BankID applet fails in Chromium with icedtea plugin

Asked by pietro

Almost all Norwegian Internet banks rely on a set of Java applets from BankID (www.bankid.no). These applets worked flawless on previous versions of Ubuntu using sun-java6-jre and sun-java6-plugin packages. After upgrade to Ubuntu Oneiric 11.10 the sun-java6 packages seems to have been replaced with OpenJDK and Icedtea plugin. This combination now seems to fail to run some of the BankID applets, at least the signing applet but also occationally the logon applet. What happens is that the input field for socialsecurity number or personal login code occationally fails to accept any input.

The applet may be tried at https://www.bankid.no/Hjelp-og-nyttige-verktoy/Nyttige-verktoy/Test-din-BankID/
You have to enter a valid 11 digit social security number ("fødselsnummer" in Norwegian) but the applet occationally doesn't accept input.

I would argue that this is caused by a bug in Icedtea as it worked flawlessly in 11.04 with sun-java6. Anyone disagrees before I submit a bug report ?

Question information

Revision history for this message
Jacobsallan (jacobsallan) said :
#1

The browser error console reports
www.bankid.no : server does not support RFC 5746, see CVE-2009-3555
activation1.bankid.no : server does not support RFC 5746, see CVE-2009-3555

http://support.mozilla.com/en-US/questions/746438 and http://support.mozilla.com/en-US/questions/746438#answer-29723 discuss this problem.

It looks like there is a regression in Icedtea.

Revision history for this message
Jacobsallan (jacobsallan) said :
#2

File a bug. The workaround is to download Java from Oracle.

Revision history for this message
Eliah Kagan (degeneracypressure) said :
#3

Before reporting this bug, if you have not done so already, please read https://help.ubuntu.com/community/ReportingBugs carefully.

Revision history for this message
VS (storvann) said :
#4

I am experiencing this problem too. The easiest way to reproduce the issue is to (in firefox) go to https://www.bankid.no/Hjelp-og-nyttige-verktoy/Nyttige-verktoy/Test-din-BankID/, wait for the plugin to load and then refresh the page. Keyboard input will no longer be accepted.

To me, this seems like a bug in icedtea.

sun-java6 used to do be like this too (a few years ago,) but that seems to be fixed now.

Revision history for this message
Marius B. Kotsbak (mariusko) said :
#5

pietro: I just removed the bug link since I found an duplicate report :) I posted a workaround there btw. Anyway, let's hope they soon discovers that Bank ID is just security by obscurity, and now even pose a security threath itself because of Oracles refusal to let Ubuntu distribute it.

Revision history for this message
pietro (per-weisteen) said :
#6

Ok. I'll remove the link :-)

Revision history for this message
pietro (per-weisteen) said :
#7

I believe this issue is resolved in Ubuntu 12.04 with Icedtea plugin 1.2.
We'll await for the https://bugs.launchpad.net/bugs/925653 to be closed and then I'll mark this as resolved too.

Revision history for this message
Marius B. Kotsbak (mariusko) said :
#8

The solution is to upgrade to the latest Ubuntu (Precise/12.04) and use Firefox.

It seems like it is now not possible to use Bank ID stable in Chromium because of this bug:

https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/755036

Can you help with this problem?

Provide an answer of your own, or ask pietro for more information if necessary.

To post a message you must log in.