Skip to main content
Support
PlatformSign in

KB Article #177834

Application blocked by the java security on client side when service pack SP14 or later is installed because JAR-Resources in JNLP-File are not signed by same certificate

Problem

Starting with SP14, all contained jars are signed using the latest Axway Certificate 2015-2017 SHA256 (see article https://support.axway.com/kb/177821/language/en for more details)
except Enttoolkit.jar. This Enttoolkit library comes from Entrust and it cannot be signed by Axway because there is an internal/self-check verification mechanism.

In case the Composer url is not specified in the in Java exception site list such blocking error is observed in java popup:

"Your security settings have blocked a self-signed application from running."
"Vos paramètres de sécurité ont bloqué l' exécution d' une application auto-signée."

The detail is:

at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
at com.sun.javaws.Launcher.prepareResources(Unknown Source)
at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
at com.sun.javaws.Launcher.launch(Unknown Source)
at com.sun.javaws.Main.launchApp(Unknown Source)
at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
at com.sun.javaws.Main.access0(Unknown Source)
at com.sun.javaws.Main$1.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)



Resolution

Enttolkit library is used by Composer when configured with FIPS. So if the FIPS option is not used for your installation , there are two ways to avoid this error:
Add Composer web address to Java exception list on client side
Or
In case you cannot add Composer web address to Java exception list you must comment the additional extension in this file composer/composer/web/Composer.jnlp.xml
as follows:

<!-- Extensions -->
<extension name="Client exit librairies" href="jnlp/ClientExitLibraries.jnlp"/>
<!-- extension name="Enttoolkit library" href="jnlp/EnttoolkitLibrary.jnlp"/ --> <!—Comment this one -- >


Then restart Composer, clean the java cache on client side before trying to connect to the Composer interface.

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.