Posts tagged administration

Using the Belgian eid card for accessing a LiveCycle Rights Management protected document

Peter Schellemans

Disease:
Typically LiveCycle Rights Management (a.k.a. Policy) protected documents use a userid/password mechanism for authenticating towards the policy server, and consequently open the protected document. A more secure way of authentication can be obtained by using client certificates. A real strong way of authentication can be accomplished when the authentication certificate resides on a smartcard, protected by a PIN code. The authentication certificate on the Belgian eid card is such an example. How can that be used to authenticate towards a Policy protected document?

Prescription:
To achieve this follow these steps:
1) First of all the authentication certificate must be known/registered/uploaded to the LiveCycle server. Open the adminui –> Settings –> Trust Store Management –> Certificates.
When importing the .cer file, specify that you want to trust the certificate for “Certificate Authentication”, and provide an alias.

2) Next this certificate must be mapped to an existing user in LiveCycle.
Open the adminui –> Settings –> User Management –> Configuration –> Certificate mapping.
The mapping between a certificate and a user is done for a defined alias, and is accomplished by mapping a certificate attribute (Mail, CN, DN,… ) to a user property (Full Name, Given Name, Mail, login ID, …).

In the case of the Belgian eid card the CN on the authentication certificate contains also the word “Authentication”. In my case my CN = Peter Schellemans (Authentication). So in order to get a working certificate mapping towards an existing user, make sure you have a user with a similar Full Name. In my case I have a user (adminui –> Settings –> User Management –> Users and Groups) with First Name = Peter, Last Name = Schellemans (Authentication).

3) Next add this user as part of your Policy. When opening the policy protected document you will now get the choice between userid/password authentication and client certificate authentication.

Tip to stay healthy:
If you want a higher level of security when authenticating towards a policy protected document, Adobe LiveCycle allows you to map certificates towards users, used in a policy definition.

—-
Original article at http://www.drflex.eu/2009/01/using-the-belgian-eid-card-for-accessing-a-livecycle-rights-management-protected-document/?utm_source=rss&utm_medium=rss&utm_campaign=using-the-belgian-eid-card-for-accessing-a-livecycle-rights-management-protected-document.

Workspace Polling in ADEP

ADEP Workspace now allows Administrators to modify the Workspace client polling interval without having to recompile the Workspace source code. A new Global Configuration setting is added to the Workspace Global Configuration settings xml file that allows Administrators to modify the client polling values. The new setting is called ‘client_pollingInterval’ and the default value is 3 seconds.

To modify the client polling value:

- Log in to the ADEP Administator Console and navigate to Home-> Services-> Workspace-> Global Administration and click the ‘Export’ button in the ‘Export global settings’ area.

- Save the ‘AdminGlobalSetting.xml’ file to your local file system.

- Open the file and locate the ‘client_pollingInterval’ tag and change the value to your new value.

- Save the file.

- In the Workspace Global Administration page click the Browse button in the ‘Import global settings’ area and locate the AdminGlobalSettings.xml file and then click the Import button. (No server restart is required.)

The next time your end users log in to Workspace they will be using this new polling interval.

——-
Original article at http://blogs.adobe.com/ADEP/2011/08/workspace-polling-in-adep.html.

Configuring Limits For LiveCycle Workbench Recordings

Chris Trubiani

I learned something new today and figured it was worth sharing for other people that didn’t realize these settings existed.  On a call I was asked why recordings of a process would stop after a certain number of steps and how that can be configured.  Honestly, I didn’t even realize we limited this, though now that I do it does make sense as a good idea to avoid having recordings take up a massive amount of disk space.  So I took the question offline and dug into it.

It turns out there are two configuration parameters to set limits for recordings done in Workbench.  The setting can be found and configured in Adminui under Services->Applications and Services->Service Management.  Select the AuditWorkflowService service, and then click the Configuration tab.  The two settings are:

  1. maxNumberOfRecordingInstances – This is the maximum total number of recorded processes that will be allowed on the server at any time.  By default the value is 50.  When you go to record the 51st process the 1st process recording will be deleted from the server to make room for the new one.
  2. maxNumberOfRecordingEntries – This is the maximum total number of steps in a process that will be saved in a recording.  By default the value is 50.  If a process being recorded consists of 75 steps, then the first until the 50th step will be saved into the recording.  Steps 51 to 75 will not be saved.

