CAC および相互認証

検索

概要

Adobe® LiveCycle® Enterprise Suite 4 (ES4) は LiveCycle サーバーにログインできるようにするために相互認証をサポートします。以下がサポートされています。

  • WorkBench を除くすべての LC ユーザーインターフェイス
  • Adobe Acrobat および Adobe Reader
  • Microsoft Office

CAC(Common Access Cards)を使用する認証の場合は、埋め込まれた証明書を Microsoft® Windows® Certificate ストアの証明書と同様に使用できます。相互認証が実行され、CAC の証明書が選択されると、クライアントは認証されます。

相互認証の LiveCycle サポート

LiveCycle の相互認証サポートは次の用途で使用できます:

  • Adobe Reader または Adobe Acrobat を使用してポリシーで保護されたドキュメントを開く.
  • LiveCycle Web ユーザーインターフェイス。すべてのエンドユーザーと管理者のユーザーインターフェイスがサポートされています。
  • SharePoint Connector 経由での認証LiveCycle SharePoint Connector Web は事前定義されたユーザー名とパスワードの代わりに、システムユーザーの証明書を使用して認証するように構成できます。
  • LiveCycle iFilter の著作権管理で保護されたドキュメントに索引を付ける
  • Microsoft® Office® 向け著作権管理拡張機能
注意:

相互認証は次の場合サポートされていません:

  • LiveCycle Java Client SDK
  • LiveCycle Workbench

構成

相互認証を有効にするには、次の構成を実行:

アプリケーションサーバーの構成

使用されるアプリケーションに応じて相互認証を有効にします。

2 ウェイ相互認証を有効にするには、アプリケーションサーバー固有のガイドラインに従ってください。

LiveCycle サーバーの構成

LiveCycle サーバーの相互認証を有効にするには、カスタムの UM AuthProvider SPI を LiveCycle ドメインに実装し、構成しておく必要があります。

認証プロバイダーの作成の詳細については、認証プロバイダーの作成.を参照してください。

次は、相互認証を有効化するための認証プロバイダーのサンプルです:

