6 Post-deployment tasks

6.1 General tasks

6.1.1 Perform a system image backup

After AEM forms on JEE is installed and deployed into production areas and before the system is live, it is recommended that you perform a system image backup of the servers on which AEM forms on JEE is implemented. Also take backup of CRX repository.

The AEM forms on JEE database, GDS directory, and application servers must be part of this backup. This is a complete system backup that you can use to restore the contents of your computer if your hard drive or entire computer stops working. See the Backup and Recovery topic in administration help .

6.1.2 Restart the application server

When you first deploy AEM forms on JEE, the server is in a deployment mode in which most modules are in memory. As a result, the memory consumption is high and the server is not in a typical production state. You must restart the application server to get the server back into a clean state.

Note: When you upgrade the AEM forms on JEE Server or deploy a Service pack, ensure that you delete the [Jboss_root]\standalone\tmp folders before restarting the application server.

6.1.3 Verify the deployment

You can verify the deployment by logging in to Administration Console. If you log in successfully, then AEM forms on JEE is running on the application server and the default user is created in the database. To verify the CRX repository deployment, access the CRX welcome page.

You can review the application server log files to ensure that components were deployed correctly or to determine the cause of any deployment issues you may encounter.

6.1.3.1 Accessing administration console

AEM forms JEE administration console is the web-based portal for accessing configuration pages where you can set run-time properties that control the way how AEM forms JEE operates. When you log in to the administration console, you can access User Management, Watched Folder, Email client configuration, and administrative configuration options for other services. The administration console also provides access to Applications and Services, which administrators use for managing archives and deploying services to production environment.

The default user name and password for logging in is administrator and password . After you log in the first time, access User Management and change the password.

Before you access administration console, AEM forms JEE must be deployed and running on your application server. For information about using administration console, see administration help .

  1. Type the following URL in a web browser: 

    http://[hostname]:[port]/adminui

    For example: http://localhost:8080/adminui

  2. If you have upgraded to AEM forms on JEE, enter the same administrator user name and password as that of your previous installation. In case of a fresh installation, enter the default user name and password.

  3. After you log in, click Services to access the service administration pages or click Settings to access the pages on which you can administer settings for different modules.

6.1.3.2 Change the default password of AEM forms on JEE Administrator

AEM forms on JEE creates one or more default users during the installation. The password for these users is in the product documentation and is publicly available. You must change this default password, depending on your security requirements.

The AEM forms on JEE administrator user password is set to “password” by default. You must change it in Administration console > Settings > User Management > Users and Groups and at the AEM Configuration Management web console.

Change the password in Administration console

  1. Log into the Administration console using administrator/password credentials.

  2. Go to Settings > User Management > Users and Groups .

  3. Search for user Administrator .

  4. Click the Administrator user.

  5. In the Login Settings section, Click Change Password .

  6. Specify a new password and click Save .

  7. Re-login using the changed password to verify.

Change the password inAEM Configuration Management Web console

  1. Log into the Configration Management console using admin/admin credentials. The default URL of console is http://[server]:[port]/lc/system/console/configMgr.

  2. Search and open Adobe Livecycle Client SDK Configuration for editing.

  3. Specify a new password and click Save .

6.1.3.3 Change the default password of AEM Administrators

AEM embedded within AEM forms on JEE creates two administrator users as mentioned below.

  • Super Administrator (administrator) : The Super Administrator user can access various CRX UIs, except OSGi Management Console, and perform admin operations. The default username and password are same as AEM forms on JEE Administrator, administrator/password . The default password of this user can be changed using Administrator console only as mentioned in section Change default password of AEM forms on JEE Administrator . The changed password will be applicable for both AEM forms on JEE and Super Administrators.

  • CRX Administrator (admin) : This user can access to OSGi console in addition to CRX UIs and has administrator privileges. The default username and password for the user are admin/admin . To change the default password, do the following:

    1. Type the following URL in a web browser.

      http://[hostname]:[port]/lc/libs/granite/security/content/useradmin.html

    2. Login using following credential:

      Username : admin

      Password : admin

    3. Search for user Administrator .

    4. Click on the user in left pane, the user details is displayed in the right pane.

    5. Click on Edit icon in the right pane.

    6. On the edit page in the right pane, provide new password in the New Password field and current password in Your Password field.