The first parameter is nice to know about, but I think in most cases having a history of 50 process recordings will be sufficient.  It’s the second parameter that is most likely to cause problems for people when trying to debug large processes.  To that end if you see the following warning in your server’s log file you’ll now know that your running into this limit and need to change the value accordingly:

WARNING: stop recording entries due to space limitation.

——-
Original article at http://blogs.adobe.com/livecycle/2011/04/recording-limits.html.

Change the GDS (Global Document Storage) location of a Production LiveCycle ES System

Important Remark:
Within the LiveCycle Documentation you will find the following on the GDS:
“The global document storage (GDS) is a directory used to store long-lived files such as PDF files used within a process or DSC deployment archives. Long-lived files are a critical part of the overall state of the LiveCycle ES environment. If some or all long-lived documents are lost or corrupted, the LiveCycle ES server may become unstable. Input documents for asynchronous job invocation are also stored in the GDS and must be available in order to process requests. Therefore, it is important that the GDS is stored on the redundant array of independent disks (RAID) and backed up regularly.”
So the GDS is the cornerstone of a LiveCycle system. Changing this location should be carefully executed by product experts. Take a back-up before you start and don’t try this at home …
Disease:
For whatever reason you want to change the location of the GDS. As explained above this is possible but should be very carefully executed.
Prescription:
Disclaimer: This section will describe the different steps to execute in order to move the location of the GDS. These steps should be considered as a Guideline and not as a by Adobe Supported set of actions. You are encouraged to execute this first in a Test environment before doing this in a Production environment. The different Steps are:
  1. Alert and Ask the End-Users to get out of the LiveCycle Application/Server
  2. Put the LiveCycle Application/Server in ‘Operate in safe backup mode’. In Adminui go to Settings > Core System > Backup Settings – select the ‘Operate in safe backup mode’ and hit the OK button.
  3. Backup the GDS folder
  4. Zip or Tar the GDS folder
  5. Change the location of the GDS folder. In Adminui go to Settings > Core System > Core Configurations and change the location of the GDS Directory. Hit the OK button; you will get a second page and hit the OK button again
  6. Shutdown the LiveCycle Application/Server
  7. Check whether the LiveCycle Application/Server system user has access to the new GDS folder
  8. UnZip or UnTar the files in the new GDS folder
  9. StartUp the LiveCycle Application/Server
  10. Do some basic validations. In Adminui go to Services > Applications and Services and choose Archive Management and Endpoint Management and check visually whether you get the expected information
  11. Deactivate the ‘Operate in safe backup mode’. In Adminui go to Settings > Core System > Backup Settings – unselect the ‘Operate in safe backup mode’ and hit the OK button

Tip to stay healthy:
Make sure that you have the final location of the GDS available, before you install LiveCycle in a Production environment.

—-
Original article at http://www.drflex.eu/2009/06/change-the-gds-global-document-storage-location-of-a-production-livecycle-es-system/.

Emailing to all members of a group

Girish Bedekar

I have written a simple process which lets you email to all members of a group
This process takes in the name of a group as input parameter and emails to all members of the group
Before invoking the process make sure you have set the configuration settings of the email component(the last step of the process)
Click here to get the pdf file which has the process
Click here to get the pdf
Let me know if you have any further questions
thanks
girish

—-
Original article at http://eslifeline.wordpress.com/2009/02/10/emailing-to-all-members-of-a-group/.

Using the Belgian eid card for accessing a LiveCycle Rights Management protected document

Disease:
Typically LiveCycle Rights Management (a.k.a. Policy) protected documents use a userid/password mechanism for authenticating towards the policy server, and consequently open the protected document. A more secure way of authentication can be obtained by using client certificates. A real strong way of authentication can be accomplished when the authentication certificate resides on a smartcard, protected by a PIN code. The authentication certificate on the Belgian eid card is such an example. How can that be used to authenticate towards a Policy protected document?