package com.adobe.livecycle.usermanager.sslauthprovider;
import com.adobe.idp.um.spi.authentication.*;
import com.adobe.logging.AdobeLogger;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletRequest;
import java.security.cert.X509Certificate;
import java.util.*;
import org.apache.commons.codec.binary.Base64;
public class SSLMutualAuthProvider implements AuthProvider{
private static AdobeLogger logger = AdobeLogger.getAdobeLogger(SSLMutualAuthProvider.class);
public AuthResponse authenticate(Map credentials, List passedAuthConfigs) {
...
//Extract the client certificate from the request
X509Certificate[] certs = extractCertificate(request);
if(certs == null || certs.length == 0){
return null;
}
AuthResponse ar = new AuthResponseImpl();
ar.setAuthStatus(AuthResponse.AUTH_SUCCESS);
ar.setDomain(authConfigs.get(0).getDomainName()); //Assuming config is single domain and using its domainName
Map<String,String> oidMap = new HashMap<String, String>();
String name = certs[0].getSubjectX500Principal().getName();
logger.info("Got Subject DN as "+name);
LdapName ldapName = null;
try{
ldapName = new LdapName(name);
}catch(InvalidNameException e){
throw new RuntimeException(e);
}
//In this sample the CN of the Subject Name maps to user's loginid, however this can be changed to meet your requirements.
for(Rdn rdn : ldapName.getRdns()){
String type = rdn.getType();
if("CN".equals(type)){
String cn = (String) rdn.getValue();
ar.setUsername(cn);
return ar;
}
}
return null;
}
private X509Certificate[] extractCertificate(HttpServletRequest request) {
X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
if(certs != null){
logger.debug("No certificate found in the HTTP Header javax.servlet.request.X509Certificate");
return certs;
}
//Check for certificate value passed in HTTP header which is the case with proxy
String certDataInPemFormat = request.getHeader("SSL_CLIENT_CERT");
if(certDataInPemFormat == null){
logger.debug("No certificate found in the HTTP Header SSL_CLIENT_CERT ");
return null;
}
String PREFIX = "-----BEGIN CERTIFICATE----- ";
String SUFFIX = " -----END CERTIFICATE-----";
int dataLength = certDataInPemFormat.length();
String encodedData = certDataInPemFormat.substring(PREFIX.length(), dataLength - SUFFIX.length() - 1);
Certificate c = null;
try {
byte[] certData = Base64.decodeBase64(encodedData.getBytes("utf-8"));
//Certificate factory would take care of removing the prefixes and suffixes
CertificateFactory cf = CertificateFactory.getInstance("X.509");
c = cf.generateCertificate(new ByteArrayInputStream(certData));
} catch (CertificateException e) {
throw new RuntimeException(e);
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
return new X509Certificate[]{(X509Certificate) c};
}
}
package com.adobe.livecycle.usermanager.sslauthprovider; import com.adobe.idp.um.spi.authentication.*; import com.adobe.logging.AdobeLogger; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import javax.security.auth.x500.X500Principal; import javax.servlet.http.HttpServletRequest; import java.security.cert.X509Certificate; import java.util.*; import org.apache.commons.codec.binary.Base64; public class SSLMutualAuthProvider implements AuthProvider{ private static AdobeLogger logger = AdobeLogger.getAdobeLogger(SSLMutualAuthProvider.class); public AuthResponse authenticate(Map credentials, List passedAuthConfigs) { ... //Extract the client certificate from the request X509Certificate[] certs = extractCertificate(request); if(certs == null || certs.length == 0){ return null; } AuthResponse ar = new AuthResponseImpl(); ar.setAuthStatus(AuthResponse.AUTH_SUCCESS); ar.setDomain(authConfigs.get(0).getDomainName()); //Assuming config is single domain and using its domainName Map<String,String> oidMap = new HashMap<String, String>(); String name = certs[0].getSubjectX500Principal().getName(); logger.info("Got Subject DN as "+name); LdapName ldapName = null; try{ ldapName = new LdapName(name); }catch(InvalidNameException e){ throw new RuntimeException(e); } //In this sample the CN of the Subject Name maps to user's loginid, however this can be changed to meet your requirements. for(Rdn rdn : ldapName.getRdns()){ String type = rdn.getType(); if("CN".equals(type)){ String cn = (String) rdn.getValue(); ar.setUsername(cn); return ar; } } return null; } private X509Certificate[] extractCertificate(HttpServletRequest request) { X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); if(certs != null){ logger.debug("No certificate found in the HTTP Header javax.servlet.request.X509Certificate"); return certs; } //Check for certificate value passed in HTTP header which is the case with proxy String certDataInPemFormat = request.getHeader("SSL_CLIENT_CERT"); if(certDataInPemFormat == null){ logger.debug("No certificate found in the HTTP Header SSL_CLIENT_CERT "); return null; } String PREFIX = "-----BEGIN CERTIFICATE----- "; String SUFFIX = " -----END CERTIFICATE-----"; int dataLength = certDataInPemFormat.length(); String encodedData = certDataInPemFormat.substring(PREFIX.length(), dataLength - SUFFIX.length() - 1); Certificate c = null; try { byte[] certData = Base64.decodeBase64(encodedData.getBytes("utf-8")); //Certificate factory would take care of removing the prefixes and suffixes CertificateFactory cf = CertificateFactory.getInstance("X.509"); c = cf.generateCertificate(new ByteArrayInputStream(certData)); } catch (CertificateException e) { throw new RuntimeException(e); } catch (UnsupportedEncodingException e) { throw new RuntimeException(e); } return new X509Certificate[]{(X509Certificate) c}; } }
package com.adobe.livecycle.usermanager.sslauthprovider;

import com.adobe.idp.um.spi.authentication.*;
import com.adobe.logging.AdobeLogger;
 
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletRequest;
import java.security.cert.X509Certificate;
import java.util.*;
import org.apache.commons.codec.binary.Base64;
 
public class SSLMutualAuthProvider implements AuthProvider{
    private static AdobeLogger logger = AdobeLogger.getAdobeLogger(SSLMutualAuthProvider.class);
 
    public AuthResponse authenticate(Map credentials, List passedAuthConfigs) {
 
        ...
        //Extract the client certificate from the request
        X509Certificate[] certs = extractCertificate(request);
        if(certs == null || certs.length == 0){
            return null;
        }
 
