Adobe LiveCycle (Archived)

Report · 2/19/09

is encoded+signed+encrypted token string & roomURL enough
to get successful auth response from server and initialte season?

or for every invocation I have to first log in as dev into
the server?

in jsp example it seems like I have to :

if (null == am) {

am = new AFCS.AccountManager(accountURL);

am.login(devuser, devpass);

session = am.getSession(room);

code above is that really required if I have auth token?

problem is that I don't want to disclose my dev account
information anywhere in my code if possible

Raff_ · 2/19/09

Where did you get the authToken ?

The way external authentication works is that your
server-side application asks AFCS for a session token (the
am.getSession(room)) to generate authentication tokens for a
particular room.

In order to get an AccountManager object you need to login as
the account owner. All these operations should be done server-side
so you are not sending your account information to your clients.

Report · 2/19/09

I know I am not sending client my credentials, but for
example if I want to demo the app? at work for example and demo the
code .

it will not work unless I use my credentials to login?

what throws me off is that, if I already have secret key
that I get from within my protected account at adobe, why do I
still need to login? especially if token generator does not need
usernam or password to generate encrypted token, but in index.jsp
that login routine is used regardless.

Raff_ · 2/19/09

the token generator needs the "session" secret, to generate
tokens valid for one session only. And the session secret comes
from the AFCS server as the result of an authenticated request.

If you don't want to "show" your credential in your
server-side code just store them somewhere in your server and have
your jsp code read them and use them.

For the future I am planning to use something like an
"application key" to authenticate server-to-server requests, so
that you don't have to use a login and password that may be used
for other Adobe services, but for the purpose of AFCS you will
still have to pass around something that will grant whoever has it
access to your AFCS account.

Report · 2/19/09

Here is the scenario I was targeting :

at work we are all using (for example) Google apps service
and we all have documents emails everything with Google
authentication, and for example I am writing collaboration demo app
with AFCS to demo to our CEO and co-workers.

so what I want to archive is following :

I tell my co-worker to type his company username and password
inside demo app and hit enter. then I take those credentials,
authenticate with Google apps, make sure he works in our company,
then I retrieve users role, name etc from our back-end service,and
I can also retrieve account secrete key (which I manual entered)
stored somewhere in backed as well corresponding to AFCS account
secret key. .. so far so good, I am armed with users role (which I
can effectively map to AFCS Roles) I also have users name and I
also know that user is legit since authentication have passed, now
with this info in hand, I want to somehow construct AFCS
authentication token so that AFCS server can accept connection for
that user.

since I have generated Account shared key from withing AFCS
control panel, I should assume that its sufficient enough to use
together, with room URL to generate legit authentication token and
pass it to AFCS service and humbly ask to let joe in to that room.

is that possible?

P>S: I understand if I dynamically want to retrieve
account secret key from AFCS service, I have to enter AFCS dev
account surname and password,but I should not need to if I manually
copy that key to our demo apps auth code , should not I?

please correct me if I am missing out some steps.

Regards

Levan.

Adobe LiveCycle (Archived)

is encoded+signed+encrypted string anought to get successfull auth from server

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe