FULL PRODUCT VERSION :
1.8.0.60
ADDITIONAL OS VERSION INFORMATION :
Windows 7 / Windows 8.1 32-bit or 64-bit
EXTRA RELEVANT SYSTEM CONFIGURATION :
Tomcat 7.0.60, configured HTTPS with SSL client authentication required
A DESCRIPTION OF THE PROBLEM :
Calling a JNLP via javaws
Smartcard with 3 certificates (for authentication, signing and encryption) on the card connected via a Smartcard middlware (different card types and different middlewares tested with same result)
The smartcard middleware propagates the certificates via CSP successfully to the Windows certificate store.
The certifcates all have the same common name.
Calling a website on that tomcat via Internet Explorer works fine, all relevant certificates are displayed and can be selected for Client authentication.
Issue with java:
Calling in the same environment a JNLP page via Java Web Start, the Java Certificate Popup comes up. Java displays 3 certificates but refers always to the first certificate on the card (verified by the certificate serial number – I can click into the details of all 3 certificates and get always presented the first certificate). It seems that if the first certificate on the card is no login certificate, I do not get a certificate presented in the popup at all.
As soon as the certificates have different Common names, the login seems to work, so obviously there seems to be a bug in Java, so that certificate based login is not possible as soon as a CN is used multiple times.
Hint: Friendly name is also not set/ not possible to set via windows CSP smartcard propagation. As soon as a friendly name is set manually it also works (which is not an option in a production environment)
REGRESSION. Last worked in version 8u45
ADDITIONAL REGRESSION INFORMATION:
It properly worked in 1.8.0_40-b26.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
See description
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Java popup should show all certificates instead of one single three times.
ACTUAL -
Java popup shows three certificates, which however all reference to the first certificate on the card.
REPRODUCIBILITY :
This bug can be reproduced always.
1.8.0.60
ADDITIONAL OS VERSION INFORMATION :
Windows 7 / Windows 8.1 32-bit or 64-bit
EXTRA RELEVANT SYSTEM CONFIGURATION :
Tomcat 7.0.60, configured HTTPS with SSL client authentication required
A DESCRIPTION OF THE PROBLEM :
Calling a JNLP via javaws
Smartcard with 3 certificates (for authentication, signing and encryption) on the card connected via a Smartcard middlware (different card types and different middlewares tested with same result)
The smartcard middleware propagates the certificates via CSP successfully to the Windows certificate store.
The certifcates all have the same common name.
Calling a website on that tomcat via Internet Explorer works fine, all relevant certificates are displayed and can be selected for Client authentication.
Issue with java:
Calling in the same environment a JNLP page via Java Web Start, the Java Certificate Popup comes up. Java displays 3 certificates but refers always to the first certificate on the card (verified by the certificate serial number – I can click into the details of all 3 certificates and get always presented the first certificate). It seems that if the first certificate on the card is no login certificate, I do not get a certificate presented in the popup at all.
As soon as the certificates have different Common names, the login seems to work, so obviously there seems to be a bug in Java, so that certificate based login is not possible as soon as a CN is used multiple times.
Hint: Friendly name is also not set/ not possible to set via windows CSP smartcard propagation. As soon as a friendly name is set manually it also works (which is not an option in a production environment)
REGRESSION. Last worked in version 8u45
ADDITIONAL REGRESSION INFORMATION:
It properly worked in 1.8.0_40-b26.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
See description
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Java popup should show all certificates instead of one single three times.
ACTUAL -
Java popup shows three certificates, which however all reference to the first certificate on the card.
REPRODUCIBILITY :
This bug can be reproduced always.
- duplicates
-
JDK-6483657 MSCAPI provider does not create unique alias names
-
- Resolved
-
- relates to
-
-
- Closed
-