Digital signature on LMS - issue with R/3 password

Similar Messages

• Digital signature does not validate with the given key

  We are switching our single-signon provider from openssl to Weblogic's SAML. I am trying to create a test application that will send mock SAML assertions to our test Weblogic SAML server before we begin integration with the client that will send real SAML assertions.
  I have configured a Weblogic 10.3.5 instance to be a SAML Service Provider as well as created an application that creates test SAML assertions to post to the SAML server. I'm currently using a self-signed certificate to sign the SAML assertion. I've imported the self-signed cert into both the DemoIdentiy.jks and cacerts on the Weblogic SAML server.
  The Weblogic SAML server is giving the following error when trying to validate the signature of the assertion:
  <SAML2Assert: Start verify assertion signature>
  <SAML2Assert: The assertion is signed.>
  <SAML2Assert: Digital signature does not validate with the given key
  org.opensaml.xml.validation.ValidationException: Digital signature does not validate with the given key
  at org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:68)
       at com.bea.security.saml2.util.SAML2Utils.verifySamlObjectSignature(SAML2Utils.java:229)
       at com.bea.security.saml2.providers.SAML2Assert.verifySignature(SAML2Assert.java:285)
  >
  I get this error when the SAML assertion includes both the cert and the public key, just the cert, just the public key or neither.
  I'm pretty sure I've configured the SAML instance correctly since I followed the steps provided by another group who got this working with a different client. The only difference is they are using a real signed certificate (Verisign i believe) instead of a self signed cert.
  I'm looking for any help to track down which step in the process I've missed or implemented incorrectly.
  Thanks!
  Edited by: 911967 on Feb 6, 2012 12:26 PM

  So I found my own answer to the issue. The error was being caused by an the following xml in the assertion:
  <ds:Reference URI="">
  The value of URI attribute must have a '#' followed by the same value of the ID attribute in the parent 'Assertion' element (in our case a random string):
  <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="a5k42vnhsywezqzyufq15c4bb9xuzeozrmbppj38xe" IssueInstant="2012-03-12T14:33:25.986Z" Version="2.0">
  <saml:Issuer>ISSUER_NAME</saml:Issuer>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  *<ds:Reference URI="#a5k42vnhsywezqzyufq15c4bb9xuzeozrmbppj38xe">*
  How this is related to the digital signature is beyond me, though I admit I'm very new to saml and digital signing. However I spent a great deal of time investigating my certs and how I was creating the signature, which it seems is unrelated to the actual issue. I also wasn't able to find any docs specifying that this attribute was required, though I might have just missed it.

• Digital Signature Data File Issue

  Hello all,
  I am something of a network administrator / supervisor (by position not education so some of the technical aspects of my shop still alude me). Right now I am having an issue with digitally signing PDF files; previously when I signed the files the size would remain approximately the same (moving perhaps from 200 KB to 300 KB, however when I sign files now the size jumps to almost 7000 KB. Previously I had received a message when signing that indicated I could change a setting to add an extra layer of protection and my hypothesis is that this may be the cause, but I am not 100% sure of that.
  Has anyone experienced this problem before, or have any possible solutions? My guess is that there is an option where Adobe controls how secure the signature I create has to be and it defaulted to the more secure, much larger file size after I received the initial notification.
  Thank you for your guidance and wisdom.

  Hello all,
  I am something of a network administrator / supervisor (by position not education so some of the technical aspects of my shop still alude me). Right now I am having an issue with digitally signing PDF files; previously when I signed the files the size would remain approximately the same (moving perhaps from 200 KB to 300 KB, however when I sign files now the size jumps to almost 7000 KB. Previously I had received a message when signing that indicated I could change a setting to add an extra layer of protection and my hypothesis is that this may be the cause, but I am not 100% sure of that.
  Has anyone experienced this problem before, or have any possible solutions? My guess is that there is an option where Adobe controls how secure the signature I create has to be and it defaulted to the more secure, much larger file size after I received the initial notification.
  Thank you for your guidance and wisdom.

• Forms, digital signatures, cross platform issues

  I am trying to implement pdf forms in an educational environment to utilize digital signatures and reduce paper. The form data does not need to go anywhere. It just stays in the form at this point. Some people on campus have Windows machines, others have Macs. All the Windows machines have Acrobat Pro installed and not Reader. The Mac people are more likely to have Reader. There have been problems with emailing these forms between platforms. Does anyone have any ideas about how to solve this? My IT department will not support Reader on Windows machines, so the forms have to work in Acrobat and Reader! How should the orginal document I put online be saved to work in both programs and platforms? What direction should I give the users about how to save the forms they fill out and sign? I've looked all over for this kind of info, but can't seem to find it. Any and all help is greatly appreciated. FYI, I am not an IT person. Thanks!!!

