AusKey Read-only files cannot be used as keystores in OS X
I seem to get this error every time I try to use the ATO website from OS X. It states that Read-only files cannot be used as keystores with a reference to a keystore.xml file in the user’s local application support directory.
TL;DR;
Within Safari, go to Preferences->Security->Website Settings->Java Plugin. Then give the authentication.business.gov.au website to run Java in “Unsafe Mode”. The site will be listed because you’ve already authorised the plugin to run for the site.
Error Details
This error isn’t a filesystem permission error. It’s a Java plugin privilege error, specifically that the AusKey Java Applet needs explicit permission to read/write a file from your local filesystem. This is disabled by default for all Java applets.
There’s basically three levels of permission:
- The Java runtime is installed and the Java plugin enabled in Safari
- That you’ve been to the website and authorised the Java applet to run (which starts but fails)
- The ATO Business Portal website is authorised to run the plugin in Unsafe mode (given access to the filesystem).
How this isn’t listed in the AusKey Troubleshooting FAQ, I don’t know.
Step 1 is resolved after installing Java by going to the System Preferences -> Java Control Panel -> Security and enabling Java in the Web Browser (checkbox)
Step 2 is resolved by attempting to login to an AusKey website and authorizing the Java plugin to run
Step 3 is resolved in Safari Preferences->Security->Website Settings->Java Plugin. The authentication.business.gov.au website will be listed and needs to be changed from “Allow” to “Run in Safe Mode” (for this site only).
This gist is a step-by-step sequence to fix it.