    7. Click Save icon in the right pane.

    8. Re-login using the changed password to verify.

6.1.3.4 Accessing AEM Welcome Page

AEM welcome page is the web-based portal for accessing various AEM components, administration, deployment and development tools.

Access the welcome page using the following steps:

  1. Type the following URL in a web browser:

    http://[hostname]:[port]/lc/welcome

  2. Enter the AEM forms administrators user name and password. The default user name and password for logging in is administrator and password (same as AEM forms on JEE Administrator).

  3. After you log in, you can access various components, administration, deployment and development UIs.

6.1.3.5 Accessing OSGi Management Console

AEM components are in form of OSGi bundles, which are deployed to Apache Felix OSGi container. OSGi console provides a way to manage OSGi bundles and services configurations.

Access the OSGi Management console using the following steps:

  1. Type the following URL in a web browser:

    http://[hostname]:[port]/lc/system/console

  2. Enter the CRX Administrator username and password as mentioned above. The default user name and password for logging in is admin and admin (same as CRX Administrator).

    Note: You cannot log into OSGi Management Console using the credentials of AEM forms on JEE Administrator or AEM Super Administrator.

  3. After you log in, you can access various components, services, bundles and other configurations.

6.1.3.6 View the log files

Events, such as run-time or startup errors, are recorded to the application server log files. If you have problems deploying to the application server, you can use the log files to help you find the problem. You can open the log files by using any text editor.

Log files, in case of manually-configured JBoss, are located at:

  • (Standalone JBoss) [appserver root] /standalone/log directory

  • (Cluster) [ appserver root] \domain\servers\server-one\log directory

Log files, in case of Adobe-preconfigured JBoss, are located at:

  • (Standalone) [appserver root] /standalone/log directory

  • (Cluster) [ appserver root ]\domain\servers\server-one\log directory

The log files are:

  • server .log

  • boot .log

Following CRX log files are located at [ CRX_home ]/

  • error.log

  • audit.log

  • access.log

  • request.log

  • update.log

6.2 Accessing module web applications

After AEM forms on JEE is deployed, you can access the web applications that are associated with the following modules:

  • Acrobat Reader DC extensions

  • Workspace

  • HTML Workspace

  • User management

  • Correspondance management

  • PDF Generator web application

  • PDF Generator

  • Document Security

After accessing the web applications by using the default administrator permissions to ensure that they are accessible, you can create additional users and roles so that others can log in and use the applications. (See administration help .)

6.2.1 Access the Acrobat Reader DC extensions web application

Note: You must apply a Acrobat Reader DC extensions credential and apply the user roles for a new user. (See “Configuring credentials for use with Acrobat Reader DC extensions” in administration help.)

  1. Open a web browser and enter this URL:

    http://[ hostname ]:[ port ]/ReaderExtensions

  2. Log in using the user name and password for AEM forms on JEE.

    Note: You must have administrator or superuser privileges to log in. To allow other users to access the Reader Extensions web application, you must create the users in User Management and grant them the Acrobat Reader DC extensions Web Application role.

6.2.2 Access Workspace

  1. Open a web browser and enter this URL:

    http://[ hostname ]:[ port ]/workspace

  2. Log in using the user name and password for AEM forms on JEE.

6.2.3 Access HTML Workspace

  1. Open a web browser and enter this URL:

    http://[ hostname ]:[ port ]/lc/ws

  2. Log in using the user name and password for AEM forms on JEE.

6.2.4 Access forms manager

  1. Open a web browser and enter this URL:

    http://[ hostname ]:[ port ]/lc/fm

  2. Log in using the user name and password for AEM forms on JEE.

6.2.5 Access PDF Generator Web Application

  1. Open a web browser and enter this URL:

    http://[ hostname ]:[ port ]/pdfgui

  2. Log in using the user name and password for AEM forms on JEE.

6.2.6 Access Document Security

You must create a user with the Document Security End User role in User Management and log in to the Document Security administrator or end-user applications by using the login information that is associated with that user.

