-
Bug
-
Resolution: Incomplete
-
P3
-
None
-
7u9
-
windows_7
FULL PRODUCT VERSION :
java version " 1.7.0_09 "
Java(TM) SE Runtime Environment (build 1.7.0_09-b05)
Java HotSpot(TM) 64-Bit Server VM (build 23.5-b02, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Windows 7 Enterprise x64
EXTRA RELEVANT SYSTEM CONFIGURATION :
Internet Explorer 8.0.7600.16385
Proxy server configured in IE via an auto config pac file
Java is configured to " use browser settings "
Proxy server requires (Windows) authentication
A DESCRIPTION OF THE PROBLEM :
When accessing Java-enabled sites on the internet, Java is prompting for proxy credentials. (e.g. this site http://www.java.com/en/download/installed.jsp )
Problem does not exist in Java 6u35
REGRESSION. Last worked in version 6u31
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Configure IE to use auto-config PAC file
Configure a proxy server that requires NTLM authentication
Configure Java to use the browser's network settings
Access the Java test site on the Internet
A credential prompt appears
The site works no matter if the credential prompt is cancelled or logon details are entered.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No authentication prompt - should use silently use integrated authentication.
ACTUAL -
" Authentication Required " prompt asking for user name and password (authentication scheme: Unknown)
ERROR MESSAGES/STACK TRACES THAT OCCUR :
No error appears after the password prompt for all three of the following scenarios:
-Cancel button is pressed
-Bogus credentials are entered
-Real credentials are entered
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
http://www.java.com/en/download/installed.jsp
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Saving credentials in Java by ticking the box is not an option as this results in account lockouts after the person next changes their password.
The Cancel button appears to be a way forward, but results in account lockouts. Customer calls to Service Desk are costing downtime & effort.
Negative impact has resulted in senior management deciding to roll back the deployment of Java 7 in my enterprise and revert to using 6. Very concerned that time is running out to address this issue before Java 6 goes end of life in Feb 2013, and security updates stop.
java version " 1.7.0_09 "
Java(TM) SE Runtime Environment (build 1.7.0_09-b05)
Java HotSpot(TM) 64-Bit Server VM (build 23.5-b02, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Windows 7 Enterprise x64
EXTRA RELEVANT SYSTEM CONFIGURATION :
Internet Explorer 8.0.7600.16385
Proxy server configured in IE via an auto config pac file
Java is configured to " use browser settings "
Proxy server requires (Windows) authentication
A DESCRIPTION OF THE PROBLEM :
When accessing Java-enabled sites on the internet, Java is prompting for proxy credentials. (e.g. this site http://www.java.com/en/download/installed.jsp )
Problem does not exist in Java 6u35
REGRESSION. Last worked in version 6u31
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Configure IE to use auto-config PAC file
Configure a proxy server that requires NTLM authentication
Configure Java to use the browser's network settings
Access the Java test site on the Internet
A credential prompt appears
The site works no matter if the credential prompt is cancelled or logon details are entered.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No authentication prompt - should use silently use integrated authentication.
ACTUAL -
" Authentication Required " prompt asking for user name and password (authentication scheme: Unknown)
ERROR MESSAGES/STACK TRACES THAT OCCUR :
No error appears after the password prompt for all three of the following scenarios:
-Cancel button is pressed
-Bogus credentials are entered
-Real credentials are entered
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
http://www.java.com/en/download/installed.jsp
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Saving credentials in Java by ticking the box is not an option as this results in account lockouts after the person next changes their password.
The Cancel button appears to be a way forward, but results in account lockouts. Customer calls to Service Desk are costing downtime & effort.
Negative impact has resulted in senior management deciding to roll back the deployment of Java 7 in my enterprise and revert to using 6. Very concerned that time is running out to address this issue before Java 6 goes end of life in Feb 2013, and security updates stop.