CA Strong Authentication Administration Guide › Managing Global CA AuthMinder Configurations › Configure ASSP

Configure ASSP

Adobe Signature Service Protocol (ASSP) is used to sign PDF documents by using CA SignFort. Before signing, users are authenticated using CA AuthMinder authentication methods. A SAML token is returned to the user after successful authentication. This token is then verified by the SignFort Server.

Follow these steps:

1. Click the Services and Server Configurations tab on the main menu.
2. Verify that the CA Strong Authentication tab in the submenu is active.
3. Under ASSP, click the ASSP Configuration link to display the ASSP Configuration page.
4. Select one of the following options:
   • If you want to create a configuration, then enter the configuration name in the Configuration Name field.
   • If you want to update an existing configuration, then select the configuration that you want to update from the Select Configuration list.
5. Specify the CA Auth ID Roaming URL that will be used to download CA Auth ID PKIs in case of CA Auth ID PKI Roaming Download.

   In the case of CA Auth ID PKI authentication, if the user does not have their CA Auth ID PKI present on their current system, then the CA Auth ID Roaming URL is used to authenticate to the CA AuthMinder Server and download the user’s CA Auth ID PKI.

6. From Authentication Mechanism(s) to Enable, select the authentication method that will be used to authenticate the user before signing.

   If you enable CA Auth ID authentication method, then select QnA because the QnA authentication method is used for roaming download of CA Auth ID PKI.

7. If you enable Kerberos authentication method in the preceding step, then set the parameters required for Kerberos authentication in Kerberos Configurations section. Perform one of the following steps:
   • Select the Use Windows Logon Credential option, if you want to use the Kerberos token of the CA AuthMinder Server process.
   • Specify new credentials in the User Name, Password, and Domain Name fields for Kerberos authentication.
8. In the SAML section:
   1. Select the SAML Signing Key in HSM option if you want to store the keys that are used for signing SAML assertions in Hardware Security Module (HSM). Else, the keys will be stored in the database.
   2. (HSM Only) Click Browse to upload the certificate that is used by the CA AuthMinder Server to issue the SAML token.
   3. Click Browse to upload the PKCS#12 file containing the key and the certificate that is used by the CA AuthMinder Server to issue the SAML token.
   4. Enter the password for the PKCS#12 file in the P12 File Password field.
   5. Enter the URL of the CA AuthMinder Server in the Issuer field.
   6. Enable the Single-Use Token option, if you want the SAML token to be used only once for authentication.
   7. In the Token Validity (in Seconds) field, enter the duration after which the SAML token cannot be used.
   8. In the Audience table, enter the details of the audience who can use the SAML token.

      Click Add More to add more audiences.

9. Click Save to save the ASSP configuration.
10. Refresh all deployed CA AuthMinder Server instances.

    See Refresh a Server Instance for instructions about the procedure.