Prescription:
To achieve this follow these steps:
1) First of all the authentication certificate must be known/registered/uploaded to the LiveCycle server. Open the adminui –> Settings –> Trust Store Management –> Certificates.
When importing the .cer file, specify that you want to trust the certificate for “Certificate Authentication”, and provide an alias.

2) Next this certificate must be mapped to an existing user in LiveCycle.
Open the adminui –> Settings –> User Management –> Configuration –> Certificate mapping.
The mapping between a certificate and a user is done for a defined alias, and is accomplished by mapping a certificate attribute (Mail, CN, DN,… ) to a user property (Full Name, Given Name, Mail, login ID, …).

In the case of the Belgian eid card the CN on the authentication certificate contains also the word “Authentication”. In my case my CN = Peter Schellemans (Authentication). So in order to get a working certificate mapping towards an existing user, make sure you have a user with a similar Full Name. In my case I have a user (adminui –> Settings –> User Management –> Users and Groups) with First Name = Peter, Last Name = Schellemans (Authentication).

3) Next add this user as part of your Policy. When opening the policy protected document you will now get the choice between userid/password authentication and client certificate authentication.

Tip to stay healthy:
If you want a higher level of security when authenticating towards a policy protected document, Adobe LiveCycle allows you to map certificates towards users, used in a policy definition.

—-
Original article at http://www.drflex.eu/2009/01/using-the-belgian-eid-card-for-accessing-a-livecycle-rights-management-protected-document/.

Upgrade to LiveCycle ES2!! My fav bits


I was recently reading about upgrade to ES2 and new features of ES2 and these are my favorite bits. I’ll play with ES2 after the GM release and post the experiance later.. But so far this is what I’m really looking forward in ES2.

  • Simplify testing and deployment by previewing your business process, including testing form and Flex® user interfaces, and recording the process results.

The testing is on the top of my wish list. I even thought of writting a whole new AIR application to make our life easier around workflow testing and deployment. I’m talking about deployment on several staging environment!! But for now let’s forget about my AIR app development… Thanks ES2 for looking into this.

  • Reference real-time graphical server health statistics within the LiveCycle administration UI.

Love this…eliminates the need for a monitoring software for small projects.. Will it also have customisable alerts too?

  • Upgrade available from ES update 1, LC 7 and LC 6.

This is a big sale point to encourage clients on LC7 deployments. I wish the ‘compatibility layer’ usage can be kept to minimal usage as part of the upgrade.

  • Enhancements to Form Guide development cycle.

This is BIG improvement… It’s something you just need to play with.

—-
Original article at http://blog.pandyaparth.com/2009/11/upgrade-to-livecycle-es2-my-fav-bits/.

LiveCycle Performance Tuning Guide

Jayan Kandathil

Adobe’s Joel Lucuik has published a LiveCycle Performance Tuning Guide. It is available here.

——-
Original article at http://blogs.adobe.com/livecycle/2011/02/livecycle-performance-tuning-guide.html.

How to Globally Turn Off LiveCycle Process Recording

Jayan Kandathil

There are situations where a LiveCycle system administrator has to (globally) turn off all process recordings that process developers may have enabled.

One of those cases is where the load testing team prepares the system for a high-volume load test. If recording is turned on for any of the processes involved in the load test, the filesystem-based GDS folder will experience high disk write I/O which will skew performance data (even if the GDS is configured to target the database). There is also the risk that the filesystem will run out of disk space.

To prevent this from happening, you can set a property of the AuditWorkflowService called ‘maxNumberOfRecordingInstances‘ using the AdminUI. Setting this to 0 (the default is 50) and saving the change will in effect turn off all process recording globally. There is no need to re-start LiveCycle. See screenshot below:

——-
Original article at http://blogs.adobe.com/livecycle/2011/03/how-to-globally-turn-off-livecycle-process-recording.html.

Go to Top