ASSP Configurations
Adobe Signature Service Protocol (ASSP) is used for signing PDF documents using CA SignFort. Before signing, users are authenticated by using CA Strong Authentication authentication methods. A SAML token is returned to the user after successful authentication. This token is then verified by the SignFort Server. Using the asspConfigs element of the createRequest message, you can configure ASSP.
aa821test
2112646
Adobe Signature Service Protocol (ASSP)
is used for signing PDF documents using CA SignFort. Before signing, users are authenticated by using CA Strong Authentication authentication methods. A SAML token is returned to the user after successful authentication. This token is then verified by the SignFort Server. Using the asspConfigs element of the createRequest message, you can configure ASSP.The following table lists the asspConfigs element of the createRequest message:
Element
| Mandatory
| Description
|
name | No | Name for the configuration. |
status | No | Indicates the status of the configuration. |
tokenServer | No | The name of the server that issues the authentication token. |
roamingURL | No | The CA Auth ID PKI Roaming URL that will be used to download CA Auth ID PKIs in case of CA Auth ID PKI Roaming Download. In case of CA Auth ID PKI Roaming Download, if the user does not have their CA Auth ID PKI present on their current system, then the CA Auth ID PKI Roaming URL is used to authenticate to CA Strong Authentication Server and download the user’s CA Auth ID PKI. |
mechanisms | No | The authentication mechanism that will be used for authentication. The information required is: mechanism
The authentication mechanism that will be used to authenticate the user before signing. status
1 indicates that ASSP authentication mechanism will be used. |
samlTokenSigningCertKeyPair | No | Indicates the Store path that contains CA Strong Authentication Server certificate, and the private key that will be used by CA Strong Authentication Server to issue the SAML token. Following are the choices: KeyPairInHSM Set the certChainPEM element to CA Strong Authentication Server certificate chain in PEM format. KeyPairInP12 Set cerKeyP12 to the base64-encoded format of CA Strong Authentication Server certificate in PKCS#12 format. Set certKeyP12Password to the password of the PKCS#12 file. |
samlTokenAttributes | No | The attributes of the SAML token. The attributes required are: issuerName The name of the Issuer who will provide the SAML token generated by CA Strong Authentication. oneTimeUse Indicates whether the SAML token is to be used only once for authentication. assertionTimeOut The duration after which the SAML token cannot be used. audiences The details of the audience who can use the SAML token. |
kerberosUseProcessCredentials | No | Indicates whether Kerberos is to be used as the authentication method. |
kerberosUserName | No | User name for Kerberos authentication. |
kerberosPassword | No | Password for Kerberos authentication. |
kerberosDomainName | No | Domain name for Kerberos authentication. |