Digital Signature only Release Status with 3(Approver) Signer

Similar Messages

• Digital signature does not validate with the given key

  We are switching our single-signon provider from openssl to Weblogic's SAML. I am trying to create a test application that will send mock SAML assertions to our test Weblogic SAML server before we begin integration with the client that will send real SAML assertions.
  I have configured a Weblogic 10.3.5 instance to be a SAML Service Provider as well as created an application that creates test SAML assertions to post to the SAML server. I'm currently using a self-signed certificate to sign the SAML assertion. I've imported the self-signed cert into both the DemoIdentiy.jks and cacerts on the Weblogic SAML server.
  The Weblogic SAML server is giving the following error when trying to validate the signature of the assertion:
  <SAML2Assert: Start verify assertion signature>
  <SAML2Assert: The assertion is signed.>
  <SAML2Assert: Digital signature does not validate with the given key
  org.opensaml.xml.validation.ValidationException: Digital signature does not validate with the given key
  at org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:68)
       at com.bea.security.saml2.util.SAML2Utils.verifySamlObjectSignature(SAML2Utils.java:229)
       at com.bea.security.saml2.providers.SAML2Assert.verifySignature(SAML2Assert.java:285)
  >
  I get this error when the SAML assertion includes both the cert and the public key, just the cert, just the public key or neither.
  I'm pretty sure I've configured the SAML instance correctly since I followed the steps provided by another group who got this working with a different client. The only difference is they are using a real signed certificate (Verisign i believe) instead of a self signed cert.
  I'm looking for any help to track down which step in the process I've missed or implemented incorrectly.
  Thanks!
  Edited by: 911967 on Feb 6, 2012 12:26 PM

  So I found my own answer to the issue. The error was being caused by an the following xml in the assertion:
  <ds:Reference URI="">
  The value of URI attribute must have a '#' followed by the same value of the ID attribute in the parent 'Assertion' element (in our case a random string):
  <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="a5k42vnhsywezqzyufq15c4bb9xuzeozrmbppj38xe" IssueInstant="2012-03-12T14:33:25.986Z" Version="2.0">
  <saml:Issuer>ISSUER_NAME</saml:Issuer>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  *<ds:Reference URI="#a5k42vnhsywezqzyufq15c4bb9xuzeozrmbppj38xe">*
  How this is related to the digital signature is beyond me, though I admit I'm very new to saml and digital signing. However I spent a great deal of time investigating my certs and how I was creating the signature, which it seems is unrelated to the actual issue. I also wasn't able to find any docs specifying that this attribute was required, though I might have just missed it.

• XMAM30 - digital signature - new applet running with MobileEngine.exe

  Hello,
  I am new to this forum and could not find a solution for my problem.
  I would be very happy, if anybody can help me.
  I have developed a new applet based on the standard SAP applet for the digital signature in xMAM30. This applet works fine in Microsoft Internet Explorer 6.0 but it doesn't work with the MobileEngine.exe!
  I have already read the SAP note 897289 about this topic, but this note was not the solution for my problem. Because the SAP Standard applet (com.sap.mbs.mam.order.control.SignApplet) in the mamsignapplet.jar works fine in MS IE 6 and with MobileEngine.exe.
  After several tests I found out, that the problem must be the JAR-file which contains the applet.
  I have created a new JAR-File of the SAP applet class: com.sap.mbs.mam.order.control.SignApplet with the same MANIFEST.MF which I found in mamsignapplet.jar. But this new JAR-file doesn't work with MobileEngine.exe. Only the MS IE 6 could load the standard SAP applet for digital signature.
  Now my question is:
  What is the difference between the standard SAP jar-file "mamsignapplet.jar" and the jar-file I have created by using the normal Eclipse export as jar functionality?
  What's wrong with the jar-file I have created?

  Hello,
  The jars have to be "digitally signed". You can have a look here:
  http://java.sun.com/developer/Books/javaprogramming/JAR/sign/signing.html
  If it is still not wroking, I can find out with the production guys how they do it.
  Thank you,
  Julien.

• Digital signature on LMS - issue with R/3 password

  Hi,
  We have enabled the Digital Signature (FDA check) for Follow-up against WBT course delivery method. Once I click on 'Confirm Participation' link, I get a popup to provide username and password. I believe this popup checks for SAP (R/3) UserID and password. The problem is, Learning portal (HCM_LEARNING) is linked within SAP Enterprise portal and most of our users don't have backend access and no password. They only know thier portal username and password.
  So definitely, when I put my portal login details into the Popup, it will error as the password is different to the ECC System.
  Is there any work around solution for this issue? Has anyone been able to resolve the issue around password?
  Would really appreciate if you could share the solution with us.
  Best,
  Jaya

