NWSSO and Digital Signatures

Similar Messages

• Adobe Interactive Forms and Digital Signature

  Adobe Interactive Forms and Digital Signature
  Hi, I’ve a question if it works to digital sign interactive PDF documents created by an SAP BPM System? So is it possible just to sign the content, and not the interactive components like layout and buttons e.g.?
  Thanks for your help.
  Regards,
  Tobi

  serverside or at the client??

• Encryption and Digital signature in SAP

  Hi,
  We have a requirement to encrypt the payment data before it is sent to a Bank using SAP XI.We are planning to have a ABAP proxy which will do the encryption and hopefully attach a digital signature.We are working in SAPR/3 Enterprise edition.Does SAP supports doing  Encryption and digital signature in  ABAP.
  Thanks,
  Leo

  Hi Leo,
  have a look here:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/icc/secure store and forwarddigital signatures user guide.pdf
  regards Andreas

• Security Issues: SSL on SOAP Adapter and Digital Signature in BPM

  Hi there,
  we're developing a R/3-XI-3rd Party Application scenario, where the XI/3rd Party communication is based on a webservice (SOAP adapter with SSL). Also, the messages in the XI/3rd Party communication must be digitally signed. I've got some questions on both subjects.
  1. About the SSL. I've started to investigate what will be necessary to enable the HTTPS option under SOAP Adapter (it's not enabled now). If I'm not correct, all I need to do is:
  - check whether the SAP Java Crypto Lib is installed in the Web AS;
  - generate the certificate request in the Visual Administrator and, after acquiring the certificate, store it with the KeyStorage option.
  Is that right?
  I'm considering that I won't need to use SSL in the ABAP Web AS, only the J2EE Java Engine (since the SOAP Adapter is based on J2EE).
  2. About the digital signature. As a first solution, we had decided on accessing a webservice based on another machine running a signature application. We'd send the unsigned XML and receive a signed XML. But since that needed to be done into the BPM, I thought that using a piece of Java code in a mapping would suit it better.
  But to be able to use the hashing/encrypting/encoding algorithms, which library needs to be installed? Is it the same SAP Java Crypto Lib that was installed for the SSL enabling?
  Thanks in advance!

  Hello Henrique,
  1. You're right. For detailed instructions please have a look at the online help: http://help.sap.com/nw04 - Security - Network and Transport Layer Security - Transport Layer Security on the SAP J2EE Engine
  2. The SOAP adapter supports security profiles. Please have a look at the online docu http://help.sap.com/nw04 -Process Integration - SAP Exchange Infrastructure - Runtime - Connectivty - Adapters - SOPA Adapter - Configuring the Sender SOAP adapter and from the link under Security Parameters to the Sender Agreement. You'll find some additional information in the following document: http://service.sap.com/~sapdownload/011000358700002767992005E/HowToMLSXI30_02_final.pdf
  Rgds.,
  Andreas

• CFPOP and digital signatures

  Emails - Exchange 2003 mail server - that use "Digital
  signatures" do not show any Body text. Either in the "BODY" or in
  the "TEXTBODY" fields. Are there any work arounds or fixes for
  this?
  Thanks,

  Hi,
  I'm trying to use SAP Simple Digital Signature (username + password) with SSO.
  I implemented the following SAP notes: 1862737 (main note that makes in possible to combine Digital Signature with SSO, which means using Windows/Active directory password instead of SAP password), 1974495, 1975701, but unfortunately it is not working.
  I tried using SAP standard example of Digital Signature: program DSIG_BOOKING_EX (run from se38).
  When running this program in SAP GUI 7.2 (and even in the latest SAP GUI 7.3), a popup appears and asks for a password (Windows / Active Directory Password). When I type the password and press OK, I get the following DUMP:
  Category: ABAP Programming Error
  Runtime Errors: MESSAGE_TYPE_X
  Abap program: CL_GUI_CFW==========CP
  Application Component: BC-FES-GUI
  Do you know how to solve it?

• Acrobat Reader 8 and digital signatures

  What are the limitations of Acrobat Reader 8 with respect to digital signatures? I have been trying to create a form, that can be distributed through e-mail and digitally signed by Acrobat Reader 8 users, and am getting unpredictable results. It seemed like these users were able to sign this document last week, but today are unable to. Is the digital signature feature entirely stable?
  I have read through the documentation and it is vague at best and seems to blur the lines between Acrobat Reader and Professional.

  >What are the limitations of Acrobat Reader 8 with respect to digital signatures?
  Generally, it can't do them. (Adobe Reader, if I was being picky, the
  name was changed after 5.0).
  You CAN enable signing using a special function. However, you are
  contractually limited by the EULA; to oversimplify, no more than 500
  users per form, or uses per form.
  Aandi Inston

• Email and digital signatures

  When I open a .pdf document from an email attachment, I am unable to digitally sign it. After I sign it, the signature just disappears.
  Before the new IT people took over, I was able to open the document, select the digitable signature option, and Acrobat would tell me I needed to save the document. I saved it in the desired location and the digtigal signature would appear. How do I restore this process?
  Thank you.

