We experience the following problem in our environment:
If someone opens a website with a java applet on a Windows 7 client (64 bit), a window appears with an authentication request against the proxy server.
The authentication with the correct credentials fails.
On a Windows XP client, the applet loads/starts without any problems.
We currently use Java 6 with Update 23 (32 bit). We also tried the most recent Java 6 Update and Java 7, but this didn't change the behaviour.
Our proxy server is Microsoft ISA 2006. The following authentication methods are configured: Negotiate and NTLM
Our clients use standard settings for authentication.
We tried several things and come to the following conclusion:
Win7 tries to authenticate with NTLMv2, which fails. If we change the authentication method to NTLM (v1), Java can authenticate (with the logged on user) and the problem disappears.
A network trace with NTLMv2 shows the following process:
Java tries to load a web site -> proxy denies and says he needs authentication -> Java sends an NTLM Negotiate -> proxy replies with challenge
But then Java again tries to load a web site without authentication!
The network trace with NTLM (v1) shows the following:
website loading without auth -> proxy denies -> Java sends NTLM Negotiate -> proxy replies with challenge -> Java authenticates
If you want to know more about NTLM authentication go to: http://technet.microsoft.com/es-es/magazine/2006.08.securitywatch%28en-us%29.aspx
Does anyone experience this behaviour in a similar environment?
Does anyone know a solution to this problem, other than changing to NTLM(v1)?
I appreciate your replies.
We are experiencing the same issue you described.
This has only started since testing the Java 7 version.
Windows 7 32 and 64 bit
Proxy is currently Windows ISA 2006
Current user credentials fail and can lock out the account.
I have seen that canceling the open request has actually allowed content to load however.
Same symptoms here, if a user open a page where a java applet want to run, he get a JRE popup what ask authentication. Choosing cancel will run the applet without problem.
- Windows XP SP3
- Internet Explorer 8 and Firefox 13 both
- Java 7u5
- MS ISA 2006
- with or without the ISA client software
Strange thing, with some webpages\applets i get the popup every time when i load the applet (for example when i want to log into an internet banking system what generate an encryption), but with other applets i get the popup only first time (even if i clear browser cache is don't come anymore on that pages).
Yes same issue in our environment.
- Windows XP SP3 desktops
- Windows 7 SP1 x64 Desktop
- Internet Explorer 8
- Proxy is WebMarshal v22.214.171.12449
- NTLM is the only authentication method allowed over port 8080, although I'm not sure which version(s) are allowed.
It seems as though the proxy authentication isn't actually required, because you can just click 'Cancel' when prompted for authentication and the java loads anyway. Weird.
It's certainly preventing us from going to Java 7.
We are using Internet Explorer 7 on Windows XP through a Microsoft ISA Server 2006 firewall to a IIS 6 website using Windows Integrated security.
We tested the lastest version, Java 1.7.0_08 (as downloaded from the link) and at first we thought it would work but we got the authentication pop up window and my colleague and i had their Active Directory account locked (even if we clicked on Cancel) after giving a try.
I also found another thread about this BUG on the Microsoft technet forums: http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/38117764-8576-4503-ad3d-767a3d274726
Oracle changed 7u8-b02 to 7u10: http://www.oracle.com/technetwork/java/java-update-release-numbers-change-1836624.html
1. Ju10b12 is a developer preview release, but I can't find any release notes for it.
2. Current live link to the same bug ID (7184444) is here: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7184444
3. The status of this bug is: Resolved. - Quote "Fixed Versions: 8" as of 26/09/2012
4. Version 8 is not available for general release yet.
There is also a WORKAROUND in the bug ID: "At the java authentication dialog (e.g. the attached negotiate_auth.png), select the "Save this password in your password list" so the the dialog won't popup again after the first time." - Pardon. Save your password!!!
* This is not a very good idea when it is highly likely that this will lock out accounts for companies that force passwords to be reset on a periodic basis!
Can someone from Oracle please clear up this mess and confusion, it would be very much appreciated.
1. Is this fixed in 7u10x?
2. Is this fixed in 8x?
3. Or is this fixed in both?
For us, this issue is not TOTALY fixed with 126.96.36.199.
Indeed, in our company, 188.8.131.52 :
- fixes the issues we had with Intranet applications (they don't ask the authentication anymore)... which is a good progress because at least our employees can work !
- BUT doesn't fixes the issues with Internet sites (such as the java.com page that detects if java is correctly installed).
I've just tried with the preview 13 (jre-7u10-ea-bin-b13-windows-i586-24_oct_2012.exe) ... but it doesn't fix the issue neither.
This is happening with TMG 2010 as well. I cannot use a Beta release as a fix because some web based financial applications list specific Java versions for their application and if the Java version is outside of this list the application will not work.
Come on Oracle, please fix this Java problem in a production release of Java
We are also experiencing this issue.
Windows 7 Enterprise SP1 x64
Internet Explorer 8 (32bit)
Java Version 7 Update 7 originally. Tried Java 7 Update 10 Build 14 and still experience the issue.
Can confirm that Cancel does allow it to run. However we cannot have this dialog appear as it confuses users and results in many help desk calls.
We will have to remain on Java 6 Update 37 (or other soon to be insecure versions) until Oracle completely fixes this issue in a production release.