  Hi
  You need to Trigger an Outbound Message for generating the IDoc.
  Using the process code, the IDoc interface finds the application selection module which converts the SAP document into an IDoc.
  The process code is only used with applications which perform outbound processing via Message Control (NAST).
  goto Transaction NACE ,
  Select the Application ME - Inventory mangament.
  Clcik on Output types , Copy the Out Put type WA03 & create anew Out put type.
  Selec the Output type & Click on Processing routines
  Maintain the medium  6 - EDI , there is no standard print program for EDI So you need to create your own Program & form Routine
  Check this form routine EDI_PROCESSING in program RSNASTED for having an idea.
  After maintaining all the relevant EDI Paramters.
  Maintain the message condition record using MN21 for the new out put type.
  When you create a Goods issue the Message will be triggereed & Idoc will be trigerred , you can then transfer this into XI.
  Thanks & Regards
  Kishore

• PO Release status with date

  Hi Guys,
               I have a requirement where in I need to list out the POs with the Release status based on
               date range. Any pointers on this is appreciated.
  Thanks.
  Rgds,
  Senthil GR

  hi
  go to me2n then select the date range and then press shift+F4 (dynamic selection )here in header u can select the release indicator and dates
  regards
  kunal
  award if helpful

• Digital signature valid or invalid depending on the signing Windows user

  I have a very strange problem and was not able to determine how to resolve it because I quite don't undestand the mechanisms of signing, it seems.
  I have a digital signature issued by a member of the "Adobe Approved Trust List". If I sign a document with Adobe Reader XI or Adobe Acrobat XI Standard logged in with one Windows user account the signature appears valid on any other Windows user account. If I use another Windows user account and sign the document with the same digital signature the signature is invalid in this Windows user account and any other.
  I didn't change any settings in any of the Adobe products. I use the standard configuration as present just after a fresh install.
  One thing I already checked, which nevertheless doesn't explain this strange behavior, is to enable Windows-Integration in the signature configuration of the Adobe products. If this is enabled both documents (the one signed with the "good" Windows user account and the other signed in a "bad" one) show the signature as valid on any Windows account.
  So I am wondering if, besides the signature itself, anything else is integrated into a document while being signed that could explain that behavior and, if this is the case, where the setting, trigger, whatsoever, is, to set up Adobe correctly.
  Please help.

  What do you mean by "signature is invalid"? Is it a a red X or is it Unknown? A problem with trust results in the "Unknown" status, not "Invalid".
  In any case, inspect the signature, first in the Signature panel. It will tell you some info about what's wrong with this signature. Then right-click on the signature and select "Show Signature Properties". You'll get a dialog with more info. In this dialog select "Show Signer's Certificate". Check the chain (in the left pane) and "Revocation" tab for each certificate in the chain.
  Compare this info for signatures created on a "good" account and "bad". My guess is that the "bad" account is lacking some certificate-related component.and the "good account has it. The fact that if you turn on Windows integration signature becomes valid tells me that it is something related to account.
  Another thing to try is this. Go to C:\Users\<username>\AppData\Roaming\Adobe\Acrobat\11.0\Security folder and see if it has CRLCache folder. If it has, delete it and try to sign again.
  Also compare the preferences. Check the Edit->Preferences->Signatures->Verification->More->Verification Time preference. Is it the same on both accounts? Is it "Time when the signature was created"? Is the "Include signature's revocation status" check box in  Edit->Preferences->Signatures->Verification->More->Creation and Appearances->More checked in both accounts?

• Digital Signatures in Adobe PDF with Adobe SDK

  Hi,
  Please, apologyze my poor english.
  I have an  application that inserts a signature programmatically in a PDF document  with Acrobat 8, via VB .NET, using the example provided in the Acrobat 8  SDK ("AddSignature").
  The difference between the SDK example and this code resides only in the way of calling the script in .net
  I  call directly the AddSignature function with this code (partial),  instead of calling the execution of the "ADBESDK:AddSignature" menu  (this improves faster execution with no AVDOC object involved):
          AcroExchPDDoc = New Acrobat.AcroPDDoc
          Dim JsObj As New Object
          AcroExchPDDoc.Open("c:\test.pdf")
          JsObj = AcroExchPDDoc.GetJSObject
          JsObj.SetUserDigitalIDPath("/C/trabajo/DrTest.pfx")
          JsObj.SetUserPassword("testpassword")
          JsObj.AddSignature(JsObj)
          JsOb = Nothing
          AcroExchPDDoc.Save(1, "c:\result_test.pdf")
          AcroExchPDDoc.Close()
  I notice that the more signatures the PDF already contains at the time of inserting a new signature, the more is the time it cost to the program to execute the "AddSignature" line. I've configurated Adobe Acrobat to not validate signatures on open, so I guess validation of existing signatures is not the cause of this delay.
  Can someone tell me something about this ??