  For Mac users, it will be important that they don't use the Preview application to work with the forms. Preview is the default Mac PDF viewer out of the box, and it corrupts PDF forms when it saves them, so it really needs to be avoided.
  In order for Reader to save a filled-in form and apply digital signatures, the forms need to be Reader-enabled, which can be done with Acrobat Pro. Acrobat Standard can Reader-enable documents too, but it doesn't apply the digital signature usage right.
  The problem with this is if you will be getting the forms returned to you, you can only use data from no more than 500 instances for the form, including hardcopies. This is an Acrobat License Agreement restriction. If they won't be returned, there won't be a problem. Also, the Acrobat users don't need to use a Reader-enabled version, so you can collect all the forms you want from them.
  Email will be most reliable if the user manually attaches the file to an email, as opposed to setting up a button on the forms to submit to an email address. You'll find many threads here discussing the emailing difficulties with forms that are set up this way. The problems can be minimized with user education, as the manual process is available in either case. A submit button provides convenience, unless it doesn't work, and it won't for some users.

• Digital Signature only Release Status with 3(Approver) Signer

  Hello SDN Folks
  I have done all the basic settings for Digital Signature which is sawn in following link
  http://wiki.sdn.sap.com/wiki/display/PLM/Digitalsignaturein+DMS
  it is work  fine with 1 RE (Release) status and 1 Signer
  We have in process to implement Digital Signature with only two Status
  our scenario is
  Document Creator  Create Document With Status CR
  Document Approver Approve Document With Status RE
  now we have scenario that For 1 Document we have 3 Approver and 3 approver must digitally sign on DIR
  our status is
  only   CR(create)---->RE(release)
  so how i can attached 3 digital signer  with only 1 RE(Release) Status
  is it possible to go with 3 digital signer with only 1 RE (Release) Status ????
  Regards
  Tushar Dave

  Hi Tushar,
  Your requirement of utilizing 3 different approvers for a single 'Release' status in a document type/s can be addressed via the approach proposed below:
  1.Define 3 individual authorization groups
  2.Define 3 individual signatures
  3.Define a common signature strategy
  4.Assign the above 3 individual signatures to the common signature strategy
  5.Define the signature sequence(the order in which the 3 approvers must approve)
  6.Define users and restrictions(signature assigned to relevant approvers/users)
  7.For the document type in question for the 'Release' status,assign the above signature strategy and test.
  For more detailed information on using digital signature effectively,refer the below link
  http://help.sap.com/saphelp_470/helpdata/en/9f/857f3a1c7b11d294d200a0c92f024a/frameset.htm
  Regards,
  Pradeepkumar Haragoldavar

• XMAM30 - digital signature - new applet running with MobileEngine.exe

  Hello,
  I am new to this forum and could not find a solution for my problem.
  I would be very happy, if anybody can help me.
  I have developed a new applet based on the standard SAP applet for the digital signature in xMAM30. This applet works fine in Microsoft Internet Explorer 6.0 but it doesn't work with the MobileEngine.exe!
  I have already read the SAP note 897289 about this topic, but this note was not the solution for my problem. Because the SAP Standard applet (com.sap.mbs.mam.order.control.SignApplet) in the mamsignapplet.jar works fine in MS IE 6 and with MobileEngine.exe.
  After several tests I found out, that the problem must be the JAR-file which contains the applet.
  I have created a new JAR-File of the SAP applet class: com.sap.mbs.mam.order.control.SignApplet with the same MANIFEST.MF which I found in mamsignapplet.jar. But this new JAR-file doesn't work with MobileEngine.exe. Only the MS IE 6 could load the standard SAP applet for digital signature.
  Now my question is:
  What is the difference between the standard SAP jar-file "mamsignapplet.jar" and the jar-file I have created by using the normal Eclipse export as jar functionality?
  What's wrong with the jar-file I have created?

  Hello,
  The jars have to be "digitally signed". You can have a look here:
  http://java.sun.com/developer/Books/javaprogramming/JAR/sign/signing.html
  If it is still not wroking, I can find out with the production guys how they do it.
  Thank you,
  Julien.

