SAP Knowledge Base Article - Public

2075208 - Java 7u45 Upgrade + Security Baseline Increase - Impact on LMS - LMS Technical Bulletin

Symptom

  • This is a bulletin to advise customers who are using client JRE 7.x versions 7u25 and older.  Due to recent changes in the Java Security Model, certain features in applets that make use of the LiveConnect feature will now cease to function.
  • Please note that customers running JRE 6 version are not affected.

Environment

  • Learning

Cause

  • Oracle has introduced a Security Baseline concept by which the JRE would automatically check for latest versions to make sure it is running the most recent secure JRE version.
  • Specifically, our applets will now silently fail for users running a JRE 7 version that is not on the latest JRE 7 update: 7u45.  It is required that the JRE 7 version is updated to 7u45 in order for communication between the LMS application and SCORM content to take place.   Customers running JRE 7 versions older than 7u45 would see issues while running our applets – for example, a user may be able to take a course, but the completion may not be recorded.
  • For systems that are not connected to the Internet, the JRE includes a hardcoded expiry date for the Security Baseline. So now that 7u45 has been released, and since it contains critical security fixes, the JRE Security Baseline has been increased to 7u45. Therefore, for customers on older versions of the JRE 7 (like 7u25, which was released in July), this expiry date has now hit and will now begin failing. 

Resolution

  1. Customers using JRE 7.x should upgrade to the latest version of the JRE: 7u45.  Please note that when upgrading the JRE to 7u45, for existing LMS customers on LMS 1308p11 or prior versions, this will result in a popup message prior to loading the applet (shown below) – the system will function correctly once the popup is accepted and dismissed.  As of 1308p12, metadata changes will be applied to our applet and users will not see the pop ups.

 

When clicking to launch the content object, click “Allow”:

1.jpg

   

 A second Pop-Up will appear; click “Continue”

2.jpg

 

2.  A second solution is for customers to enable the JavaScript communication for SCORM instead of the Java Applet communication which requires the JRE.  To enable JavaScript communication:

  1. On the LMS admin screen, navigate to System Admin >Configuration> System Configuration> LMS_ADMIN (click edit icon).
  2. Set “useJavaScriptScormAPI” to “true -  (useJavaScriptScormAPI=true)
  •  Please note that JavaScript based communication is only available for SCORM 1.2 and SCORM 2004(2nd Edition) version in the 1308 LMS Release.  In the 1311 LMS Release, JavaScript communication will be available for SCORM 2004 4th Edition.

 

How can I check what version of JRE I am running?

 

How do I update to the latest JRE version?

You can upgrade to the latest JRE version by visiting: http://www.java.com and clicking on “Download”

(Please note that any issues upgrading the JRE should be directed to your internal IT department.)

 

Additional information:

 

#1 https://blogs.oracle.com/java-platform-group/entry/updated_security_baseline_7u45_impacts

 

Updated Security Baseline (7u45) impacts Java 7u40 and before with High Security settings

  • By costlow on Oct 16, 2013
  • The Java Security Baseline has been increased from 7u25 to 7u45.  For versions of Java below 7u45, this means unsigned Java applets or Java applets that depend on Javascript LiveConnect calls will be blocked when using the High Security setting in the Java Control Panel.
  • This issue only affects Applets and Web Start applications. It does not affect other types of Java applications.

 

#2 https://blogs.oracle.com/java-platform-group/entry/7u45_caller_allowable_codebase_and

 

7u45 Caller-Allowable-Codebase and Trusted-Library

By costlow on Oct 18, 2013

Java 7 update 45 (October 2013) changed the interactions between JavaScript and Java Applets made through LiveConnect. The 7u45 update is a critical patch update that has also raised the security baseline and users are strongly recommended to upgrade.

 

Keywords

KBA , LOD-SF-LMS , SuccessFactors Learning , Problem

Product

SAP SuccessFactors HCM Core all versions