        AuthResponse ar = new AuthResponseImpl();
    ar.setAuthStatus(AuthResponse.AUTH_SUCCESS);
        ar.setDomain(authConfigs.get(0).getDomainName()); //Assuming config is single domain and using its domainName
 
        Map<String,String> oidMap = new HashMap<String, String>();
        String name = certs[0].getSubjectX500Principal().getName();
        logger.info("Got Subject DN as "+name);
        LdapName ldapName = null;
        try{
            ldapName = new LdapName(name);
        }catch(InvalidNameException e){
            throw new RuntimeException(e);
        }
 
    //In this sample the CN of the Subject Name maps to user's loginid, however this can be changed to meet your requirements.
        for(Rdn rdn : ldapName.getRdns()){
            String type = rdn.getType();
            if("CN".equals(type)){
                String cn = (String) rdn.getValue();
                ar.setUsername(cn);
                return ar;
            }
        }
        return null;
    }
 
   private X509Certificate[] extractCertificate(HttpServletRequest request) {
        X509Certificate[] certs =  (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
        if(certs != null){
            logger.debug("No certificate found in the HTTP Header javax.servlet.request.X509Certificate");
            return certs;
        }
 
        //Check for certificate value passed in HTTP header which is the case with proxy
        String certDataInPemFormat = request.getHeader("SSL_CLIENT_CERT");
        if(certDataInPemFormat == null){
            logger.debug("No certificate found in the HTTP Header SSL_CLIENT_CERT ");
            return null;
        }
        String PREFIX = "-----BEGIN CERTIFICATE----- ";
        String SUFFIX = " -----END CERTIFICATE-----";
        int dataLength =  certDataInPemFormat.length();
        String encodedData = certDataInPemFormat.substring(PREFIX.length(), dataLength - SUFFIX.length() - 1);
 
        Certificate c = null;
        try {
            byte[] certData = Base64.decodeBase64(encodedData.getBytes("utf-8"));
            //Certificate factory would take care of removing the prefixes and suffixes
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            c = cf.generateCertificate(new ByteArrayInputStream(certData));
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
        return new X509Certificate[]{(X509Certificate) c};
    }
 
}

この認証プロバイダーは LiveCycle のハイブリッドドメインに含める必要があります。その後、そのドメインからのユーザーに対する相互認証が有効になります。

Auth Provider SPI DSC の構築後、下記の手順に従って、LiveCycle サーバーに展開し、構成します。

  1. ワークベンチを使用して Auth Provider SPI DSC を展開し、開始します。

  2. Home (ホーム)」/「Settings (設定)」/「User Management (ユーザー管理)」/「Domain Management (ドメイン管理)」の順にクリックします。

  3. New Hybrid Domain (新しいハイブリッドドメイン)をクリックします。

  4. 認証を追加します。

    認証プロバイダーリストから「Custom (カスタム)」を選択します。

  5. 表示されているカスタム SPI のリストから、上記の手順 1 で展開した SPI の名前を選択します。

  6. 保存」をクリックします。

著作権管理を構成するには、下記の手順に従ってください:

  1. 管理者 UI では、次の順にアクセスします:「Services (サービス)」/「著作権管理」/「Configuration (構成)」。

  2. ベース URL がサーバー認証に一致することを確認します。

  3. Extended Authentication (拡張された認証)」を有効化します。

    注意:

    拡張認証は、Rights Management Extension for Microsoft Office には適用されません。

  4. 保存」をクリックします。

  5. LiveCycle サーバーを再始動します。

注意:

この認証 SPI はユーザー「Just in time」の作成にも使用できます。

SharePoint Connector Web パーツの変更

SSL 構成済みの LiveCycle サーバーにアクセスするための Web パーツについては、SharePoint サーバーの web.config ファイルに次の変更を行う必要があります。

相互認証を有効にするには、次の項目を置き換えてください:

<system.serviceModel>
<bindings>
...
</bindings>
<client>
...
</client>
</system.serviceModel>
<system.serviceModel> <bindings> ... </bindings> <client> ... </client> </system.serviceModel>
<system.serviceModel>
    <bindings>
      ...
    </bindings>
    <client>
      ...
    </client>
  </system.serviceModel>