• Digital Signature  Check Printing  issue

  Hi  ,
  I  have  one  issue  in check printing  for  Tcode :  F110  .
  When  i  take  printout  signature  comes  below  the  line   ,  i  want  to  move  digital  signature  above  the  line  .
  in  Script  Code  is  like  this
  T3
  T3
  /:           HEX TYPE PCL LEFT '5.00' CM
  /=           1B2831511B2873317033362E307630733062305453
  /:           ENDHEX
  Now  Can  you  tell  me  how to  move  signature  from  below  the line  to Above  the  line .
  Regards,
  Sandeep Jadhav

  Hi,
  When you say adjustment how did you pass the adjustment ? what transaction code was used? normally to post a payment without printing check you can use F-53 and that should not print any checks.
  Thanks and Regards
  K.Raghavendran

• Digital Signatures causing performance issue

  I have created a form for a two-step process in which the first user will open, enter data, and submit the form for another user to approve.  The problem is that during the approver phase, they will digitally sign the form (there are two digital signature fields for each section of the form, the approver is required to sign at least once in order to submit) and then submit, but the process seems to lag for about 20-30 seconds after they click submit.
  I understand that the digital signatures may add to the size of the form overall, but is one or two signatures enough to cause a delay? 
  I have some javascript that I fire at the pre-submit event using AWS_Action to see what the user action is and if the user selects to submit then it will test to see if at least one signature field is signed and valid, if so then changes the signature field type to disabled (I have the signature fields become required type based on certain fields containg data) and submits the form.  Is it possible that this script could cause such a delay after the submit?  We aren't having any delays when the first user submits the form without digital signatures so I assume this is what is causing the problem.

  I expect that the lag may be related to the script you are executing, rather that specifically by the digital signature itself.  Are you able to test the form outside of the process to see if the lag remains?  Could you change the submit button to a mailto: uri and see how long it takes for the "pre-submit" code to execute?
  Regards
  Steve

• Keychain Issue with Entourage SMTP password or port attribute

  I am posting this under Using OS X rather than Mail since I do not
  use Apple's Mail. The problem is the Microsoft Entourage or something
  may be sending bad information to the OS X keychain and this prevents me
  from sending mail to my ATT/Yahoo account. The workaround I have
  been using to send mail is use the OS X Keychain First Aid repair.
  After the repair Entourage will send the message one or two times then
  I get the following Keychain verification error note:
  Item “pop.att.yahoo.com” has unspecified value for port attribute
  Item “smtp.att.yahoo.com” has unspecified value for port attribute
  Problems were found; you should choose the Repair option to fix them
  Verification failed.
  The Repair option corrects the problem until the next message is
  sent. I have done everything I can think of to the Entourage v12.1.7
  settings and something is still not right.
  I am beginning to suspect a Keychain bug or error but have no idea
  how to get the correct attribute written to the keychain.
  Maybe someone could provide some terminal commands to the will
  help me write the correct password and port attribute to the keychain.
  I am open to any suggestions to clear being nagged every time I
  need to send a message to enter my password. The POP mail works
  fine. This seems to be an issue with the password that is required
  by the ATT/Yahoo smtp server.

  If you are sure your primary account is setup correct (per the above URLs), open
  the Applications/Utilities/Keychain Access.app and go to Keychain Access/Keychain
  First Aid and click on the Verify and Repair if necessary.
  FYI, Entourage will write errors to the keychain if you have the account setup wrong.
  My error (that cause the keychain errors) was I typed in the my ID and password in
  the smtp option. Check the box to use the received and do NOT type in the address.
  When you save the settings with nothing in the boxes, Entourage will do it for you
  and it will work.
  I don't know why but it will not work if you type in the info. Just follow the rules
  and it will work
  Try It!!
  Message was edited by: aRKay

• Digital Signatures in Adobe PDF with Adobe SDK

  Hi,
  Please, apologyze my poor english.
  I have an  application that inserts a signature programmatically in a PDF document  with Acrobat 8, via VB .NET, using the example provided in the Acrobat 8  SDK ("AddSignature").
  The difference between the SDK example and this code resides only in the way of calling the script in .net
  I  call directly the AddSignature function with this code (partial),  instead of calling the execution of the "ADBESDK:AddSignature" menu  (this improves faster execution with no AVDOC object involved):
          AcroExchPDDoc = New Acrobat.AcroPDDoc
          Dim JsObj As New Object
          AcroExchPDDoc.Open("c:\test.pdf")
          JsObj = AcroExchPDDoc.GetJSObject
          JsObj.SetUserDigitalIDPath("/C/trabajo/DrTest.pfx")
          JsObj.SetUserPassword("testpassword")
          JsObj.AddSignature(JsObj)
          JsOb = Nothing
          AcroExchPDDoc.Save(1, "c:\result_test.pdf")
          AcroExchPDDoc.Close()
  I notice that the more signatures the PDF already contains at the time of inserting a new signature, the more is the time it cost to the program to execute the "AddSignature" line. I've configurated Adobe Acrobat to not validate signatures on open, so I guess validation of existing signatures is not the cause of this delay.
  Can someone tell me something about this ??

