United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6963077 6u20: Cert list is empty, but customer is prompted by a JRE dialog to select a cert
JDK-6963077 : 6u20: Cert list is empty, but customer is prompted by a JRE dialog to select a cert

Details
Type:
Enhancement
Submit Date:
2010-06-22
Status:
Closed
Updated Date:
2011-05-02
Project Name:
JDK
Resolved Date:
2010-10-29
Component:
deploy
OS:
generic
Sub-Component:
deployment_toolkit
CPU:
generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
6u20
Fixed Versions:
6u22-rev (b07)

Related Reports
Backport:
Backport:
Backport:
Relates:
Relates:
Relates:

Sub Tasks

Description
The customer uses 6u20 on Windows XP in order to use an applet over a https connection.

Before the applet is fully loaded, a dialog called "Request Authentication" requests the user to select a certificate. However, the cert list is empty and the user cannot select anything. If the user clicks on OK or Cancel on the dialog, the dialog disappears, the applet continues to load and the user can use the applet.
A screenshot has been attached to this report.

The dialog box called "Request Authentication" is from the JRE (see also com.sun.deploy.securityClientCertDialog). The dialog that shows an empty cert list and requests the user to select a cert confuses the users.

                                    

Comments
EVALUATION

I have running the testcase and reproduce the issue which customer encounter.

But this mostly like a configuration issue in customer webserver side, the webserver is setup using client authentication, but even without client certificate installed on client machine, the webserver won't stop loading the page and applet, therefore the Java applet will still runs fine.

To simply testing that, open IE browser, trying to load this URL:
https://qa-cfx.eon-apps.com/eteexdl

You will notice a "Choose a digital certificate" dialog box popup from IE browser (not Java at this point), and this dialog box is empty! click on OK button, the page will still load (by theory it should stop loading the page with error).

Please reconfig the https webserver to disable client authentication, which it didn't need by my understanding.
                                     
2010-06-24
EVALUATION

We do have an option in Java control panel to "Use personal certificate automatically" to hide the popup dialog box, we should be able to change this option to this:

'Don't prompt for client certificate selection if no or only one certificate exists'

as it displayed in IE browser.
                                     
2010-08-30



Hardware and Software, Engineered to Work Together