FAQ

LiveCycle ES: how to uninstall a patch or service pack

- David McMahon

 

Issue

If you have installed a patch or service pack for LiveCycle ES you may need to uninstall this at a later date, or you may have a requirement to document this process fully as part of your installation/configuration documentation.

This information is outlined in the readme file provided with each patch or service pack, and I will just expand on that giving some more detail here.  In this example I will discuss uninstalling LiveCycle ES Update 1 SP4 (8.2.1.4), to go back to LiveCycle ES Update 1 SP3 (8.2.1.3) on Windows.

Preparation

Before installing/uninstalling any patch you should take note of the current versions installed so you can verify your steps have been successful later.  Take a screenshot of the About screen, and the Service Management screen from the AdminUI.

AdminUI > About screen (note the Patch version “SP4″ and Service Pack version “8.1.5192.1.284202.47″, and the Patch level of each deployed component “SP4″):

AdminUI > Services > Applications and Services > Service Management screen (note the Component Versions “8.1.5192.1.284202.47″, “8.1.5193.1.279333.70″, etc…):

Before running through the uninstallation process it would advisable to make a backup of your existing configuration in case any unexpected problems should arise.  To do this, you should make a copy of the entire LiveCycle installation directory (excluding the MySQL folder if it exists within the LiveCycle directory).

You should also take note of the following configuration properties from AdminUI > Settings > Core System Settings > Configurations:

  • Location of temp directory
  • Global document storage root directory (Changing this value will result in data loss unless you also manually move the data)
  • Location of the Adobe Server Fonts directory
  • Location of the System Fonts directory

If you have LiveCycle Content Services ES installed, you should also have the location of the Content Services root directory which you entered during the original installation/configuration process.

——-
Read the full blog post at http://blogs.adobe.com/dmcmahon/2011/12/20/livecycle-es-how-to-uninstall-a-patch-or-service-pack/.

Security misconceptions – Watermarks, Usage Rights and Rights Management

-Tai

There is a confusion about what features of Acrobat and PDFs in general offer by way of securing documents. I would like to do a very cursory overview of the items that I have so far seen users consider “security.”

To be clear, by “security” I mean the ability or inability to access the contents of the PDF, thus safeguarding information from entering the wrong hands.

1) Not Security-Oriented

a) Watermarks

Unlike on your Dollar, Euro or Pound notes (etc), the watermark is NOT a guarantee of integrity, veracity or anything at all.

In the PDF world, a visible watermark only exists as a notification mechanism. If a watermark says “Confidential,” it is only warning the viewer that the content is confidential, but will not otherwise try to make itself indelible.

It is meant to be a very visible mark on the page, with the added property of not completely obfuscation the items underneath (allowing readability to be maintained)

b) Certification

A Certified PDF carries a digital signature certifying that certain things can and cannot be done with it. Namely:

-A PDF certified to run privileged scripts can run scripts requiring special privileges, such as writing to the hard drive.
-A PDF certified to be unmodified means that so long as the PDF has been modified withing given parameters (fields filled in for example), then the certification will hold. If a visual aspect of the PDF changes though, the certification will be broken, and Acrobat will report an error.

Certification covers a number of other use cases as well, but I hope the above illustrates sufficiently why this is a not a security-related item, rather a usability concern.

c) Reader Extensions Usage Rights

Acrobat and LiveCycle can extend the usability of PDFs to Adobe Reader, the free PDF viewing application. By extending usability features, you can allow Reader users to fill in forms and save that content, add comment annotation, and other functionality.

However, if the same extended form is opened in Acrobat, the user can do to the PDF pretty much anything that Acrobat has at its disposition.

REUR adds functionality to Reader. Any extra functionality it does not add is a restriction that Reader already had.

2) Security-Oriented

a) Password Protection

Using password protection, you can encrypt the PDF so it can only be opened by a person who has the password. You can also prevent the PDF from being used in certain ways, such as modifying the pages.