Note: The default administrator user cannot access the Document Security end-user web application but you can add the appropriate role to its profile. You can create a new user or modify an existing user through administration console.

Access the Document Security end-user web application

Open a web browser and enter this URL: 
http://[hostname]:[port]/edc

Access the Document Security administration web application

  1. Open a web browser and enter this URL: 

    http://[hostname]:[port]/adminui

  2. Click Services > document security .

    For information about setting up users and roles, see Administration Help.

Assign the Document Security End User role

  1. Log in to administration console. (See 6.1.3.1 Accessing administration console .)

  2. Click Settings > User Management > Users and Groups .

  3. In the Find box, type all and, in the In list, select Groups .

  4. Click Find and, for the required domains, click All Principals in the list that appears.

  5. Click the Role Assignments tab and click Find Roles .

  6. In the list of roles, select the check box next to Rights Managment End User .

  7. Click OK and then click Save .

6.2.7 Accessing User Management

By using User Management, administrators can maintain a database of all users and groups, synchronized with one or more third-party user directories. User Management provides authentication, authorization, and user management for AEM forms on JEE modules, including Reader Extensions, Workspace, Document Security, forms workflow, Forms Standard and PDF Generator.

  1. Log in to administration console.

  2. On the home page, click Settings > User Management .

    Note: For information about configuring users with User Management, click User Management Help in the upper-right corner of the User Management page.

6.3 Configure Author and Publish instance

Perform the following tasks to configure Author and Publish instance.

6.3.1 Configure the Author instance

The Author instance is embedded within the AEM forms on JEE server. This implies that you do not need to make any configuration updates to the Author instance. The instance inherits all the configuration settings from the AEM forms on JEE instance.

6.3.2 Configure the Publish instance

You must run separate author and publish instances.You can configure the two instances on the same or on different machines.

Note: Before configuring the publish instance, ensure that your author instance is configured and deployed. You can verify it by successfully logging in to the Author instance.
Note: The cluster topology is not recommended for the publish instance. Use a single publish instance or configure a farm of publish instances.
Note: By default, the publish instance is configured to run the mode similar to corresponding author instance. The mode can be TarMK, MongoMK or RDBMK. It is recommended to run the publish instance on TarMK mode.

If MongoMK is selected as CRX Repository type in the Configuration Manager

  1. Copy the adobe-livecycle-cq-publish.ear file on your publish instance from the author instance. The default location of the file on the author instance is [aem-forms root]/configurationManager/export.

  2. Open the adobe-livecycle-cq-publish.ear/cq.war/web.xml for editing.

  3. Search the following argument and delete the value in bold:

    <param-value>crx3, crx3mongo ,publish</param-value>

    The modified argument would be similar to the following:

    <param-value>crx3,publish</param-value>

  4. Search and delete the following code: 

    <context-param> 
<param-name>lc.oak.mongo.db</param-name> 
<param-value>data</param-value> 
</context-param> 
<context-param> 
<param-name>lc.oak.mongo.uri</param-name> 
<param-value>mongodb://10.42.85.172:27017</param-value> 
</context-param>

If RDBMK is selected as CRX Repository type in the Configuration Manager

  1. Copy the adobe-livecycle-cq-publish.ear file on your publish instance from the author instance. The default location of the file on the author instance is [aem-forms root]/configurationManager/export.

  2. Open the adobe-livecycle-cq-publish.ear/cq.war/web.xml for editing.

  3. Search the following argument and delete the value in bold:

    <param-value>crx3, crx3rdb ,publish</param-value>

    The modified argument would be similar to the following:

    <param-value>crx3,publish</param-value>

Configure the Publish Node

  1. Create a new appserver profile for the publish instance on the same or on a different machine.

  2. On the author instance, navigate to the [ aem-forms root ]/configurationManager/export/ directory.

  3. Copy the adobe-livecycle-cq-publish.ear file and deploy it to the appserver profile created in step 1.

  4. Copy the content of the [ aem-forms root ]/configurationManager/export/crx-quickstart directory to the file server for the publish instance.

