Jan 20 2009
Using the Belgian eid card for accessing a LiveCycle Rights Management protected document
Disease:
Typically LiveCycle Rights Management (a.k.a. Policy) protected documents use a userid/password mechanism for authenticating towards the policy server, and consequently open the protected document. A more secure way of authentication can be obtained by using client certificates. A real strong way of authentication can be accomplished when the authentication certificate resides on a smartcard, protected by a PIN code. The authentication certificate on the Belgian eid card is such an example. How can that be used to authenticate towards a Policy protected document?
Prescription:
To achieve this follow these steps:
1) First of all the authentication certificate must be known/registered/uploaded to the LiveCycle server. Open the adminui –> Settings –> Trust Store Management –> Certificates.
When importing the .cer file, specify that you want to trust the certificate for “Certificate Authentication”, and provide an alias.
2) Next this certificate must be mapped to an existing user in LiveCycle.
Open the adminui –> Settings –> User Management –> Configuration –> Certificate mapping.
The mapping between a certificate and a user is done for a defined alias, and is accomplished by mapping a certificate attribute (Mail, CN, DN,… ) to a user property (Full Name, Given Name, Mail, login ID, …).
In the case of the Belgian eid card the CN on the authentication certificate contains also the word “Authentication”. In my case my CN = Peter Schellemans (Authentication). So in order to get a working certificate mapping towards an existing user, make sure you have a user with a similar Full Name. In my case I have a user (adminui –> Settings –> User Management –> Users and Groups) with First Name = Peter, Last Name = Schellemans (Authentication).
3) Next add this user as part of your Policy. When opening the policy protected document you will now get the choice between userid/password authentication and client certificate authentication.
Tip to stay healthy:
If you want a higher level of security when authenticating towards a policy protected document, Adobe LiveCycle allows you to map certificates towards users, used in a policy definition.
Hello,
I have seen a lot of interest in Germany with the emergence of “eID cards” being distributed to millions of citizens this year. I believe the concept involves an e-ID Server component too. Are you familiar with it and is this the same as the “eID” you refer to here?
If so I have read that eID uses eliptic curve crypto as part of its algorithm for signing and as such Acrobat cannot recognize or validate any signature attempted on a PDF with an eID card? This is third hand info, as here in the US I have never seen or used the actual device.
My question is, were you able to use the same “eID” as is being rolled out in Germany to all of its citizens for RM and have you tried it with document signing?
Gary Gilchrist.