変更内容:

<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="MutualSslBehavior">
<clientCredentials>
<clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="chetanm" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="ReaderExtensionsServiceSoapBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="81920000"
maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Certificate" proxyCredentialType="None"
realm="" />
</security>
</binding>
<binding name="TaskManagerServiceSoapBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="81920000" maxArrayLength="16384000"
maxBytesPerRead="40960000" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Certificate" proxyCredentialType="None"
realm="" />
</security>
</binding>
<binding name="TaskManagerQueryServiceSoapBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="81920000" maxArrayLength="16384000"
maxBytesPerRead="40960000" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Certificate" proxyCredentialType="None"
realm="" />
</security>
</binding>
<binding name="FormsServiceSoapBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="81920000"
maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Certificate" proxyCredentialType="None"
realm="" />
</security>
</binding>
<binding name="DirectoryManagerServiceSoapBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="81920000"
maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Certificate" proxyCredentialType="None"
realm="" />
</security>
</binding>
<binding name="MSSharePointConfigServiceSoapBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="81920000"
maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Certificate" proxyCredentialType="None"
realm="" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/ReaderExtensionsService"
binding="basicHttpBinding" bindingConfiguration="ReaderExtensionsServiceSoapBinding" behaviorConfiguration="MutualSslBehavior"
contract="LiveCycleReaderExtensions.ReaderExtensionsService"
name="ReaderExtensionsService" />
<endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/FormsService"
binding="basicHttpBinding" bindingConfiguration="FormsServiceSoapBinding" behaviorConfiguration="MutualSslBehavior"
contract="FormsService.FormsService" name="FormsService" />
<endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/TaskManagerService"
binding="basicHttpBinding" bindingConfiguration="TaskManagerServiceSoapBinding" behaviorConfiguration="MutualSslBehavior"
contract="TaskManagerService.TaskManagerService" name="TaskManagerService" />
<endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/TaskManagerQueryService"
binding="basicHttpBinding" bindingConfiguration="TaskManagerQueryServiceSoapBinding" behaviorConfiguration="MutualSslBehavior"
contract="TaskManagerQueryService.TaskManagerQueryService" name="TaskManagerQueryService" />
<endpoint address="https://<alfresco-server>:<port>/soap/services/DirectoryManagerService"
binding="basicHttpBinding" bindingConfiguration="DirectoryManagerServiceSoapBinding" behaviorConfiguration="MutualSslBehavior"
contract="DirectoryManagerService.DirectoryManagerService" name="DirectoryManagerService" />
<endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/MSSharePointConfigService"
binding="basicHttpBinding" bindingConfiguration="MSSharePointConfigServiceSoapBinding"
contract="MSSharePointConfigService.MSSharePointConfigService" behaviorConfiguration="MutualSslBehavior"
name="MSSharePointConfigService" />
</client>
</system.serviceModel>
The certificate specification sections needs to be changed according to the certificate and its location of installation.
<clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="<subject-name>" />
<system.serviceModel> <behaviors> <endpointBehaviors> <behavior name="MutualSslBehavior"> <clientCredentials> <clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="chetanm" /> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> <bindings> <basicHttpBinding> <binding name="ReaderExtensionsServiceSoapBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="81920000" maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" /> </security> </binding> <binding name="TaskManagerServiceSoapBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="81920000" maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" /> </security> </binding> <binding name="TaskManagerQueryServiceSoapBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="81920000" maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" /> </security> </binding> <binding name="FormsServiceSoapBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="81920000" maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" /> </security> </binding> <binding name="DirectoryManagerServiceSoapBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="81920000" maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" /> </security> </binding> <binding name="MSSharePointConfigServiceSoapBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="81920000" maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/ReaderExtensionsService" binding="basicHttpBinding" bindingConfiguration="ReaderExtensionsServiceSoapBinding" behaviorConfiguration="MutualSslBehavior" contract="LiveCycleReaderExtensions.ReaderExtensionsService" name="ReaderExtensionsService" /> <endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/FormsService" binding="basicHttpBinding" bindingConfiguration="FormsServiceSoapBinding" behaviorConfiguration="MutualSslBehavior" contract="FormsService.FormsService" name="FormsService" /> <endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/TaskManagerService" binding="basicHttpBinding" bindingConfiguration="TaskManagerServiceSoapBinding" behaviorConfiguration="MutualSslBehavior" contract="TaskManagerService.TaskManagerService" name="TaskManagerService" /> <endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/TaskManagerQueryService" binding="basicHttpBinding" bindingConfiguration="TaskManagerQueryServiceSoapBinding" behaviorConfiguration="MutualSslBehavior" contract="TaskManagerQueryService.TaskManagerQueryService" name="TaskManagerQueryService" /> <endpoint address="https://<alfresco-server>:<port>/soap/services/DirectoryManagerService" binding="basicHttpBinding" bindingConfiguration="DirectoryManagerServiceSoapBinding" behaviorConfiguration="MutualSslBehavior" contract="DirectoryManagerService.DirectoryManagerService" name="DirectoryManagerService" /> <endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/MSSharePointConfigService" binding="basicHttpBinding" bindingConfiguration="MSSharePointConfigServiceSoapBinding" contract="MSSharePointConfigService.MSSharePointConfigService" behaviorConfiguration="MutualSslBehavior" name="MSSharePointConfigService" /> </client> </system.serviceModel> The certificate specification sections needs to be changed according to the certificate and its location of installation. <clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="<subject-name>" />