You cannot however track who has opened the PDF, when and at what IP. That is the domain of Rights Management.

b) LiveCycle Rights Management (aka Policy Server)

LiveCycle 7 introduced Policy Server, later renamed to LiveCycle Rights Management. Adobe LiveCycle/ADEP Rights Management protects your documents from being accessed by parties you have not authorized to do so.

This allows the document publisher to:
-protect with a user ID/password combination
-force the identification to go to a remote server
-restrict usage rights depending on the user’s group

……………..

Read the full article at http://blogs.adobe.com/an_tai/archives/176.

The Future of Adobe LiveCycle

- Kevin Schmidt

With all the Adobe news lately, I wanted to make sure everyone knew the future of Adobe LiveCycle. Here is the statement from Arun Anantharaman, vice president and general manager, LiveCycle and Adobe Connect.

“Since Adobe’s entry into the Enterprise market in 2002 with the acquisition of Ottawa-based Accelio, we have built a large portfolio of LiveCycle customers. We will continue to sell and support our LiveCycle products in the government and financial services markets, two areas where the LiveCycle value proposition remains especially strong. Outside of those markets, we are now planning to focus our Enterprise efforts on products targeting the digital marketer, including the Digital Marketing Suite and Web Experience Management solution. In addition, Adobe is fully committed to the success and satisfaction of our customers and we intend to build long term strategic relationships with them. We will continue to support all existing and future customers of our solutions.”

So, there you have it, feel free to ask any questions in the comments and I will do my best to get them answered for you.

——-
Original article at http://www.underprise.com/2011/11/11/the-future-of-adobe-livecycle/.

Disabling Session Re-Writing in BlazeDS and LCDS

- Alex Glosband

Session re-writing is the practice of adding the session identifier to the HTTP request URL instead of passing the session identifier as a session cookie. Session re-writing is usually used when cookies have been disabled on the client. It is an easy way to let clients that do not allow or support cookies maintain session state with the server but it poses some security risks. The session identifier is passed in the URL which means that it is not encrypted even if the request is made over SSL/HTTPS. Because of the security risks associated with session re-writing, the Open Web Application Security Project (OWASP) recommends that session re-writing only be used for low-value sites. In this article, I will show you how to disable session re-writing in BlazeDS and LCDS to help secure your application.

In BlazeDS and LCDS, the session identifier is typically either the JSessionId (for servlet based endpoints in BlazeDS or LCDS) or AMFSessionId (for NIO HTTP based endpoints in LCDS).

Note that the RTMP protocol doesn’t use HTTP, so the issue of session re-writing doesn’t apply to RTMP endpoints.

When the BlazeDS or LCDS server receives a request with no session identifier (either a session cookie or session id URL parameter) a couple things happen. A new session is created. A Set-Cookie header with the session id is added to the response. Also, an AppendToGatewayURL header with the session id is added to the AMF or AMFX response message.

Read the full blog post at this URL.

ADEP: Flex tile is blank? Use the supported Flex SDK version

- Scott Brodersen

I recently had the opportunity to help troubleshoot a Composite Application Framework issue. A member of our community worked through the Create a composite application module of the Create Your First ADEP Experience Server Application tutorial.

Problem: The Flex tile did not populate (it was blank), although the HTML tile appeared fine.

Solution: Use Flex SDK 4.5. Do not use version 4.5.1

Note: This problem/solution applies to ADEP 10.0.0.0. I don’t know what version of the SDK that future ADEP/CAF releases will support out-of-the-box.