  Well, surely a larer filesize could be the cause of incresing time but, in this particular case we are talking of PDFs about 150kb each.
  With 3 or 4 signatures already, they have about 180kb so i guess the increase in filesize can´t be the origin (especially with a PC above the average). Anyway, i´m not sure...
  Does someone have any other idea about this?

• Use XML Digital Signature(Apache XML security) with Applet

  I have problem when I use xml-security-1_2_1 library from Apache with applet and access denied errors occur.
  6 May 2005 10:06:45 org.apache.xml.security.Init init
  SEVERE: Bad:
  java.security.AccessControlException: access denied (java.util.PropertyPermission org.apache.xml.security.resource.config read)
  bla bla....
  How should I do ? Please! T_T and thank you ..

  An applet cannot read the local file system, connect to any other computer than the one
  it came from or read properties it's not supposed to read. And I think it cannot write to any
  property.
  If you sign the applet or set up a policy for it the applet can do the same as an application
  allthough the jre will still check the stack trace if the entire stack has the same privileges
  as you signed applet.
  http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
  second post and last post for the java class file

• Lock digital signature after an Infopath form has been signed

  I created a form with multiple sections and signatures. I selected the When signed, make controls read-only. However, when the form is opened after the submission the remove option is still available. I want to lock down signature after it is submitted.
  If updates are made to the form then it opens a new version of the from  if approval required.

  Hi Christic3,
  This is a bit geeky, but here goes. Think of the PDF file in two layers (there are really more, but we'll keep it at two for simplicity). The bottom layer is the PDF content such as fonts, structure tags, and pages. The top layer is form data and comments (aka annotations). When you sign the PDF you sign everything (both layers), but the only allowable changes to the file are additions to the top layer. You can add form data and comments, but you cannot modify anything in the bottom layer without breaking existing signatures. In fact, you can't change (by change I mean modify or delete) anything on the top layer either, but you can add new (unsigned) items.
  Bookmarks are part of the underlying PDF structure. Because they are as integral to the underlying structure as anything else, the ability to modify the bookmarks is locked after signing, otherwise it would be too easy to break the signature.
  Steve

• Released document without complete digital signature

  Hi All!
  I'm working with digital signatures in the DMS system and I have set the release indicator so that two signatures are needed to release a DIR. The problem is that the DIR gets the green release status after saving the first signature. I get the feeling that this is a bug in the system but I have tested it in two systems and it works the same way in both systems (one of them is a ECC6.0 EHP5 system and should have all the relevant updates). The whole idea with digital signatures at the release status is in my head that the DIR does not get released before all stakeholders have signed the DIR. Am I wrong or have I done anything wrong in the config?
  Best regards,
  Kristoffer P

  Hi Kristoffer,
  Any specific logic as to why you intend to use two digital signatures to release a DIR?
  Because,in your case,you can fulfill your requirement by using a single digital signature for a DIR.Herein,since there are two bodies involved for releasing a DIR, you may define the 'Signature Sequence' and the 'Release Sequence' in digital signature customization.This will ensure that that document is released/green indicator set only after body A and body B both have digitally signed the DIR in the sequence specified.Does this help?
  Regards,
  Pradeepkumar Haragoldavar

• Digital Signature tool to Embed Approver signature on PDF Original Files

  Hi,
  Good Day...!
  We have implemented SAP DMS and configured workflow for DMS. When it reaches certain status workflow will be triggered and send workitem to the Approver. If approver can approve or reject based on his review on the original document. If he approves DIR will directly go to released status. Once Approver approves Digital signature has to popup and it has to embed approvers signature on the Original file.
  Is there any third party tools available in the market or can any body provide some inputs how to achieve.
  Please share your experience, if anybody has implemented the same.
  All original files we are using will be in PDF format.
  Note: Our requirement is Approver's signature has to embed on to the Original file when he approves the document.
  Thanks & Regards,
  Prasad.

  Hi,
  Please find details on digital signature in DMS
  Prerequisite
  1)You must have Authorization object {}C_SIGN_BGR to be set (ask basis team to do the same) for the digital signature.
  2)Following  are the authorization object for Documents (If you have all access to the authorization object will be very good, mainly a & b must).
  a) C_DRAW_TCD
  b) C_DRAW_TCS
  c) C_DRAW_STA
  d) C_DRAW_BGR
  e) C_DRAW_DOK
  f) C_DRAD_OBJ
  How to config for Digital Signature in DMS
  The required settings are made under
         a)Document Management ->Approval?->Define individual Signature .
         b)Document Management ->Approval?->Define Signature strategy .
  2.   Assign a signature strategy to the document status .
  3.   Also the required settings are made in customizing under
        Document Management - Control data - Define Document Types (DC10) - Define document status.
       Assign a signature strategy to the document status (As per point no.1 in sign start).
  4.  Save the changes.
  5.  Create DIR
  6.  In DIR once the Document status is set for required digital signature, the system informs you that a digital signature is required. Yellow warning will come, enter two times.
  7.  The Digital Signature dialog box appears. Enter your comment in the text field. Select the individual signature that is assigned to your authorization group in the Signatures to be              executed section and enter the password .Then save it again.6) you can see this digital signaure again, in cv03n, go to top menu Environment --> digital signature.  You will get all the details. 
  Thus the Digital signature process has been completed.
  With help of Transaction code SU01 ,in user tab enter your user name and press F7 check first and last name if it is correct its well and good or else go to change mode and enter correct one, save it.Because while making digital signature using user ID and password it is must or else it will give an error.
  Additionally check the help link for more details.
  http://help.sap.com/saphelp_470/helpdata/en/83/acd928db1c11d397d3080009c17b92/content.htm
  Regards,
  Deepak Kori

