sheridan
IT News

Java Security Warnings and Skillport/Skillsoft Courses

[Apr. 29, 2014] Following recent updates by Oracle to its Java Runtime Environment (JRE) users accessing Sheridan's Skillport online training modules via AccessSheridan may encounter a security warning asking them to allow the website (Skillport) to access and control the Java application. You can safely allow this. Details regarding this issue are highlighted below.

Just a reminder that after May 31, Skillsoft training modules will no longer be available.

We wanted to make you aware of new behavior users may be experiencing since the latest Oracle Java Runtime Envirionment (JRE) updates. After upgrading to JRE versions 1.7.0_55 or 1.8.0_05, users may be seeing the following additional warning message when launching some Java applets:

Skillport Java Warning

This message is due to a change that Oracle made to the Java security model. The user must click Allow, or the applet will be unable to communicate. Additionally, the user may click the Do not show this again for this app and web site checkbox in order to suppress the message on future applet launches.

The caller-allowable-codebase attribute was introduced in an earlier version of JRE 1.7.0 and it allows an applet to specify what domains are allowed to communicate with it. Because our applets may be installed in either Skillsoft-hosted environments or customer/partner-hosted environments, we are unable to specify an explicit list of domains that are allowed to launch our applets. Therefore, we specify the wildcard (*) so that the Player is allowed to communicate with any domain it is launched from. Until JRE 1.7.0_51, this worked fine. However, as of JRE 1.7.0_55 and JRE 1.8.0_05, Java will now prompt the user if an applet attempts to allow wildcard (*) as the value for the caller-allowable-codebase attribute.

Despite our best efforts to test with a pre-release version JRE 1.7.0_60, this new behavior was not discovered until the production versions of the JRE was released. This behavior was also not present in the initial release of JRE 1.8, but was introduced with the latest 1.8.0_05 release.

Skillsoft is investigating ways that we might suppress this additional prompt, but in the meantime, users will be required to click Allow in order for the applet to launch successfully.

We apologize for any confusion or inconvenience this may be causing to your users or your organization.

Regards,
Skillsoft Support