If you used Flex SDK 4.5.1 by mistake, here is how to configure the project and tile to use Flex SDK  4.5.0:

  1. In Flash Builder, right-click the Flex project for ADEP and click Properties.
  2. In the properties tree, select Flex Compiler.
  3. At the top of the Flex Compiler panel, set the SDK version to Flex 4.5.
  4. Click OK and when the scary message about overwriting the html-template pops up, click OK.
  5. Open the catalog file (.cxml).
  6. Locate the tile:TileClass element for your tile and in the tile:Content child element, change the value of the flexSDKVersion attribute to 4.5.0.
    <tile:TileClass fitContent="true" height="300" label="WatchedFunds" name="WatchedFunds" width="600">
          <ct:Metadata>
               <ct:Description/>
          </ct:Metadata>
          <tile:Content contentType="application/x-shockwave-flash" flexSDKVersion="4.5.0" loadAs="module" uri="${catalogURL}/tiles/WatchedFunds/WatchedFunds.swf"/>
    </tile:TileClass>
  7. Save the file.

——-

Original article at http://blogs.adobe.com/ADEPhelp/2011/10/adep-flex-tile-is-blank-use-the-supported-flex-sdk-version.html.

Acrobat Reader Extension limitations

- Michael Steward

I’ve been doing a piece of work for a customer who wanted a simple form distributed around their organisation for staff to fill in and return.  The only additional requirement was that end users need to be able to save the document whilst filling it in.  Most of my work to date has been using the Adobe LiveCycle product suite and so I naturally turned to Reader Extensions ES2 which would give end users the ability to save documents offline but comes at a rather large premium in terms of licence costs.

I’d always ignored Acrobat as I’d never needed to use it’s standalone functionality but something about the simplicity of this requirement made me look again.  Sure enough since a few versions ago Acrobat now has a form of Reader Extension capability.  Form designers can use Acrobat (or Designer) to create their form and distribute it via Acrobat and reader extend it (note to Adobe: make this easier to find in Acrobat X Pro, currently it’s hidden under the “Save As” file menu for some reason).

This all seemed a little too easy and instantly made me want to find some sort of limitation as otherwise Reader Extensions ES2 would look a very expensive option compared to the relative inexpense of purchasing Acrobat X Pro licences.  I eventually turned to the EULA, searching for some sort of “gotcha” for this feature.  Sure enough there is one (section 16.8.3).

Read the full blog post here.

Converting DOC(X) in LiveCycle PDF Generator yeilds error: ALC-PDG-019-060-Encountered error while importing the XMP file.

- Tai

When PDFG ES2 converts Word documents, it extracts the metadata and compiles it as an XMP for the PDF.

There is a known problem however, when a file contains custom metadata: PDFG cannot compile the XMP properly for such files.

To check the metadata in the DOC, open Word.
Use the MS Office menu (the big round one, top left) : Prepare : Properties
A small yellow info bar will appear above the editing area.
In that area, Click “DIP Properties – …” and select “Advanced properties …”
Go to the “Custom” tab

If there are items in the space at the bottom labelled “Properties”, then your DOCX is likely to fail to convert.

There are two solutions to this:

A) Workaround.
1/ Log on to the LiveCycle Admin UI
2/ Go to Services : PDF generator : File type Settings : [your file type settings]
3/ Open Word file type settings
4/ Uncheck “Convert document info”
5/ Save

This will prevent PDFG from trying to extract and convert the Word metadata – thus excluding the problematic custom information

2) Obtain the patch

If you have an Adobe Platinum support agreement, you can contact technical support and request the patch.

——-
Original article at http://blogs.adobe.com/an_tai/archives/64.

Updating a LiveCycle Process on a Live System

- Tai 

Recently I have been seeing reports of stalled / failed processes, both short-lived and long-lived. It turns out that in some cases, the process developers were updating processes on their live systems without taking due precautions. The following post is to explain what is actually happening under the hood, and why you can’t simply “hot change” a process.

A simple process

Imagine you have a process called MyNotify with two steps in it: a first task (not start point) AssignUser, and a second task SendEmail. Pretty straight forward.

You have deployed this process, and process instances are merrily being kicked off. Great. Now you realize that you don’t want the AssignUser task; rather, you want a Workspace Start Point. Remove the AssignUser task, configure the Workspace Start Point to open the same form as you had in the now deletd AssignUser task. Save and deploy.

