This cannot/probably should not be done over the web. Hence, there
is a web server running internally, but that service only hands out JNLP files, which run a Java App locally on the client. Therefore, the safer method (albeit much more complicated due to Java issues) is to download the JNLP file and launch the app locally. This page will detail the procedure to do that.
Due to the limitations of the Java license, Java deprecating support for the Java Web Start (javaws|jws) from JDK 1.8, "java" on client machines no longer means "java" -- more specifically, there has been various methods to retrofit the deprecated "jws" onto whatever current version of "java" is installed after 1.8.0 (Java 8), which has been met with various levels of success, but mostly abstract failure on random levels. This is where the
OpenWebStart project has attempted to take over, and has done relatively successfully. However, for Linux platforms that only comes packaged as a Debian (deb) package. So, we have to convert it.
- Make sure alien is installed.
zypper install alien
- Download the OpenWebStart package from openwebstart. At the time of this writing, https://github.com/karakun/OpenWebStart/releases/download/v1.4.0/OpenWebStart_linux_1_4_0.deb
- Next, we need to convert it to something an openSUSE machine can read and install
alien --to-rpm OpenWebStart_linux_1_4_0.deb
which should create an rpm file in the current directory with a similar name as the original.
- Now we can install the RPM file as normal
zypper install openwebstart-1.4.0-2.noarch.rpm
Voila! Now we have OpenWebStart installed (which defaults to /opt/OpenWebStart). Before we can use it in with our KVM, we need to modify a few things first, because Tripp-Lite does things weirdly.
- Launch the settings GUI with
/opt/OpenWebStart/itw-settings
This will launch the GUI to make things clicky clicky, so go to the Proxy Settings tab, and make sure there is no proxy, since we don't use one.
- Next, make sure the following is checked, to allow for Tripp-Lite's weirdo security stuff:
- Allow users to grant permissions to signed content
- Allow users to grant permissions to content from an untrusted authority
- Warn if site certificate does not match hostname
- Show sandbox warning banner
- Allow user to accept JNLP security requests
I have left unchecked "Do not favor https requests" because the KVM only serves HTTPS to connect to it. I also unchecked "Assume local files belong to codebase", because we don't own the codebase, even though we're going to run it locally.
- Saving that by clicking
Apply
or OK
should create a ~/.config/icedtea-web/deployment.properties
file, which you need to modify before we attempt to connect to the KVM (else it won't work).
- Add (or change if already present):
deployment.security.itw.ignorecertissues=true
deployment.security.level=ALLOW_UNSIGNED
The first is because the JNLP is signed but is not signed as the same issuer as anything else, causing it to be seen as "invalid".
The second entry is because portions of the JNLP package isn't signed at all, thereby violating the entire thing in any Java Web Start launch.
- Now we can finally launch the dang thing, to connect to the KVM!
/opt/OpenWebStart/javaws -nosecurity -jnlp https://131.215.140.157/targets.jnlp
This will envoke "nosecurity" which amounts to the client recognizing the entries we added to deployment.properties (otherwise it will assume the default security), and instructing OpenWebStart where to find the JNLP file to launch (this can be a URL or a file), and since the KVM only accepts incoming HTTPS connections, make sure you envoke it with https://.
- Next, you have to enter your username and password.
--
DavidLeBlanc - 2021-11-18