  5. (For RDBMK only) Delete the following files from the install directory copied to the publish instance:

    • org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService.cfg

    • org.apache.sling.datasource.JNDIDataSourceFactory-oak.cfg

  6. Start the publish server with -Dcom.adobe.livecycle.crx.home=< location for crx-repository > parameter, where < location for crx-repository > is the location where you copied the crx-repository directory for the publish instance. For example, ifthe content of the cq-quickstart directory are copied to the C:\CM-publish\crx-repository directory, then the <location for crx-repository> parameter will be Dcom.adobe.livecycle.crx.home=C:\CM-publish\crx-repository.

Note: If author and publish instances are on the same machine, ensure that you start the publish instance using a different port.

Now that the publish instance is up and running, you need to configure the two instances to communicate with each other.

Important: Ensure that the CRX repository path does not contain spaces.

6.3.3 Communicating between the Author and Publish instances

You need to perform certain configuration changes to enable two-way communication between the Author and Publish instances.

6.3.3.1 Define Publish instance URL

  1. Go to http://< authorHost >:< authorPort >/lc/etc/replication/agents.author/publish.html.

  2. Click Edit . The Agent Settings dialog opens.

  3. Click the Transport tab and specify the URL to the publish server in the URI field.

    http://< publishHost >:< publishPort >/lc/bin/receive?sling:authRequestLogin=1
    Note: If there are multiple publish instances managed by a Load Balancer, specify the URL to the load balancer in the URI field.

  4. Click OK .

Note: For author clusters, these steps need to be performed on one author instance (preferably a master instance).

6.3.3.2 Define publish instance URL for ActivationManagerImpl

  1. Go to http://< authorHost >:< authorPort >/lc/system/console/configMgr. The default user name and password for logging in is admin and admin (same as CRX Administrator).

  2. Find and click the Edit icon next to the com.adobe.livecycle.content.activate.impl.ActivationManagerImpl.name setting.

  3. In the ActivationManager Publish URL field, specify the URL for the corresponding publish instance.

  4. Click Save .

6.3.3.3 Configure reverse replication queue

  1. Go to http://< authorHost >:< authorPort >/lc/etc/replication/agents.author/publish_reverse.html.

  2. Click Edit . The Agent Settings dialog opens.

  3. Click the Transport tab and specify the URL to the corresponding publish server in the URI field.

    Note: If there are multiple publish instances managed by a Load Balancer, specify the URL to the load balancer in the URI field.

  4. Click OK .

6.3.3.4 Define author instance URL

  1. Go to http://< publishHost >:< publishPort >/lc/system/console/configMgr. The default user name and password for logging in is admin and admin (same as CRX Administrator).

  2. Find and click the Edit icon next to the com.adobe.livecycle.content.activate.impl.VersionRestoreManagerImpl.name setting.

  3. In the VersionRestoreManager Author URL field, specify the URL for the corresponding author instance.

    Note: If there are multiple author instances managed by a Load Balancer, specify the URL to the load balancer in the VersionRestoreManager Author URL field.

  4. Click Save .

6.3.4 Configure IPv6 implementation

Note: Perform these steps only if the machine/server is using an IPv6 address.

To map the IPv6 address to a hostname on the server and client machines:

  1. Navigate to the C:\Windows\System32\drivers\etc directory.

  2. Open the hosts file in a text editor.

  3. Add a mapping for the IPv6 address to a host name. For example: 

    2001:1890:110b:712b:d1d:9c99:37ef:7281 <ipv6_hostname>

  4. Save and close the file.

Ensure that you use the mapped host name instead of the IPv6 address to access the machine.

6.3.5 Install Japanese fonts for Adobe Reader

If your document fragements use Japanese fonts, you must install the Japanese Language Support Package for Adobe Reader. Otherwise, your letters and forms will not render and function properly. For installing language packs, visit the downloads page for Adobe Reader.

6.4 Configuring PDF Generator

If you installed PDF Generator as part of your AEM forms on JEE, complete the following tasks:

6.4.1 Environment variables

If you installed the PDF Generator module and configured it to convert files to PDF, for some file formats, you must manually set an environment variable that contains the absolute path of the executable that is used to start the corresponding application. The table below lists the environment variables for the native applications that you have installed.

Note: All environment variables and respective paths are case-sensitive.

