Tag Archives: administration

Converting HTML pages to PDF containing Middle-Eastern and Indic characters with LiveCycle ES4

When you convert a file that contains characters of Middle-Eastern or Indic languages to a PDF document, the characters of Middle-Eastern and Indic languages does not appear in the output document. To convert the documents that contain characters of Middle-Eastern or Indic languages to a PDF document, use Adobe Acrobat WebCapture.

To know more, read Sudhanshu Singh's blog post on the LiveCycle blog.

Canonical name ‘vs’ User ID


Recently I worked on a customer issue where in they were seeing an error when the user logged into their AIR client on MAC and was unable to access the application.

The error seen was :

LC_AuthenticateUser Error: com.adobe.idp.um.api.UMException| [com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16386 errorCodeHEX:0×4002 message:user_identifier:Z027223 domain:DefaultDomcom.adobe.idp.common.errors.exception.IDPException| [com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean] errorCode:13316 errorCodeHEX:0×3404 message:user_identifier: Z027223 domain:DefaultDom;


Read the complete post at Adobe LiveCycle Blog.

Managing User Access

You must have the Application Administrator role assigned to your LiveCycle ES2 user account in order to develop applications. In this role, you can assign limited access to the application development environment for users who have other roles assigned. You can permit other users to have the following type of access:

  • Read: The user can view the application.
  • Delegate: Although the user is not the Application Administrator, that user can extend read/write permissions to another user.
  • Write: The user can modify the application and save the changes.

Essentially one can classify user permissions under the following two categories:

  1. Role Based Permissions
  2. Resource Level Permissions

Role Based Permissions typically would cover the roles that the user has been assigned via the Role Assignment interface and this supersedes the “Resource Level Permission ” which are assigned via the Manage Access interface as described in the following link.

In order to achieve the above scenario one would need to ensure that the user has not been assigned any such permissions which would otherwise allow the user to perform the Read/Delegate/Write operations on an application.


Read the complete post at https://blogs.adobe.com/livecycle/2012/07/managing-user-access.html.

LiveCycle ES3: CertificateException: Terminating SSL connection – The server is not trusted

- David McMahon, Senior Technical Account Manager @ Adobe


If you are using LiveCycle ES3 Digital Signatures to apply signatures to PDF documents using a timestamp (TSP) server you may encounter the following exception:

WARN  [com.adobe.livecycle.signatures.pki.client.PKIException] (http- Exception from transport package   (in the operation : internalSendReceive)

Caused By: java.security.cert.CertificateException: Terminating SSL connection – The server is not trusted(Alerts.java174)

Caused By: Terminating SSL connection – The server is not trusted(PKISocketFactory.java255)


Read the complete post at David's blog.

LiveCycle ES3: Authentication failed for user (Scheme – Username/Password) Reason: Username or password is incorrect

- David McMahon, Sr. Technical Account Manager @ Adobe


If you are accessing any LiveCycle services and have problems getting a response, you may notice the following warning in the server logs:

WARN  [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] (Thread-21) 
Authentication failed for user [user] (Scheme - Username/Password) Reason: Username or password is incorrect. 
Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details

If you enable DEBUG level logging you will see the following DEBUG information in the log:

DEBUG [com.adobe.idp.common.errors.exception.IDPLoggedException] (Thread-21)
UserM:: [Thread Hashcode: 1796127844] com.adobe.idp.common.errors.exception.IDPLoggedException|
[com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] errorCode:12803 errorCodeHEX:0x3203 message:
Authentication failed for user [user] (Scheme - Username/Password) Reason: Username or password is incorrect
 =========== Authentication failure detail report ================== 
 Scheme Type : Username/Password 
 UserId : user 
 Current Thread : ajp- 
 Following are the response details from various authProviders.  
 1 - com.adobe.idp.um.provider.authentication.LocalAuthProviderImpl - 
 Authentication Failed : Exception stacktraces are avialable at TRACE level 
 Messages collected for this AuthProvider are provided below
      - No local user found with UserId [user] in Domain [DefaultDom]
      - No local user found with UserId [user] in Domain [EDC_SPECIAL]
These warnings in the log may also be accompanied by an Error 500 if you are attempting to call the LC services through a browser/web application.


