IDSE: Java Plugin Error or AccessControlException When Signing

The “AccessControlException” Error and Java Plugin Issues in IDSE

The IDSE (IMSS Desde Su Empresa) system is the official platform in Mexico for employers to submit workforce affiliation movements (hires, terminations, salary modifications) of their employees to the IMSS.

Despite being critical, the IDSE platform still heavily relies on Java applets to execute digital signature processes (the e.firma and the IMSS digital certificate). This dependency creates severe headaches, as modern browsers have removed support for Java plugins, and strict security rules from Oracle block unsigned applications.

The most common symptoms of this problem are:

1. The portal remains blank or constantly asks to install Java.
2. Java pop-up error: AccessControlException: access denied.
3. Application Blocked Error: Java blocks the application for security reasons.

Prerequisites

Before starting the troubleshooting steps, ensure you have:

• Administrator rights on the Windows computer.
• Your IMSS Digital Certificate (.pfx), Username, and Password.
• All web browsers closed.

---

Step-by-Step Solution

1. Install the Correct Version of Java

The IDSE portal was originally designed for 32-bit browsers (like the old Internet Explorer). Therefore, even if your computer runs 64-bit Windows, you must have 32-bit Java installed.

1. Uninstall all versions of Java you have from Control Panel > Programs and Features.
2. Go to the official Java site (Oracle) and look for the “Offline Java Downloads”.
3. Download the installer named Windows Offline (32-bit). It is usually named something like jre-8uXXX-windows-i586.exe.
4. Install it with administrator privileges.

2. Configure Java Security Exceptions

Recent versions of Java (Version 8 and up) block any application that does not meet strict security protocols by default. You must explicitly tell Java to trust the IMSS portal.

1. Open the Control Panel in Windows, and click on the Java (32-bit) icon. (You can also search for “Configure Java” in the start menu).
2. Go to the Security tab.
3. Ensure that the option “Enable Java content in the browser” is checked.
4. The security level must be set to High (not Very High).
5. Click the Edit Site List… button at the bottom.
6. Click Add and type these three addresses, pressing Enter after each:
   • http://idse.imss.gob.mx
   • https://idse.imss.gob.mx
   • http://idse.imss.gob.mx/certificacion/
7. An HTTP security risk warning will appear. Click Continue.
8. Apply and accept the changes to close the Control Panel.

3. Enable Internet Explorer Mode in Edge

Since Google Chrome, Mozilla Firefox, and the modern Edge can no longer run Java natively, the best solution is to enable backwards compatibility mode.

1. Open Microsoft Edge.
2. Go to Settings (the three dots in the upper right corner).
3. In the left side menu, click on Default browser.
4. Look for the Internet Explorer compatibility section.
5. Change “Allow sites to be reloaded in Internet Explorer mode (IE mode)” to Allow. Edge will ask you to restart the browser.
6. (Optional) Under Internet Explorer mode pages, you can click Add and paste https://idse.imss.gob.mx/certificacion/login.jsp so it always opens with this engine.

4. Logging into the Portal and Authorizing the Plugin

Now that the environment is prepared, proceed to sign:

1. Enter the IDSE portal in Microsoft Edge.
2. Right-click the browser tab and select “Reload tab in Internet Explorer mode”. You will see a small legacy IE icon in the address bar.
3. Wait a moment. A Java warning window will appear saying “Do you want to run this application?”.
4. This is the vital part: Check the box “I accept the risk and want to run this application” and click Run.
5. If it asks for block permission, choose “Do not block”.
6. Now select your .pfx file, your username, and password. The “Enter” or “Sign” button will now work without throwing an AccessControlException.

---

Alternative Solution: Java Policy

If after the 4 previous steps you still have problems (very common in companies with strict networks or antiviruses), you will have to manually modify the security properties file:

1. Open Notepad as Administrator.
2. Navigate to C:\Program Files (x86)\Java\jre[version]\lib\security\.
3. Open the java.policy file.
4. At the end of the file, inside the global grant field, you can add: permission java.net.SocketPermission "idse.imss.gob.mx:80", "connect,resolve";
5. Save the file and restart the computer.

Summary

• Chrome and Firefox no longer support the IDSE page natively due to the NPAPI block.
• Install 32-bit Java regardless of your operating system architecture.
• Add the IMSS domains (https://idse.imss.gob.mx) to the Exception Site List in the Java Control Panel.
• Login exclusively from Microsoft Edge using Internet Explorer Mode.
• Always accept the risk warning when the IMSS applet attempts to run.

Related Articles

• SUA IMSS: Error de Compatibilidad al Instalar o Ejecutar en Windows 11
• Aspel NOI: Error al Exportar Movimientos Afiliatorios al IMSS
• Aspel SAE: Error al Generar Respaldo de Base de Datos