June 2008 Archives

Adobe Reader 9 offers a great new perspective on Digital Signatures and how they are viewed by end-users. You will notice that the validity of the signature is no longer indicated by an icon directly on the signature itself (the famous yellow triangle). Instead, you will find a new bar provided at the top of the PDF indicating the validity and status of the signatures on the form. For additional detail on individual signatures a new side-bar gives you a full view of individual signature status along with form changes that may have occured between signatures (for example).

dn is the fully qualified name for any object present in the directory server. Depending on the directory server they may be of different formats

* Active Directory - CN=sampleuser,CN=Users,DC=companydomain,DC=global,DC=company,DC=com
* Sun One - uid=sampleuser,ou=People,O=company.com

For users/groups belonging to an Enterprise domain an unique id is required. This unique id as the name implies uniquely identifies the user/group in the directory server from where it has been synched. Any attribute which is used for unique id should have following two properties

1. Should uniquely identify the user/group - No two unique identifier must be same ever i.e. even if the object gets deleted the same id SHOULD NOT be issued to any new object
2. Should remain constant throughout the object's life time

At a first glance dn of any directory object looks like a perfect fit for unique id. But it does not satisfy the second requirement. Depending on directory server configuration the users may be divided by there departments or any other criteria. So following scenarios may arise

* A user sampleuser belonging to sales dept would initially have dn as cn=sampleuser,ou=sales,ou=example,ou=com. Later the person moves to a different dept and as such his dn would then change and would thus break rule 2
* A user tuser having dn as cn=sampleuser,ou=sales,ou=example,ou=com leaves the company. Another user then joins having the name sampleuser and thus assigned same dn. In that case when that user gets synched in the UM would get the roles given to earlier user which is not correct.

So admin must use an attribute which satisfies both the above conditions. Our recommendations are

* Active Directory - objectGUID
* Sun one - nsuniqueid
* IBM Tivoli - ibm-entryuuid
* Novell directory - guid

Using the WebLogic Admin Console, navigate to the 'Server Start' properties of the managed server that hosts LiveCycle. Add the following to the 'Arguments' field. The port used (1044) should be available on the node:
-Xdebug -Xrunjdwp:transport=dt_socket,address=1044,server=y,suspend=n

Re-start the managed server. Point your debugger at the debug port (1044 in the example above).

If the managed server is being started from a script, the debug arguments should be added to the startup script, instead of within the Admin Console.

If you would like to ensure that users do not apply Digital Signatures to incomplete forms, after the signature is applied, reset the Signature field using the "resetForm" method along with the full name of the signature field:

var doc = event.target;
doc.resetForm("XMLExampleForm[0].XMLExamplePage1[0].SignatureField1[0]");

In this example the user must enter the Name field to apply a valid signature. If the Name is removed or the Name is not entered, the signature field is cleared.