KB30366 - Impact of Google Chrome browser’s NPAPI based plug-in deprecation on Java applets and the Pulse Secure products

This article describes the impact and the workaround for installing and launching Pulse Secure components from Google Chrome browser once Google disables support for NPAPI plugins

Background Information:

When logging in from a Google Chrome browser, Pulse Secure products use a Java applet (called the Setup Applet) to install client components such as the Pulse Secure Desktop Client, Network Connect, Windows Terminal Services, etc. The Java applet is also used to communicate between the browser and the installed client components. To launch Java Applets from browsers they rely on a Java Plugin (the Java Plugin is a NPAPI based plugin)

Since Sept 2015 (Chrome v.45) Google Chrome has deprecated the support for NPAPI based plugins including Java plugin, for more details refer to this Chrome link

What is the impact of this on Pulse Secure Products?
Once NPAPI plugins are disabled, end-users will not be able to install or launch Pulse Secure components from a Chrome browser using Pulse Secure's Java Setup Applet. Additionally end-users will not be able to use any other Pulse Secure's Java Applet based features such as JSAM, Premier Java RDP (HOB), etc from Google Chrome browsers.

Starting in 8.2R1, Pulse Secure has introduced PSAL (Pulse Secure Application Launcher) for installing and launching of client applications such as Pulse Client without relying on Java or Active-X Plugins.  PSAL uses custom URL support in browsers (pulsesecure://) to communicate between itself and the browser ato deliver and to launch client applications. The custom URL when invoked, will automatically trigger the PSAL client and this transition is mostly transparent to the end-user.  

An overview of PSAL and the end-user experience is documented in KB40102 For more information, refer to the Administrative Guide. 

If an upgrade to 8.2R1 is not possible, you may use one of the workarounds listed below.

Workarounds:

1. Use an alternate supported browser (Internet Explorer) to login and install and/or launch the Pulse Secure component
2. In certain deployments it may be possible to directly launch the client component (For example Pulse Secure Desktop client and Network Connect) without using a browser

Note:
As of the release of 8.3R1 only Java Setup Applets functionality (i.e. ability to deliver, install and launch other Pulse Secure client components)  has been added to PSAL. However other Pulse Secure functionality such as launching JSAM, Premier Java RDP (Hob) or other Java Applets accessed via the PCS client-less rewriter engine will not work on browsers that have deprecated support for Java Plugin technology