Java as I have not managed Clientless VPN environments (until now) and I have never really used ASAs ASDM so usually the quickest choice would be to downgrade.

Though I would really love to have a proper solution to this myself also without resorting to downgrading each time a problem occurs.

In our situation the problematic situation doesnt show the error message that you are seeing each time. We have a bookmark for the user to use initiate RDP session which before changing the Java SE to 6 Update 45 resulted in the WebVPN portal just reloading the portal page without any error message or other output whatsoever.

- Jouni

New Member

Re: Java securityexception error on Web VPN

We are experiencing the same issue with Chrome/FF.  IE seems to be OK.  Java v7 r45 that updated today.  Did anyone find a fix?

Here's the error's details.

Java Plug-in 10.45.2.18

Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM

User home directory = C:\Documents and Settings\name

----------------------------------------------------

----------------------------------------------------

CacheEntry[https://dn/CACHE/sdesktop/install/binaries/instjava.jar]: updateAvailable=false,lastModified=Wed Dec 31 19:00:00 EST 1969,length=117093

Missing Application-Name: manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Permissions manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Codebase manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Application-Name: manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Permissions manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Codebase manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Application-Name: manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Permissions manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Missing Codebase manifest attribute for: https://dn/CACHE/sdesktop/install/binaries/instjava.jar

Tue Oct 22 11:26:52 EDT 2013 Retrieved CSD stub path: C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:52 EDT 2013 CSD stub will be downloaded

Tue Oct 22 11:26:52 EDT 2013 Download url : https://dn/CACHE/sdesktop/hostscan/windows_i386/cstub.exe

Tue Oct 22 11:26:52 EDT 2013 Download path : C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:54 EDT 2013 Downloaded https://dn/CACHE/sdesktop/hostscan/windows_i386/cstub.exe to C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:54 EDT 2013 file signature verification PASS: C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:54 EDT 2013 file signature verification PASS: C:\Documents and Settings\name\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\cstub.exe

Tue Oct 22 11:26:54 EDT 2013 Spawned CSD stub.

New Member

Re: Java securityexception error on Web VPN

Here's my fix:

Install RE v7.025

Remove RE v7.045

Reduce the security level in Java to MED

I hope Cisco gets off of the Java engine soon.

Cisco Employee

Re:Java securityexception error on Web VPN

ASA WebVPN Java Plugins fail after upgrade to Java 7 Update 45
CSCuj88114


Sent from Cisco Technical Support Android App

New Member

Re:Java securityexception error on Web VPN

Mohammed,

Is cisco going to release an update of the RDP plugin. It seems that Cisco do not comply with the requirements of Oracle related to signing the java applets? I'm not sure if I'm right because I do not understand all the java gibberish. All I know it is very anoying ;-)

https://blogs.oracle.com/java-platform-group/entry/updated_security_baseline_7u45_impacts

Re:Java securityexception error on Web VPN

9.1.4 was released on the 9th December which claims to fix this bug.

GTG

Please rate all helpful posts.

Please rate all helpful posts.

Re:Java securityexception error on Web VPN

This bug is now showing as fixed - But not for the latest 9.1(4) software.

GTG

Please rate all helpful posts.

Please rate all helpful posts.
New Member

i'm now running asa 9.2.1

i'm now running asa 9.2.1 still same problem

 

New Member

Re: Java securityexception error on Web VPN

Hi,

I've been having the same issue with users after they upgraded to Java 7 Update 45.

Error states: com.sun.deploy.net.JARSigningException: Found unsigned entry in resource: https://FQDN/+CSCO+guid++/rdp/properJavaRDP14-1.1.jar

I have downloaded the latest Terminal Service Client Plugin for ASA from the download site but that has made no difference.

I have unzipped the jar and remove references to any signing and re-archived the jar file but still not working.

I have set Java security settings to medium but it still does not work.

Has anyone managed to get this working at all?

New Member

Java securityexception error on Web VPN

The workaround posted in the Cisco  Bug is to uncheck the setting "Keep temporary files on my computer"  which is found in the Java Control Panel under the General Tab /  Temporary Internet Files / Settings ...

This workaround has worked for me with Jave 7 Update 45 on both PC and Mac.

New Member

Java securityexception error on Web VPN

David Charlebois wrote:

The workaround posted in the Cisco  Bug is to uncheck the setting "Keep temporary files on my computer"  which is found in the Java Control Panel under the General Tab /  Temporary Internet Files / Settings ...

This workaround has worked for me with Jave 7 Update 45 on both PC and Mac.

Hi David,

Thanks very much that fixed the issue for me as well. I've tested on PC with IE, Firefox and Chrome and can confirm they work as expected.

Regards

David

New Member

Java securityexception error on Web VPN

Can you post the Bug ID?

/hamderdoygaard

New Member

Java securityexception error on Web VPN

CSCuj88114

ASA WebVPN Java Plugins fail after upgrade to Java 7 Update 45
Symptom:
ASA WebVPN Java Plugins fail to load after  upgrade to Java 7 Update 45 with the following General Exception error -  'com.sun.deploy.net.JARSigningException: Found unsigned entry in  resource: https:///+CSCO+xxxxxxxxxxxxxxxxxxxxxxx++/vnc/VncViewer.jar'

Conditions:
Windows or Mac OSX machines using Java 7 Update 45.

