Scott_Owens

NEW JAVA SECURITY REQUIREMENTS IMPACT PAM

Discussion created by Scott_Owens Employee on Jan 24, 2014

Starting with Oracle Java 7 update 51 new security requirements are implemented which affect Rich Internet Applications such as CA Process Automation (PAM).   The effect of this is that once the new version of Java is installed, Browser based installation of CA Process Automation Agents, non-domain Orchestrators or Orchestrator cluster nodes will be blocked.  In addition launching of the CA Process Automation 3.1 SP01 Java CA Process Automation Client will be blocked unless the Domain Orchestrator is added as an exception to the new security requirements.

All versions of CA Process Automation are affected.

To address this for CA Process Automation, follow the instructions provided by Oracle under "Adding a site to the Exception Site List" at https://blogs.oracle.com/java-platform-group/entry/upcoming_exception_site_list_in.  Use http[s]://<domain_orchestrator>:<port>/ as the URL for the RIA, and where <domain_orchestrator> is the fully qualified domain name used to access your Domain Orchestrator, and <port> is the port used (typically 8080 for PAM configured in a non-SSL configurations (http), and 8443 for PAM configure to use SSL (https)).

For example if you access your Domain Orchestrator through https://MyServer:8443/itpam, you would specify https://MyServer:8443/ as the URL for your RIA, making sure not to forget the trailing "/".

Adding CA Process Automation as an exception to the new security requirements is envisioned as a short term work around being made available for early adopters of Oracle Java 7 update 51 and later, and CA Technologies is preparing patches for CA Process Automation which will remove the need for this work-around.

Outcomes