BankID applet fails in Chromium with icedtea plugin

Asked by pietro on 2011-10-25

Almost all Norwegian Internet banks rely on a set of Java applets from BankID (www.bankid.no). These applets worked flawless on previous versions of Ubuntu using sun-java6-jre and sun-java6-plugin packages. After upgrade to Ubuntu Oneiric 11.10 the sun-java6 packages seems to have been replaced with OpenJDK and Icedtea plugin. This combination now seems to fail to run some of the BankID applets, at least the signing applet but also occationally the logon applet. What happens is that the input field for socialsecurity number or personal login code occationally fails to accept any input.

The applet may be tried at https://www.bankid.no/Hjelp-og-nyttige-verktoy/Nyttige-verktoy/Test-din-BankID/
You have to enter a valid 11 digit social security number ("fødselsnummer" in Norwegian) but the applet occationally doesn't accept input.

I would argue that this is caused by a bug in Icedtea as it worked flawlessly in 11.04 with sun-java6. Anyone disagrees before I submit a bug report ?

Question information

Jacobsallan (jacobsallan) said : #1

The browser error console reports
www.bankid.no : server does not support RFC 5746, see CVE-2009-3555
activation1.bankid.no : server does not support RFC 5746, see CVE-2009-3555

http://support.mozilla.com/en-US/questions/746438 and http://support.mozilla.com/en-US/questions/746438#answer-29723 discuss this problem.

It looks like there is a regression in Icedtea.

Jacobsallan (jacobsallan) said : #2

File a bug. The workaround is to download Java from Oracle.

Before reporting this bug, if you have not done so already, please read https://help.ubuntu.com/community/ReportingBugs carefully.

VS (storvann) said : #4

I am experiencing this problem too. The easiest way to reproduce the issue is to (in firefox) go to https://www.bankid.no/Hjelp-og-nyttige-verktoy/Nyttige-verktoy/Test-din-BankID/, wait for the plugin to load and then refresh the page. Keyboard input will no longer be accepted.

To me, this seems like a bug in icedtea.

sun-java6 used to do be like this too (a few years ago,) but that seems to be fixed now.

Marius B. Kotsbak (mariusko) said : #5

pietro: I just removed the bug link since I found an duplicate report :) I posted a workaround there btw. Anyway, let's hope they soon discovers that Bank ID is just security by obscurity, and now even pose a security threath itself because of Oracles refusal to let Ubuntu distribute it.

pietro (per-weisteen) said : #6

Ok. I'll remove the link :-)

pietro (per-weisteen) said : #7

I believe this issue is resolved in Ubuntu 12.04 with Icedtea plugin 1.2.
We'll await for the https://bugs.launchpad.net/bugs/925653 to be closed and then I'll mark this as resolved too.

Marius B. Kotsbak (mariusko) said : #8

The solution is to upgrade to the latest Ubuntu (Precise/12.04) and use Firefox.

It seems like it is now not possible to use Bank ID stable in Chromium because of this bug:

https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/755036

Can you help with this problem?

Provide an answer of your own, or ask pietro for more information if necessary.

To post a message you must log in.