<system.serviceModel>
    <behaviors>
        <endpointBehaviors>
          <behavior name="MutualSslBehavior">
            <clientCredentials>
              <clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="chetanm" />
            </clientCredentials>
          </behavior>
        </endpointBehaviors>
      </behaviors>
    <bindings>
      <basicHttpBinding>
        <binding name="ReaderExtensionsServiceSoapBinding" closeTimeout="00:01:00"
          openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
          allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
          maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647"
          messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
          useDefaultWebProxy="true">
          <readerQuotas maxDepth="32" maxStringContentLength="81920000"
            maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Certificate" proxyCredentialType="None"
              realm="" />
          </security>
        </binding>
        <binding name="TaskManagerServiceSoapBinding" closeTimeout="00:01:00"
            openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
            allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
            maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647"
            messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
            useDefaultWebProxy="true">
          <readerQuotas maxDepth="32" maxStringContentLength="81920000" maxArrayLength="16384000"
              maxBytesPerRead="40960000" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Certificate" proxyCredentialType="None"
              realm="" />
          </security>
        </binding>
        <binding name="TaskManagerQueryServiceSoapBinding" closeTimeout="00:01:00"
            openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
            allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
            maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647"
            messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
            useDefaultWebProxy="true">
          <readerQuotas maxDepth="32" maxStringContentLength="81920000" maxArrayLength="16384000"
              maxBytesPerRead="40960000" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Certificate" proxyCredentialType="None"
              realm="" />
          </security>
        </binding>
        <binding name="FormsServiceSoapBinding" closeTimeout="00:01:00"
          openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
          allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
          maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647"
          messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
          useDefaultWebProxy="true">
          <readerQuotas maxDepth="32" maxStringContentLength="81920000"
            maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Certificate" proxyCredentialType="None"
              realm="" />
          </security>
        </binding>
        <binding name="DirectoryManagerServiceSoapBinding" closeTimeout="00:01:00"
          openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
          allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
          maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647"
          messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
          useDefaultWebProxy="true">
          <readerQuotas maxDepth="32" maxStringContentLength="81920000"
            maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Certificate" proxyCredentialType="None"
              realm="" />
          </security>
        </binding>
        <binding name="MSSharePointConfigServiceSoapBinding" closeTimeout="00:01:00"
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
         allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
         maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647"
         messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
         useDefaultWebProxy="true">
          <readerQuotas maxDepth="32" maxStringContentLength="81920000"
            maxArrayLength="16384000" maxBytesPerRead="40960000" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Certificate" proxyCredentialType="None"
              realm="" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/ReaderExtensionsService"
        binding="basicHttpBinding" bindingConfiguration="ReaderExtensionsServiceSoapBinding" behaviorConfiguration="MutualSslBehavior"
        contract="LiveCycleReaderExtensions.ReaderExtensionsService"
        name="ReaderExtensionsService" />
      <endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/FormsService"
        binding="basicHttpBinding" bindingConfiguration="FormsServiceSoapBinding" behaviorConfiguration="MutualSslBehavior"
        contract="FormsService.FormsService" name="FormsService" />
      <endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/TaskManagerService"
        binding="basicHttpBinding" bindingConfiguration="TaskManagerServiceSoapBinding" behaviorConfiguration="MutualSslBehavior"
        contract="TaskManagerService.TaskManagerService" name="TaskManagerService" />
      <endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/TaskManagerQueryService"
        binding="basicHttpBinding" bindingConfiguration="TaskManagerQueryServiceSoapBinding" behaviorConfiguration="MutualSslBehavior"
        contract="TaskManagerQueryService.TaskManagerQueryService" name="TaskManagerQueryService" />
      <endpoint address="https://<alfresco-server>:<port>/soap/services/DirectoryManagerService"
        binding="basicHttpBinding" bindingConfiguration="DirectoryManagerServiceSoapBinding" behaviorConfiguration="MutualSslBehavior"
        contract="DirectoryManagerService.DirectoryManagerService" name="DirectoryManagerService" />
      <endpoint address="https://<AdobeLiveCycleServer>:<port>/soap/services/MSSharePointConfigService"
        binding="basicHttpBinding" bindingConfiguration="MSSharePointConfigServiceSoapBinding"
        contract="MSSharePointConfigService.MSSharePointConfigService" behaviorConfiguration="MutualSslBehavior"
        name="MSSharePointConfigService" />
    </client>
  </system.serviceModel>
The certificate specification sections needs to be changed according to the certificate and its location of installation.
<clientCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="<subject-name>" />