  Well, surely a larer filesize could be the cause of incresing time but, in this particular case we are talking of PDFs about 150kb each.
  With 3 or 4 signatures already, they have about 180kb so i guess the increase in filesize can´t be the origin (especially with a PC above the average). Anyway, i´m not sure...
  Does someone have any other idea about this?

• Compatibility and LMS issues with Flash WBTS running in IE11

  Our IT department recently ugpraded our corporate browser from IE8 to IE11. Since then, we have beeen having several problems with some of our Flash WBT courses:
                 - upon completion of the course, communication with our LSO (SAP) is not made so the courses are not marked as complete
                 - a few courses having video (FLV or F4V video) are having problems in loading and playing the videos. Changing the Compatibility Setting to Enterprise seems to solve the
                   problem, but it's a case-by-case fix.
  These courses experienced no problems prior to IE11. We've been working with our IT department, and have begun discussions with MicroSoft, but so far no luck. Everyone seems to think that the problem is in the way that the Flash Player is working, or not working, in IE11. I believe that we're using Flash Player 11 as our corporate standard. Has anyone else experienced similar problems in running their Flash courses in IE11?
  Thanks.

  Each version of Flash Player includes important security fixes.  If you're really using Flash Player 11 as your corporate standard, you're vulnerable to a large body of publicly disclosed issues which have been resolved in current versions.  I doubt that this is actually the case.
  Internet Explorer 11 introduces a number of changes both to how the browser identifies itself to remote web servers, and to how it processes JavaScript intended to target behaviors specific to Internet Explorer.   Unfortunately, this means that content on some sites will be broken until the content provider changes their site to conform to the new development approach required by modern versions of IE.
  There's some decent guidance here, but the bottom line is that a lot of content will need to be patched to work in the world of IE11+.
  Internet Explorer Dev Center
  You can try to work around these issues by using Compatibility View:
  http://windows.microsoft.com/en-us/internet-explorer/use-compatibility-view#ie=ie-11

• Use XML Digital Signature(Apache XML security) with Applet

  I have problem when I use xml-security-1_2_1 library from Apache with applet and access denied errors occur.
  6 May 2005 10:06:45 org.apache.xml.security.Init init
  SEVERE: Bad:
  java.security.AccessControlException: access denied (java.util.PropertyPermission org.apache.xml.security.resource.config read)
  bla bla....
  How should I do ? Please! T_T and thank you ..

  An applet cannot read the local file system, connect to any other computer than the one
  it came from or read properties it's not supposed to read. And I think it cannot write to any
  property.
  If you sign the applet or set up a policy for it the applet can do the same as an application
  allthough the jre will still check the stack trace if the entire stack has the same privileges
  as you signed applet.
  http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
  second post and last post for the java class file

• Issue with reseting my password

  I just format one of my computer, then when I reinstall firefox and sync, I forgot my password. So I used the service to recover a new password.
  But it's appear I still not receive a mail on my two email address used for the moment.
  What can I do?

  JAMF software has a great white paper on using FileVault 2 with their Casper Suite:
  http://www.jamfsoftware.com/sites/default/files/Administering-FileVault-2-on-OS- X-Mountain-Lion-with-the-Casper-Suite.pdf
  While you may not be using Casper (though I'd recommend it for management, it's great), there is a ton of helpful information in there that's worth reading up on.
  Also, if you are a registered Apple developer, you may wish to check out this WWDC 2013 video:
  https://developer.apple.com/wwdc/videos/#300
  (developer login required)

• SSF Digital Signature

  Dear Experts,
  Am trying to invoke digital signature process using SSF with SAP username/password. When i give by SAP password and do a signing i get the following error message:
  Ssf_GetOwnCertificate: SsfOpenProfile failed with rc=23
  I also have a external security product. but initially i would like to test this feature with SAP username/password and then move on to the external security product for this process.
  Can someone help me out on this.
  Regards,
  Karthik

  Hi,
     I checked with SSF01 and found that am able to apply the digital signature in this for testing. Also using a third party product without verification is also working fine.The problem i face is with SAP username/password and also with Third party product with verification.
  Can you think of something that might have gone wrong.
  Regards,
  Karthik

• Can I sign a Microsoft Word Document with the digital signature from a MIlitary issued CAC card?

  Is it possible to sign a MS Word doc with the digital signature froma  Military issued CAC card? It is easily done in Adobe but, I cannot find any guidance for MS Word docs.

  According to this thread in Microsoft's forums:
  http://answers.microsoft.com/en-us/mac/forum/macoffice2011-macword/can-i-how-do- i-add-a-digital-signature-to-a/eb2c2787-b13f-4388-b20f-4580515eec95
  this is not possible with Word for Mac.
  Regards.