Read the complete post at Adobe LiveCycle Blog.

LiveCycle ES2 Connector for Microsoft SharePoint – Upload Large File sizes

- Abhijit Ghosh, LiveCycle TRT Engineer @ Adobe

We were recently working on a customer scenario who was facing issues with uploading documents greater than 50 MB on the Microsoft Sharepoint Server 2010. There are a couple of things that one needs to keep in mind when dealing with large file sizes.


Read the complete post at Adobe LiveCycle Blog.

Configuring LiveCycle JDBC Data Sources in WebLogic for DB Failover

– Jayan Kandathil

For IBM WebSphere, see here.

LiveCycle ES2′s Configuration Manager (LCM) provides you two options for configuring JDBC data sources in WebLogic:

1) Package it inside the EAR files (more secure)
2) Create it in the WebLogic Admin Console

Choice #2 provides a lot more flexibility when it comes to configuring the data sources for database failover. Runtime configuration changes such as increasing the pool size can be done without having to un-deploy and re-deploy EAR files.

To ensure that the connections in the connection pool are valid, the following additional configuration changes are necessary. This is based on an actual customer deployment against an active-passive SQL Server database cluster. You can make changes as necessary to fit your IT environment.

1) In the ‘Connection Pool‘ tab for the JDBC data source, in the ‘Advanced‘ section, ensure that the checkbox for ‘Test Connections on Reserve‘ is checked

2) Set ‘Test Frequency‘ to 10 seconds

3) Set ‘Test Table Name‘ to “DUAL” or “EDCJOBENTITY”

4) Set ‘Seconds to Trust an Idle Pool Connection‘ to 5 seconds


6) Set ‘Connection Creation Retry Frequency‘ to 12 seconds

7) Set ‘Login Delay‘ to 0 seconds

8) Set ‘Inactive Connection Timeout‘ to 0 seconds

9) Set ‘Connection Reserve Timeout‘ to 10 seconds

Original article at http://blogs.adobe.com/livecycle/2011/04/configuring-livecycle-jdbc-data-sources-in-weblogic-for-db-failover.html.

Disabling Session Re-Writing in BlazeDS and LCDS

Alex Glosband

Session re-writing is the practice of adding the session identifier to the HTTP request URL instead of passing the session identifier as a session cookie. Session re-writing is usually used when cookies have been disabled on the client. It is an easy way to let clients that do not allow or support cookies maintain session state with the server but it poses some security risks. The session identifier is passed in the URL which means that it is not encrypted even if the request is made over SSL/HTTPS. Because of the security risks associated with session re-writing, the Open Web Application Security Project (OWASP) recommends that session re-writing only be used for low-value sites. In this article, I will show you how to disable session re-writing in BlazeDS and LCDS to help secure your application.

In BlazeDS and LCDS, the session identifier is typically either the JSessionId (for servlet based endpoints in BlazeDS or LCDS) or AMFSessionId (for NIO HTTP based endpoints in LCDS).

Note that the RTMP protocol doesn’t use HTTP, so the issue of session re-writing doesn’t apply to RTMP endpoints.

When the BlazeDS or LCDS server receives a request with no session identifier (either a session cookie or session id URL parameter) a couple things happen. A new session is created. A Set-Cookie header with the session id is added to the response. Also, an AppendToGatewayURL header with the session id is added to the AMF or AMFX response message.

Read the full blog post at this URL.

Understanding the LiveCycle GDS – and freeing up disk space

LiveCycle, as an piece of Enterprise software, tends to assume that you may want to keep a quantity of data around for posterity. Long-lived processes can cause a lot of disk space bloat, and whilst this is fine for those who wish to archive lots, this may not be ideal when running a lower-spec server.
In this article, I will point out the main areas where data and disk space use can happen, and how to clean up.

Read the complete post here.