Right now I can create signer with username and password and that allow me to authorized employee to sign with their certificate only.
It’s something like this right now,
Worker 1 – is crypto worker
Worker 2 – is PDF Signer which use key from worker 1 to sign.
Worker 3 – is crypto worker
Worker 4 – id PDF Signer which use key from worker 2 to sign.
.. and so on.
So I put my .pfx certificates with worker 1 and I use worker 2 (signer) process to sign my document and I get signed document with my own signature.
In order to use worker2 to sign, I must enter my username and password which I’ve set. This way it’s ensure that no one else but me can use the process of worker 2.
I’d like to know that if it possible to use AD credential instead. Suppose employee want to sign his document, he upload his document and enter his AD credential ex. john@compay.com then AD will know that this is John Smith. Then allow this employee to only use the worker that hold the certificates of John Smith and have the document sign with this certificate.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I think some are putting an Apache HTTP Server as reverse proxy in front of SignServer inorder to support LDAP or Active Directory authentication.
SignServer would then only get the user name from the proxy and you can use the UsernameAuthorizer (instead of UsernamePasswordAuthorizer) in that case.
No problem, please share if you find a solution. Contributions also in terms of integration guides, how-tos etc are always welcome and if generic/useful enough could be added to the documentation.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Right now I can create signer with username and password and that allow me to authorized employee to sign with their certificate only.
It’s something like this right now,
Worker 1 – is crypto worker
Worker 2 – is PDF Signer which use key from worker 1 to sign.
Worker 3 – is crypto worker
Worker 4 – id PDF Signer which use key from worker 2 to sign.
.. and so on.
So I put my .pfx certificates with worker 1 and I use worker 2 (signer) process to sign my document and I get signed document with my own signature.
In order to use worker2 to sign, I must enter my username and password which I’ve set. This way it’s ensure that no one else but me can use the process of worker 2.
I’d like to know that if it possible to use AD credential instead. Suppose employee want to sign his document, he upload his document and enter his AD credential ex. john@compay.com then AD will know that this is John Smith. Then allow this employee to only use the worker that hold the certificates of John Smith and have the document sign with this certificate.
Hi Wongsakorn,
I think some are putting an Apache HTTP Server as reverse proxy in front of SignServer inorder to support LDAP or Active Directory authentication.
SignServer would then only get the user name from the proxy and you can use the UsernameAuthorizer (instead of UsernamePasswordAuthorizer) in that case.
See https://download.primekey.se/docs/SignServer-Enterprise/4.4.0/Username_Authorizer.html and https://download.primekey.se/docs/SignServer-Enterprise/4.4.0/Apache_HTTP_Server_as_Reverse_Proxy.html.
I don't have any documentation for the Active Directory part but you should be able to find that from the Apache web server documentation.
Cheers,
Markus
PrimeKey Solutions
Thank you very much Marcus.
Last edit: Wongsakorn Swangsringarm 2018-12-03
No problem, please share if you find a solution. Contributions also in terms of integration guides, how-tos etc are always welcome and if generic/useful enough could be added to the documentation.