Saturday, January 10, 2009

LiveCycle Authentication with ColdFusion

Here's a snippet of ColdFusion code that will allow you to athenticate a LiveCycle user using the AuthenticationManagerService service that's shipped with LCES 8.2. You can then use the results to pull the user's oid, userId, full name, etc, from the authenticateResponse.

More importantly, you can use the assertion string to implement SSO with SAML. Once you have the assertion, you can call validateAssertion on the same service to validate the user and get their information. In other words, you can perform the authentication using ColdFusion, and then for example, pass the assertion to your flex app so that you don't force the user to authenticate again.

<cfset username = "administrator">
<cfset password = toBase64('password')>

<cfsavecontent variable="xml">
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<m:authenticate xmlns:m="http://adobe.com/idp/services">
<m:username><cfoutput>#username#</cfoutput></m:username>
<m:password><cfoutput>#password#</cfoutput></m:password>
</m:authenticate>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
</cfsavecontent>

<cfhttp url="http://servername:portnumber/soap/services/AuthenticationManagerService?wsdl" method="post">
<cfhttpparam type="cgi" name="SOAPAction" value="authenticate">
<cfhttpparam type="xml" name="authenticateRequest" value="#xml#">
</cfhttp>

<cfset xml = xmlParse(cfhttp.filecontent)>
<cfset assertion = xmlSearch(xml, "//*[local-name()='assertion']")>
<cfoutput>#htmleditformat(assertion[1].xmltext)#</cfoutput>

Friday, January 09, 2009

Authentication with Flex Remoting in Workspace

If you're getting the following error, it probably means that you have a RemoteObject call within your flex application that's loaded up as a workspace task (process / form / etc). You won't see this error if you're using the same credentials to log into workspace as what you're using for your remoting call, but it'll pop up if you try to log into workspace with another random user.

That being said, you should not authenticate your endpoints in flex and simply ensure that all users who need access to your workspace task have both "Services User" and "LiveCycle Workspace User" roles assigned to them.

fault = (mx.rpc::Fault)#2
errorID = 0
faultCode = "Channel.Authentication.Error"
faultDetail = "Cannot re-authenticate in the same session."
faultString = "warn"
message = "faultCode:Channel.Authentication.Error faultString:'warn' faultDetail:'Cannot re-authenticate in the same session.'"
name = "Error"
rootCause = (mx.messaging.messages::ErrorMessage)#3

Thursday, January 08, 2009

Configuring a livecycle workspace process / task for all users

We created a flex application that we in turn wanted to load up within the Adobe Livecycle Workspace ES (8.2). When originally deployed, only the super administrator was able to view it, but no other workspace enabled users. Here are the steps to configure your task properly.
  • Log into the Adobe LiveCycle Administration Console
  • Click on Services
  • Click on Applications and Services
  • Click on Service Management
  • Find and click on your applicable service
  • Click the security tab
  • Click on "Add Principal"
  • Click on "All Principals", or the user(s) / group(s) in question
  • Select the "INVOKE_PERM" permission
  • Make sure to save your changes
If the user in question can't login to workspace at all, make sure they have the "LiveCycle Workspace User" role assigned to them.