How to enable SecureLogin with a standalone Java application

  • 7008769
  • 09-Jun-2011
  • 21-Mar-2017

Environment

Novell SecureLogin 7.x
NetIQ SecureLogin 8.x

Situation

A standalone JAVA application is defined here as an application that does not rely on the system installed Java Runtime Environment. Instead the application includes it's own JRE which will be invoked when the application is executed. When NSL is installed on a workstation the installation program will attempt to locate and modify the system wide JRE, typically found in the path of \Program Files\Java. Programs that contain their own JRE will not be found by the installation routine and will not be modified to interact with SecureLogin. The purpose of this TID is to provide information on how to manually configure the components necessary to enable NSL interaction with the standalone JRE when invoked.

Resolution

The JRE for the system or any standalone Jave application will consist of the folders bin and lib. In the bin folder you should find the JRE executables such as java.exe and javaw.exe. The lib folder will contain the Java libraries (jar files) and support/configuration modules. NSL will modify the contents of the JRE's lib folder.
 
For example the system wide JRE version 6 would be located in the path of:
c:\Program Files\Java\jre6
 
In this folder you should find:
c:\Program Files\Java\jre6\bin
c:\Program Files\Java\jre6\lib
 
The challenge to enabling a standalone Java application, is locating the Java components within the NSL distribution.
 
The easiest method is to install NSL on a workstation where the system wide JRE has been installed. When the NSL installation completes the files necessary to enable the standalone Java application will be located within the installed JRE path of c:\Program Files\Java\jre6\lib.
 
Another option is to extract the NSL MSI package using msiexec with the syntax:
msiexec /a PathToMSIFile /qb TARGETDIR=DirectoryToExtractTo
 
Another option is to use a tool similar to "LessMSIerables" which is a GUI utility for Windows that allows you to browse MSI packages and extract their content.
 
To enable a standalone Java application locate the lib folder of the applications JRE and make the following modifications.
 
You can simply copy over the following properties file from the modified system JRE in the path specified above or
create/modify the file "accessibility.properties" with the following line:
assistive_technologies=com.actividentity.sso.javasso.awt_swing.JavaSSOHook
 
Copy over the following properties file from the modified system JRE in the path specified above or create/modify the file "awt.properties" with the following line:
AWT.assistive_technologies=com.actividentity.sso.javasso.awt_swing.JavaSSOHook
 
These properties files will instruct the JRE to load the NSL components necessary to interface (hook into) with SecureLogin.
 
Finally we would need to copy the necessary Java libraries to the applications JRE.
 
Copy the files jaccess.jar, javasso.jar, and xbean.jar to the lib\ext folder.
 
For example:
c:\Program Files\Java\jre6\lib\ext
 
After these modifications have been made you must restart the application so that it invokes a new instance of the JRE. When the applications JRE loads it will load the libraries contained in the lib\ext folder. It will then process the properties files. The entries in the properties files will instruct the JRE what specific NSL function to call. When the NSL function is called the cooresponding NSL Java component will notify the NSL broker module with the correct events and information to interact with the Java application.

Additional Information

Note that most documentation will point you to the following registry key and value.
HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin\JavaSSO
JREInstallDir              REG_SZ              c:\Program Files\Java\jre6
 
Note that the value should reflect the path to the system wide JRE. This registry key is automatically set by the NSL client when it loads and initializes on the workstation. Since the applications JRE is not running during this process then this registry key is not updated. You could add this path to the registry key but you would find that upon the next load of NSL the key is set back to it's original value (application JRE path removed). This is not a problem since the JRE will load the appropriate libraries at load time. The NSL client itself doesn't rely on this registry key to interact with the JRE. It is just informational to show what JRE's were found during initialization only.