お使いの環境に必要に応じて次のリソースおよび手順に従います。

リソース

Instructions

Web サーバーにインストールする証明書を取り込む

LiveCycle 設定ページの sharepoint-site-Settings セクションでは、<subject-name> (証明書のサブジェクト名) に「ユーザー名」を指定し、「Enable Https (Https を有効化)」チェックボックスをオンにします。

:Webpart では特定のサブジェクト名を持つ証明書が 1 つだけであると想定します。

SharePoint Connector の Web パーツインストール手順

Web パーツのインストール後、web.config を変更します (上述の説明の通り)。

アクティブ化処理中に Access denied error が発生したときは、http://support.microsoft.com/ja-jp/kb/2564009で入手できる powershell スクリプトを実行してください。

Connector for Microsoft SharePoint の設定

Web パーツが既にインストールされている場合は、まずここにあるスクリプトを使用してそれをアンインストールします。

PDF iFilter の変更

詳細については、http://help.adobe.com/ja_JP/livecycle/11.0/sharepoint_iFilter_RM_docs.pdf を参照してください。

注意:

自己署名証明書はサポートされていません。相互認証には CA 発行の証明書を使用します。

CAC 認証を介した HTML Workspace へのアクセスの変更

共通アクセスカード(CAC)証明書を使用して HTML Workspace にログインできるようにするには、サーバーで次の変更を行う必要があります。

  1. http://[server]:[port]/lc/libs/granite/security/content/useradmin.html に行き、管理者としてログインします。

  2. 「Administrator」をタップします。「ユーザ設定の編集」ページが開きます。

  3. 「Create trustStore」をタップし、trustStore のアクセスパスワードを設定します。詳細については、AEM 信頼ストアに IDP 証明書の追加を参照してください。

  4. 「Create keyStore」をタップし、keyStore のパスワードを設定します。詳細については、AEM キーストアにサービスプロバイダーのキーおよび証明書チェーンの追加を参照してください。

  5. ログアウトして、port :8443 を使用してワークスペースにアクセスすると CAC カードを備えたワークスペースに接続できるようになります。

ヘルプをすばやく簡単に入手

新規ユーザーの場合

クイックリンク

すべてのプランを表示 プランを管理
クイックリンクを表示する
クイックリンクを非表示にする

リーガルノーティス    |    プライバシーポリシー