JDK-4885165 : Client authentication using Java Card no longer works in 1.4
  • Type: Enhancement
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 1.4.2_02
  • Priority: P2
  • Status: Closed
  • Resolution: Duplicate
  • OS: generic
  • CPU: generic
  • Submitted: 2003-06-27
  • Updated: 2004-02-10
  • Resolved: 2004-02-10
Related Reports
Duplicate :  
JDK-4480333 - Support IE browser keystore and smart card in Java Plug-in and Java Web Start
Relates :  
JDK-4681247 - REGRESSION: Applet not loaded with JRE1.4 when SSL Client Authentication reqd
Description
1.4 introduced a change in the security model through JAAS.
1.3  relies  on the browser to carry out HTTPS connections, thus enabling the use of Java Card provided the browser has a PKCS 11 module configured. This allows secure authentication using certificates stored on the card as the browser keystore is accessed and can fwd to the card through the PKCS module.

1.4 introduced new security classes to handle the connection and the browser keystore is no longer used. As there are no other way to configure client authentication for Java Card, this is simply no longer possible on JRE 1.4+

One of our partner, ACTIVCARD has released a new version of their middleware across  platforms: Windows, Sun, Linux and Mac OSX and need to support a wide variety of clients (not just 1.3) and at a minimum Netscape and IE.
This is impacting many of our Java Card customers as well and our own Java Badge program.

This lag of functionality in 1.4 makes:
- Usage of certificates hard to deploy as one as to rely on JRE plug in keystore that is hard to manage , especially for large deployments
- Usage of Java Card for client authentication impossible.

This RFE should be executed in 1.5 but we need an intermediate strategy for our customers.
Comments
WORK AROUND No workd around for Java card
11-06-2004
SUGGESTED FIX Could have a mechanism allowing to revert to 1.3 behavior relying on browser security classes . Have an JCE allowing PKCS module connecivity (1.5 route)
11-06-2004
PUBLIC COMMENTS Need a mechanism to leverage Java Card for web client authentication. in 1.4+
10-06-2004
EVALUATION This is fixed in v1.5 as the following RFEs: 4480333 Support IE browser keystores and smart card in Java Plug-in and Java Web Start 4957907 Support Mozilla browser keystores and smart card in Java Plug-in and Java Web Start ###@###.### 2004-02-10
10-02-2004