• Digital Signatures for Changing the statuses in Issue Mgmt

  Hi
  Has anyone put in place digital signatures for Issue
  Managemnt when we change the status values in an issue.
  We are looking at SAP Note 835584 - Digital signature for documents,
  but that is not applicable for us as we want to initiate the digital
  signature when the status profile "SLFI0001" kicks in and the status is
  changed from one to the other.(eg in process to completed etc)
  We have created the digital signature and the strategies, but are
  looking for a place to attach this with the status profile "SLFI0001".
  Is there a place we can attach the digital signature strategies to this
  status profile?
  Anyone has any ideas on how it can be done?
  Thanks in advance..
  sap ques..

  We have a document that needs to be signed by more than one individual -- and in our process we are using the Topacz signature pad to get the signature.  It's similar to the one you sign at the grocery store, drug store, etc.  In order to NOT have the first signature invalidated, we were told to edit the registry...and it works perfectly!
  [HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\8.0\AVAlert\cCheckbox]
  "iDigSigSaveAsCertified"=dword:00000001
  [HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\8.0\AVAlert\cCheckbox\cAnnots]
  "iReaderEnableSaveWarn"=dword:00000001
  Obviously if you are using a different version of Acrobat, you'll have to change the key accordingly.
  Hopefully this will work with your process.
  Good luck!!

• Digital Signature for QM notification status change

  Hello experts,
  I need your guidance regarding implementation of user digital signature for QM notification status change. Our customer has ECC 6.0 but they are not inclined to introduce enhancement package 3 soon. Now their requirement is that while QM notification status change they want to have a user signature pop-up to verify the user authorization to do so. But they don't want to do so by using digital signature via DMS status change.
  I am really not sure if I have explained the situaion correctly or not as i am quite new to QM. But I am desparately looking forward to get your valued replies in this regard.
  Best regards,
  Anirban

  To fulfill the FDA requirement we have apply the logic to make sure that a digital signature is captured for status changes during task processing.
  To map this requirement we have developed one custom table to store remark that will be displayed on digital signature remarks textbox. This table will have following feild:
  STAT - System/ user status
  QMART - QN type
  SPARS - language
  TEXT - character text.
  Work with ABAPer to implement this, and after implementing validate following key point:
  u2022     Validate that after successful digital signature that the signature cannot be overwritten.
  u2022     Validate the locking of the User ID after customer specific number of unsuccessful signature attempts.
  u2022     Verify that the digital signature works for each status.
  u2022     Validate that if the digital signature is cancelled prior to successful entry that the system status reverts back to previous status and all processing authorizations allowed for that status still function properly.
  Hope my reply will help you.
  Thanks!!!

• Can't create a digital signature with acrobat 8

  We have acrobat 8.  My husband has a digital signature but when I try to electronically sign, his digital signature pops up and does not give me the option to create my own.  How can I create my own digital signature on this software?

  I don't have Acrobat 8, but in Acrobat 7 & 9 it's under "Advanced > Security Settings", which prings up a window where you can add a digital ID.

• Sign pdf doucment  with digital signature multiple times using java api

  Our web  applications generates a pdf using jasper reports, Our users download pdf from our app sign it manually and then scan and upload  it, we want to move away from this and use digital signatures.  The generated pdf must be signed by several   users , I want to try adobe livecycle java api   to sign my pdf, please advice if are there any tutorials for this and is there a trial version   I can use   ,download link  etc. pelase advice.

  You can download the trial version of LiveCycle ES4 from here (http://www.adobe.com/cfusion/tdrc/index.cfm?product=livecycle)
  Here is the video training for LC -  http://www.adobe.com/devnet/livecycle/videotraining.html
  Here is the java sample codes for digital signatures - http://help.adobe.com/en_US/livecycle/11.0/ProgramLC/WS624e3cba99b79e12e69a9941333732bac8- 7513.2.html
  Hope this helps.
  ~ Varun Nohria