Workaround:
1)  Disable the option 'Keep temporary files on my computer' on the Java  Control Panel -> General -> Settings. This works for both Mac OSX  and Windows.

2) Downgrade Java to version 7 Update 40 or below.

Further Problem Description:
New Member

Re:Java securityexception error on Web VPN

Hi,

I see that the status of this bug is fixed. How come that the bug ID is not mentioned in the release notes of the latest 9.1.3 intrim update ? Does the 9.1.3 intrim software update fix this issue ? Or did i overlook something ?

New Member

Re:Java securityexception error on Web VPN

@bart the specific update that mentinoned here is not public released. Maybe that you can obtain the bug fixed versions if you open a TAC case.

New Member

Re:Java securityexception error on Web VPN

Version 8.4(4)1 seems to be affected too.

New Member

Re:Java securityexception error on Web VPN

I would like to inform you that an interim release has been released which contains the fix for the CSCuj88114 bug.

8.4.7.5 à asa847-5-k8.bin

9.1.3.4 à asa913-4-smp-k8.bin

9.1.3.4 àasa913-4-k8.bin

rate if helpfull!

New Member

Re:Java securityexception error on Web VPN

Thank you Sander for the update..

Would you please share 8.4.7-5 interim image to us on priority as we are not finding this image in Cisco.

New Member

Re:Java securityexception error on Web VPN

I think that the files are given to us when opening a TAC case. So I have to advise to do the same.

Jan
New Member

Re:Java securityexception error on Web VPN

Noticed that 8.2 is affected as well.. have an 5590 which is running latest 8.2.5 (46) which shows the same error..

I am unable to upgrade the box to 8.4 as it is missing RAM slots.. (yes there are none soldered on the mainboard - must be one of the first batches.. 1 RAM slot, 3 empty soldiering joints)

New Member

Java securityexception error on Web VPN

Hi Florian,

i face this issue too.

When i start the RDP Plugin i get following "warning":

This  application will be blocked in a future Java security update because  the JAR file maifest does nocht contain the Permissions attribute.  Please contact the Publisher for more information.

I am using ASA Version 9.1.4 but i think the RDP plugin have to be rewritten from Cisco to get this solved.

The version on the cisco website is very old 27-APR-2012.

Please keep us informed if you find a way to supress this warning (at the ASA not the client )

Best Regards

Ayhan

New Member

Java securityexception error on Web VPN

Please follow the steps below:

1) Delete the following files from rdp_09.11.2012.jar:

      properJavaRDP13-1.1.jar

      properJavaRDP12-1.1.jar

      properJavaRDP11-1.1.jar

2) Delete the following statements from "properrdp.html" :

     properJavaRDP13-1.1.jar,properJavaRDP12-1.1.jar,properJavaRDP11-1.1.jar

3) Pack all other files from rdp_09.11.2012 in new .jar

4) Upload new plugin to ASA .

If that did not work, you can always re-download the plugin from the cisco website and upload it.

New Member

Java securityexception error on Web VPN

Hi Sander,

i will give it a try and inform you about the results.

Best Regards

Ayhan

New Member

Java securityexception error on Web VPN

Hi Sander,

i am still getting the Message that permission attribute in manifest.xlm is missing.

Do you know what to set there?

Best Regards

Ayhan

New Member

Java securityexception error on Web VPN

From what I've have understand, Cisco needs to write a new plugin to replace the old Cisco certificate....

Try the one that we have created. It should be the same as the steps that I have posted.

https://www.dropbox.com/s/gtb0ew5v9uiwshm/rdp_plugin_changed.jar

New Member

Re: Java securityexception error on Web VPN

Hi Sander,

thank you very much, but i think this will not work too because the manifest.xml is not containing the required tags for permission handling.

Thats the manifest.xml from your jar file:

  properrdp.html

  rdp

  3389

  csco_rdp

  1.0.2

  Terminal Servers

  Terminal Servers Bookmarks

  icon.gif

 

   

     

      Translation domain for RDP plugin

   

 

 

   

      en

      help/en/index.inc

   

 

 

   

      host

      Host Name

      string

   

 


I would expect to find any of these tags in the manifest.xml to avoid the warning that this application will be blocked in future updates:



I've attached a Screenshot from the Warning to be sure that we both work on the same topic

New Member

Java securityexception error on Web VPN

Yes these warnings are the same. However these steps were e-mailed by Cisco TAC. So i didn't make them myself. From our point the customer still gets errors. With the new software version. We need to wait untill Cisco makes a new RDP plugin.

New Member

Re: Java securityexception error on Web VPN

Many thanks for you investigations.

I have an open TAC-Case and hope the TAC-engineer can get in touch with the dev team

Best Regards

Ayhan

New Member

Re: Java securityexception error on Web VPN

Hi Ayhan,

we have the same problem as you discribe and have found the following workaround for me:

in the java control panel either reduce the security level to 'medium',

or insert your asa-url to the exception list, e.g. https://asa.domain/.

(sorry, we use german language versions here, so I don't know the correct labels for the english version)

We still get the warnings about the obsolet certificate, but can at least start our rdp sessions again.

Hope this helps,

Wolfgang

87990
Views
36
Helpful
43
Replies