  Maybe there is a separate email client app in the App Store that supports PGP or S/MIME (the built-in email doesn't).

• SSF and digital signatures

  Hi Guys!
  I need to exchange XML documents with third-party. The aproach is to generate it from SAP and then sign it with Digital Signature.
  I found information, that I could use SSF to achieve it. On help.sap.com I found information, that I could use SAP Cryptographic library.
  I have installed SAP Crypto and I maintained ssfrfc.ini file:
  SSF_LIBRARY_PATH = D:\CRYPTO\sapcrypto.dll
  SSF_TRACE_LEVEL  = 3
  SSF_MD_ALG       = MD5
  SSF_SYMENCR_ALG  = DES-CBC
  Now I want to test it with report SSF01 - but I'm getting an error:
  Result:  SSF_API_NOSECTK
  Version information:                                       61
           SSFRFC V1.46.3 No security toolkit version information found.
  So I thought I will manually run ssfrfc.exe. And again I'm getting an error:
  =================================================
  === SSF INITIALIZATION:
  ===... SSF initialization file ssfrfc.ini found.
  ===...SSF library is D:\CRYPTO\sapcrypto.dll .
  ===...SSF trace level is 3 .
  ===...SSF hash algorithm is MD5 .
  ===...SSF symmetric encryption algorithm is DES-CBC .
  ===...completed.
  =================================================
  =================================================
  === LOAD SSF FUNCTIONS:
  ===...could not load SSF library D:\CRYPTO\sapcrypto.dll .
  I checked two libraries:
  SAPCRYPTOLIBP_8412-20011729
  SAPCRYPTOLIB_36-10010888
  I checked all file destinations and so on at least three times. I don't have any new idea to make it working. Please help me.
  Best regards
  Ana

  Hello Anatoly,
  I had exactly the same issue with a SSF library provided by SBKontur (RU). Their library "KonturSSF.dll" could not be loaded by ssfrfc.exe on the frontend, the trace file contained something like:
  =================================================
  === SSF INITIALIZATION:
  ===... SSF initialization file C:\Program Files (x86)\SAP\FrontEnd\SAPgui\ssfrfc.ini found.
  ===...SSF library is C:\Program Files (x86)\SAP\FrontEnd\SAPgui\KonturSSF.dll .
  ===...SSF trace level is 5 .
  ===...SSF hash algorithm is SHA1 .
  ===...SSF symmetric encryption algorithm is DES-CBC .
  ===...completed.
  =================================================
  =================================================
  === LOAD SSF FUNCTIONS:
  ===...could not load SSF library C:\Program Files (x86)\SAP\FrontEnd\SAPgui\KonturSSF.dll .
  After some investigation I found out by calling the ssfrfc.exe directly in a Windows command box with option -D, that the library had dependencies to Microsoft's C runtime libraries MSVCP120.DLL and MSVCR120.DLL.
  Unfortunately, this is not logged into the SSF RFC Trace File dev_ssfa*, but only shown as error message in a popup window if you execute ssfrfc.exe directly as mentioned before.
  So you should try this in order to find out if there are dependencies with your special library.
  Kind regards
  Heiko

• E-Pad and digital signatures

  Folks,
  Our company is implementing a new process wherein at the time of shipment, they would like to have the truck driver sign an e-Pad and the signature should be imported onto the bill-of-lading output. We have a customized delivery process and due to the volume of shipments, we do not want the truck drivers to spend anytime like saving the signature image to the desktop and then import into SAP etc.
  We want the signature to be imported from the delivery screen (custom developed) onto the bill of lading output at the click of a button. We are using SAP version 4.7 and the e-Pad signature is from interlink electronics, who appear to be naive in SAP. We are open to look at other vendors for e-Pad or e-Signatures.
  Hence, please help in the following ASAP:
  1. Does SAP 4.7 have any limitations to import digital signatures?
  2. Do anyone have any experience with e-Pad with interlink or can suggest any other vendor/product that can be readily used for this purpose?
  Thanks and Regards,
  Ram

  Hi  Ram Murthy,
  I built a solution with Netweaver 731 SP5. Here is the link http://scn.sap.com/docs/DOC-47480
  I wish I could have helped back in 2008 !
  Cheers.

