CA AuthMinder Administration Guide › Managing Global AuthMinder Configurations › Configuring ASSP

Configuring ASSP

Adobe Signature Service Protocol (ASSP) is used for signing PDF documents by using CA SignFort. Before signing, users are authenticated using AuthMinder authentication methods. A SAML token is returned to the user after successful authentication. This token is then verified by the SignFort Server.

To configure ASSP:

1. Ensure that you are logged in as a Global Administrator (GA).
2. Activate the Services and Server Configurations tab on the main menu.

   Ensure that the WebFort tab in the submenu is active.

3. Under ASSP, click the ASSP Configuration link to display the ASSP Configuration page.
4. Depending on whether you want to create an ASSP configuration or update an existing ASSP configuration, select one of the following options:
   • If you want to create a configuration, then enter the configuration name in the Configuration Name field.
   • If you want to update an existing configuration, then select the configuration that you want to update from the Select Configuration list.
5. Enter the ArcotID Roaming URL that will be used to download ArcotID PKIs in case of ArcotID PKI Roaming Download.

   In the case of ArcotID PKI authentication, if the user does not have their ArcotID PKI present on their current system, then the ArcotID Roaming URL is used to authenticate to the AuthMinder Server and download the user’s ArcotID PKI.

6. From Authentication Mechanism(s) to Enable, select the authentication method that will be used to authenticate the user before signing.

   If you enable ArcotID authentication method, then select QnA because the QnA authentication method is used for roaming download of ArcotID PKI.

7. If you enable Kerberos authentication method in the preceding step, then set the parameters required for Kerberos authentication in Kerberos Configurations section. Perform one of the following steps:
   • Select the Use Windows Logon Credential option, if you want to use the Kerberos token of the AuthMinder Server process.
   • Specify new credentials in the User Name, Password, and Domain Name fields for Kerberos authentication.
8. In the SAML section:
   1. Select the SAML Signing Key in HSM option if you want to store the keys that are used for signing SAML assertions in Hardware Security Module (HSM). Else, the keys will be stored in the database.
   2. (Only if SAML Signing Key in HSM is enabled) Click Browse against the SAML Signing Certificate Chain (in PEM Format) field to upload the certificate that is used by the AuthMinder Server to issue the SAML token.
   3. Click Browse against the P12 File Containing SAML Signing Key Pair field to upload the PKCS#12 file containing the key and the certificate that is used by the AuthMinder Server to issue the SAML token.
   4. Enter the password for the PKCS#12 file in the P12 File Password field.
   5. Enter the URL of the AuthMinder Server in the Issuer field.
   6. Enable the Single-Use Token option, if you want the SAML token to be used only once for authentication.
   7. In the Token Validity (in Seconds) field, enter the duration after which the SAML token cannot be used.
   8. In the Audience table, enter the details of the audience who can use the SAML token.

      Click Add More to add more audiences.

9. Click Save to save the ASSP configuration.
10. Refresh all deployed AuthMinder Server instances.

    See "Refreshing a Server Instance" for instructions about the procedure.