AAA, NAC, Guest Access & BYOD

 View Only
last person joined: one year ago 

Solutions for legacy and existing products and solutions, including Clearpass, CPPM, OnBoard, OnGuard, Guest, QuickConnect, AirGroup, and Introspect
Back to Library

How do I set up a Java policy? 

Jun 30, 2014 08:59 PM

Product and Software: This article applies to all ECS product and software versions.

To use the NAC appliance Administrator user interface, you must have the Java Runtime plug-in (version 1.5x (or later) for Windows and 1.3 (or later) for MAC OS X) installed on your client computer. The plug-in utilizes caching to improve performance of Java applets, and the '.java.policy' file to grant security permissions.

If the '.java.policy' file is not configured properly, when you log on and attempt to access one of the UI options, the UI throws an Access Control exception, displaying an error message to "make the appropriate policy configuration changes".

This solution advises how to configure a Java policy on your client machine to use the NAC appliance Administrator UI.

Requirement
Java Runtime plug-in (version 1.5x (or later) for Windows; 1.3 (or later) for MAC OS or Linux) installed on your client system (download and install it from one of the Java sites (such as www.java.com, or www.filehippo.com).

Configuring the '.java.policy' file
Configure the '.java.policy' file as follows:

1) Open the file browser and navigate to the bin folder:
  • For Windows: C:/Program Files\Java\jre1.5.x\bin
  • For MAC OS: /Library/Java/Home/bin
  • For Linux: $JAVA_HOME/bin
2) Locate and run 'policytool' to display the Policy Tool window.
If a policy file already exists, the path is displayed in the Policy File
field; otherwise, an error message indicates that it cannot find the file
(in this case, click OK to close the error message).

3) Click Add Policy Entry to display the Policy Entry window.

4) In the CodeBase field, enter one of the following:
  • For the 1U platform, type:
    https://<nac-appliance hostname>:8443/-
  • For the 2U or 4U platform, type:
    http://<nac-appliance hostname>:8080/campusMgr/-
Note: The <nac-appliance hostname> of the appliance must be resolvable via DNS or a local <hosts> file entry.
5) Click Add Permission to display the Permissions pop-up.

6) From the Permission drop-down menu, select All Permission, and
click OK, which redisplays the Policy Entry window, listing:
permission java.security.AllPermission;
7) Click Done to redisplay the Policy Tool window, listing:
CodeBase<ALL>
Note: Add a CodeBase for each NAC appliance server that will be connected to.
8) Click File and select Save As from the menu.
Specify the path as follows:
  • For Windows XP: C:\Documents and Settings\<username>\.java.policy
  • For Windows Vista: C:\users\username>\.java.policy
  • For MAC: /Users/<your_user>/.java.policy
  • For Linux: /home/<your_user>/.java.policy

9) Click Save, which displays the Status as successful.

10) Click OK, which displays the policy file path.

11) Close the window.

Note:  When using certain versions of the Java JRE, you may need to add a host entry into the local hosts file on your local machine. An indication that this may be necessary is the repeated timeout while trying to access one of the views from the MAIN view. To add/modify an Entry in a hosts file:

1) Edit the hosts file on your local machine.
  • For Windows: C:\windows\system32\drivers\etc\hosts 
  • For Mac: /etc/hosts
2) Add/modify an entry to point to your NAC Server or NAC Control Server (for application server/control server pair) in this format:
<ip-address> <fully-qualified hostname <abbreviated name>
3) Save your changes.

 

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.