• SAPGUI SNC logon and digital signature

  Dear all,
  I have setup in a test environment a sap logon with SNC in order to use the active directory authentication instead of SAP R/3 User and Password. It works well. So I can enter directly in the system without specify R3 user and R3 password. My users have no to maintain R/3 password anymore.
  Now I have a problem. For some transactions we have implemented the digital signature in order to have a further authentication when we want to perform some critical task. An example is releasing dms document in CV02N transaction.
  Our customizing for digital signature is:
  System signature with authorization by R/3 user ID/password
  The other options are:
  User signature with ext. security product with verification
  User signature with ext. security product w/o verification
  So the system still ask to the users their R/3 password for the authentication when they try to "sign" a document.
  Do you think there is a way to configure the system in order to ask and check the active directory user password instead of R/3 password? Where can I found documentation about it ?
  My system is SAP R/3 4.70 ext 2 on windows 2003 r2 sp2 x64.
  My active directory is based on Windows 2003 x32 sp2 in native mode.

  Hi,
  We are running SAP ECC Version 6.0 wih Netweaver 7.1.  We also talked with SAP about this and they have given a small BADI to disable the R3 user id and Password prompt.  However, they informed us to write a own coding to activate/authenticate with LDAP.
  Wondering, what need to modify and which functional module.  I saw the below from one of the thread...Please let me know what to modify in the coding to make the LDAP authentication works.
  +There are some options for what changes need to be made to the SSFT_PPPI_SIGN function module:+
  +1. It could be changed to call a SAP supplied function module called LDAP_SIMPLEBIND. This would mean that a user and password entered by user would then be checked with LDAP server (e.g. Active Directory) instead of the user and password entered being checked with SAP user store, which of course won't work when SNC is enabled because user SAP passwords are then deactivated.+

• Email attachments and digital signature

  I used to be able to open a email attachment, review it and then digitally sign it.
  Since the new IT people came it, the digital signature simply disappears. Any way to restore this function? Thanks.

  We experienced a similar problem when Adobe updates were installed. It seems that a recent Adobe update took away the capability to save your digital signature directly to the PDF email attachment, then forward the email with the signed attachment. Now, when we open a PDF email attachment and place a digital signature, as soon as we have entered our password for our digital signature, we are prompted with the "Save As" dialog box asking us to save the document somewhere on the hard drive of our computer (the default location is My Documents). If you hit Cancel, then the signed version does not get saved. The attachment remains unsigned. So we learned we needed to go through the Save As dialog and choose (and remember) a location to save the PDF, such as My Documents or Desktop, then reply or compose a new email and attach the signed version that we had just saved in Documents/Desktop. We used to be able to hit the Save icon in Adobe and save our changes (digital signature) to the email attachment. Having to save the PDF somewhere other than the email itself is an extra step we'd prefer to avoid, and we'd be happy to learn of a way to go back to our old method. I believe the key was that Adobe would save the signed version somewhere in the "temp files" on the C drive and automatically use that version when the email is forwarded. And I think Adobe did away with that, unless there is a way to revert to that method using Preferences?
  But I wonder if the Asker of this question is able to click "Place Signature" and has an opportunity to "Save As," saving the PDF on the hard drive of the computer for future attaching? Are you hitting "Cancel" in the Save As dialog?
  If you save the signed PDF (i.e. in the default My Documents), then a slightly quicker method than having to browse to the saved document in Documents is, you can click on the envelope icon (Sharing) at the top of the screen. Then click the "Attach to Email" circle and click the "Attach" button. This will generate a new email in your email application (i.e. Outlook) with the signed PDF attached (Adobe pulls the signed version that you previously saved to your Documents). The downside to this is that the generated email will not have the original email thread or subject line, so you will need to add a relevant subject line.
  Some of our users reported that they used the Share ... Attach to Email feature and their signatures would get wiped from the email attachment after they hit send. However, this phenomenon has not been witnessed since the most recent Adobe software update.

• How to create table and digital signature ?

  Hello,
  I would like to ask two questions regarding SAP interactive forms by adobe.
  1st question:
  How to create table in interactive form?
  Table that i can add rows and column and will show it in the form.
  Example the rows and columns that i want:
  <u><b>ID:</b></u>                <b><u>Name:  </u>  </b>               <u><b>DOB:</b></u>
  1                  Jack                      01/02/80
  2                  Ivy                         10/12/82
  2nd question:
  How to create digital signature ?
  I'm creating a adobe forms which need employee to sign on the form. I use signature field at my form. However, i don't know how to create a new signature and insert in the signature field.
  Can any one provide the answer with step by step guide?
  Thanks a lot