You may now start getting calls from your users saying their form submission never resulted in an email. Upon investigating, you will likely find errors saying that “Job ID could not be found for Job […]“.

Oh no. What happened?

Tasks not found

Let’s wind back to where there were two steps. When a process instance is kicked off, what happens is that an entry in the database is made saying that process MyNotify has been kicked off by user “Alice” (for example), and it has been assigned to Alice, in the AssignUser task.

When Alice submits the form, LiveCycle goes to its database and checks the process – Alice just submitted the AssignUser step, so it checks MyNotify for an AssignUser step, and figures out what to do next from that.

If you have deleted the AssignUser task from MyNotify, LiveCycle will be unable to determine what to do next – and stall the process instance. Future instances should work fine (they are before the change point), anything that was at the SendEmail point in the process will be fine as well (they are after the change point). It is specifically process instances that are in a state that could be affected by the change that risk failure, and that will happen without possibility of roll-back or recuperation (bar performing some incantations in the database to recuperate the data, and then constructing some half-processes to mimick pre-change parts of the changed process, in the hope of pushing the data onwards — a lot of avoidable hassle, itself prone to failure).

Staying safe

It is understandable that you may think that if the process were modified, already-running processes would continue with the older version. This is not so, or at least, not in this scenario.

When kicking off a new process instance, LiveCycle does not automatically make a copy of the process to be followed should a new edit of the process come into existence. Maintaining a copy of all the configurations of a process for each instance created would cause extremely severe performance issues on the server, so a more de-coupled implementation serves best. The work of ensuring that a new copy of the process configuration is created is left up to the process developer.

Once a process is deployed, there are only two “safe” ways of updating the process.

Application Version

The first is to create a new Application version, and when all the new changes are made, deploy the new version.

  • All old instances will continue their course in the old version.
  • Workspace processes will kick off in the new version
  • Calls to the old version of the process will still call the old version

Once you have ascertained for sure that NO more processes from the old version are running, and that no applications rely on the old version, you can safely undeploy it from runtime, and delete it if you so wish.

When will references point to the new version automatically?

Having done this, all references to sub-processes inside the same application will be updated, as will all resources referenced relatively inside the application. For example, MyApplication/1.0/ProcessA can reference /FormA (in Assign User tasks for example) which means “the current application’s version’s FormA”. A sub-process on the process-workflow convas will be referenced relatively if the sub-process is contained inside the same application.

When do you need to update references manually?

Take special heed however — processes and resources that do not reside in the same Application do not see their references updated — they are absolutely referenced. If MyApplication/1.0/ProcessA is upgraded, it will not change the references to, for example, OtherApplication/1.0/OtherProcess. Similarly, if we upgrade to OtherApplication/2.0/OtherProcess, then MyApplication/1.0/ProcessA will still point to OtherApplication/1.0/OtherProcess.

Finally, note that if you create a new version of an application, all resources and processes are copied over with it with new version numbers too, and any textual references to other resources remain the same. So if MyNotify/1.0/ProcessA has a variable referencing MyNotify/1.0/FormA, then MyNotify/2.0/ProcessA will also reference MyNotify/1.0/FormA ; the same goes for resources uch as XDPs, XSLTs, and any other resources stored in an Application. The reason for this is that these references are stored as “strings” (pieces of text) and Workbench cannot, upon creating a new version, differentiate what snippets of text all through the Application are versions to update, what versions should not be updated, and what strings do not actually contain versions at all.

Down time (clean “brute force” update)

The other way is to plan downtime.

  • Prevent people from kicking off new processes
  • Let all processes complete
  • … and only then deploy the new edit of the process

You could choose the second method to avoid having to update references to resources, but it would defeat the purpose of having this versioning at all and does, unavoidably, incur the overhead of a downtime.

——-
Original article at http://blogs.adobe.com/an_tai/archives/143.

Go to Top