Using the Belgian eid card for accessing a LiveCycle Rights Management protected document
Typically LiveCycle Rights Management (a.k.a. Policy) protected documents use a userid/password mechanism for authenticating towards the policy server, and consequently open the protected document. A more secure way of authentication can be obtained by using client certificates. A real strong way of authentication can be accomplished when the authentication certificate resides on a smartcard, protected by a PIN code. The authentication certificate on the Belgian eid card is such an example. How can that be used to authenticate towards a Policy protected document?
To achieve this follow these steps:
1) First of all the authentication certificate must be known/registered/uploaded to the LiveCycle server. Open the adminui –> Settings –> Trust Store Management –> Certificates.
When importing the .cer file, specify that you want to trust the certificate for “Certificate Authentication”, and provide an alias.
2) Next this certificate must be mapped to an existing user in LiveCycle.
Open the adminui –> Settings –> User Management –> Configuration –> Certificate mapping.
The mapping between a certificate and a user is done for a defined alias, and is accomplished by mapping a certificate attribute (Mail, CN, DN,… ) to a user property (Full Name, Given Name, Mail, login ID, …).
In the case of the Belgian eid card the CN on the authentication certificate contains also the word “Authentication”. In my case my CN = Peter Schellemans (Authentication). So in order to get a working certificate mapping towards an existing user, make sure you have a user with a similar Full Name. In my case I have a user (adminui –> Settings –> User Management –> Users and Groups) with First Name = Peter, Last Name = Schellemans (Authentication).
3) Next add this user as part of your Policy. When opening the policy protected document you will now get the choice between userid/password authentication and client certificate authentication.
Tip to stay healthy:
If you want a higher level of security when authenticating towards a policy protected document, Adobe LiveCycle allows you to map certificates towards users, used in a policy definition.
Original article at http://www.drflex.eu/2009/01/using-the-belgian-eid-card-for-accessing-a-livecycle-rights-management-protected-document/?utm_source=rss&utm_medium=rss&utm_campaign=using-the-belgian-eid-card-for-accessing-a-livecycle-rights-management-protected-document.
Comments are closed.