  Hi Pradeepa,
  you said you have your digital signature in
  BMP format? That means Bitmap and would mean you are actually talking about a picture! THIS IS NOT A DIGITAL SIGNATURE!
  A digital signature is a cryptographic key (aka public key cryptography) that is used to digitally sign a document, or at least a hash value derived from the document. Digitally signing means, applying the key in a well defined way (this is the algorithm used) to the document or hash value. You do this with your private key and the receiver of the document can then use your public key (which you can distribute in any way you want, even unsecure) to unencrypt the hash value. If this succeeds the receiver knows that the document was signed by you.
  This is because both keys are mathematically related in such a way, that what one key encrypted can only be decrypted by the corresponding other key and by no other key. You even can´t decrypt a document with the same key it was encrypted with, this is the difference to symmetric encryption - please have a look at help.sap.com and search for digital signatures.
  The named formats (afs, pfx and p12) are ways of coding the key, together with information about your person, such as email address and information about validity of the key into a
  certificate. This type of certificate is then called a x.509 certificate and is the same you might have seen when connecting to a secure webserver such as the one of your bank website. 
  Signing a form with such a certificate provides for mathematically and therefore business related proove of a users identity.
  In case you are really using a bitmap, this cannot work and would not serve you any good.
  Ask yourself this question: I want to make sure that the form was signed by a specific person. How can I make sure that the signing can only be done by the person pretending to have done so?
  A bitmap contains a picture, probably of the persons handwritten signature. How can I make sure that this picture was NOT recreated in MS Paint or Photoshop by someone else?
  The answer is:
  you can't! Therefore this way of prooving identity is useless. 
  You need to provide your users with digital signatures, put these in the certificate cache of your IE.  If a user then clicks on the signing field, the private key is used to digitally sign the form - create a hash value of the form and encrypt it with the private key. After the form is send back to the server or you, you use the corresponding public key to decrypt the hash value and, as said above, if this succeeds, identity of the signer is proven.
  THIS IS AN OVERSIMPLIFICATION! You might want to take a look at Adobe Reader Credentials.
  Regards,
     Christian

• Adobe Acrobat 8 Pro and digital signature

  cannot use and register my digital signature in Adobe Acrobat 8 for Mac. I managed to use it under Windows, by the way.
  The Siemens HiPath SIM card uses OpenSC SCA http://www.opensc-project.org/sca
  It's on USB token, using built-in Mac OS X driver.
  I works fine in Keychain, Mail, Firefox, but not in Safari and Adobe Acrobat.
  In Acrobat -> Sign -> Place Signature -> Browse for newly inserted hardware tokens
  and then nothing happens, cannot find the inserted token, although Keychain finds it.
  Acrobat -> Security Settings -> Add Digital IDs -> Browse for newly inserted hardware tokens
  and then nothing happens
  Acrobat -> Security Settings -> Add Digital IDs -> PKCS#11 Modules and Tokens -> Attach Module -> Locate a PKCS#11 Module
  I put the line
  /Library/OpenSC/lib/opensc-pkcs11.so
  which is the installed OpenSC SCA PKCS#11 Module and a massage appears:
  Cannot load PKCS#11 Module
  Is it possible to use digital signature in Acrobat at all?

  Can’t ready your reply…
  Tim West
  Helpdesk Coordinator II
  mailto:[email protected]
  972-421-5236 Helpdesk
  855-355-4638 Helpdesk
  CONFIDENTIALITY NOTICE: This electronic mail transmission is confidential, may be privileged and should be read or retained only by the intended recipient. If you have received this transmission in error, please immediately notify the sender and delete it from your system.

• Transfer attachments and Digital Signatures,from a PDF, to Interactive Form

  Hi,
  I am developing an an application in WebDynpro Java.
  I have a requirement that a user A creates a new interactive form & fills some of the details, & then saves the form.
  User B then fetches the form & fills the remaining details.
  User A can add attachments & digitally sign the form(using digital signatures).
  When user A  saves the form, the application saves it in the JDT. The application fetches the pdf from the JDT & shows it to the user B.
  The problem is that, when the form is displayed to user B, i need to pass a variable(using context nodes) to the form, so that some of the properties(visibility,read-only,etc) of the UI elements(of the form) changes, depending on the variables' value.
  For this purpose, i need to use the Form for user B in ""UpdateDataInPdf" mode.
  But if i do this, then all the attachments, signatures saved in the pdf form(by user A), do not get transfered to the Interactive Form of User B!!
  How do i overcome this problem??
  I am using NW7.0 SP13.; Designer7.1, xACF is installed.

  Hi everyone,
  I solved this issue using the transferPDFDataIntoContext of the WDInteractiveFormHelper class.
  The AIF mode must be set to usePdf.
  I hope it will be useful.
  Regards,
  Mirco

• CHARM and Digital signatures

  Hi SAP Solman Gurus,
  I have configured CHARM in solman 4 system
  its working perfectly fine, Now I wanted know if there is anyway by which you can integrate digital signatures with CHARM
  I want system to prompt for digital signature verification while approving a change request by change manager.
  Waiting for a positive reply
  Thanks in advance.
  Yunus

  Yunus,
  Did you find the solution to give a prompt for digital signature? Can you please share it? I am also looking for the same solution.
  Thanks in advance.
  Bipin