Application

Environment variable

Example

Adobe Acrobat

Acrobat_PATH

C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrobat.exe

Adobe FrameMaker®

FrameMaker_PATH

C:\Program Files (x86)\Adobe\FrameMaker8.0\FrameMaker.exe

Notepad

Notepad_PATH

C:\WINDOWS\notepad.exe

You can leave the Notepad_PATH variable blank.

OpenOffice

OpenOffice_PATH

C:\Program Files (x86)\OpenOffice.org 3.3

Adobe PageMaker®

PageMaker_PATH

C:\Program Files (x86)\Adobe\PageMaker 7.0.2\PageMaker.exe

Note: The environment variable OpenOffice_PATH is set to the installation folder instead of the path to the executable.

You do not need to set up the paths for Microsoft Office applications such as Word, PowerPoint, Excel, and Project, or for AutoCAD. The Generate PDF service starts these applications automatically if they are installed on the server.

Create a new Windows environment variable

  1. Select Start > Control Panel > System .

  2. Click the Advanced tab and click Environment Variables .

  3. In the System variables section, click New.

  4. Enter the environment variable name you need to set (for example, enter OpenOffice_PATH ). This folder is the one that contains the executable file. For example, type the following path: 
    C:\Program Files (x86)\OpenOffice.org 3

Set the PATH variables on Linux or UNIX (OpenOffice only)

Execute the following command: 

export OpenOffice_PATH=/opt/openoffice.org3.3

6.4.2 Setting the Adobe PDF Printer as the default printer

You must set the Adobe PDF Printer to be the default printer on the server. If the Adobe PDF Printer is not set as the default, PDF Generator cannot convert files successfully.

Set the default printer

  1. Select Start > Printers and Faxes .

  2. In the Printers and Faxes window, right-click Adobe PDF and select Set as Default Printer .

6.4.3 Configuring Acrobat Professional (Windows-based Computers Only)

Note: This procedure is required only if you upgraded to or installed Acrobat after you completed the AEM forms on JEE installation. Upgrading Acrobat can be completed after you run Configuration Manager and deploy AEM forms on JEE to the application server. Acrobat Professional root directory is designated as [Acrobat root] . Typically, the root directory is C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\ .

Configure Acrobat for use with PDF Generator

  1. If an earlier version of Acrobat is installed, uninstall it by using Add or Remove Programs in the Windows Control Panel.

  2. Install Acrobat DC Pro by running the installer.

  3. Navigate to the additional\scripts folder on the AEM forms on JEE installation media.

  4. Run the following batch file. 

    Acrobat_for_PDFG_Configuration.bat [aem_forms root]/pdfg_config

  5. On other cluster nodes on which you do not run AEM forms on JEE Configuration Manager,do the following:

    • Add a new registry DWORD entry named SplWOW64TimeOut at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print. Set its value to 60000.

    • Copy PDFGen.api from the [ aem-forms root ]/plugins/x86_win32 directory on the node where AEM forms on JEE is installed to the [ Acrobat root ]/plug_ins directory on the node being currently configured.

  6. Open Acrobat and select Help > Check for updates > Preferences .

  7. Deselect Automatically check for Adobe updates .

Validate the Acrobat installation

  1. Navigate to a PDF file on your system and double-click it to open it in Acrobat. If the PDF file opens successfully, Acrobat is installed correctly.

  2. If the PDF file does not open correctly, uninstall Acrobat and reinstall it.

Note: Ensure that you dismiss all the Acrobat dialog boxes that are displayed after the Acrobat installation is completed and disable the automatic updates for Acrobat. Set the Acrobat_PATH environment variable to point to Acrobat.exe (For example, C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrobat.exe).

Configure native application support

  1. Install and validate Acrobat as described in the previous procedure.

  2. Set Adobe PDF printer as the default printer.

Add temporary directories to trusted directories list in Acrobat

The OptimizePDF service uses Adobe Acrobat and mandates that AEM forms on JEE temporary directory and PDF Generator temporary directory are listed in the trusted directories list of Acrobat.

If AEM forms on JEE temporary directory and PDF Generator temporary directory are not listed in the trusted directories list, the OptimizePDF service fails to run. Perform the following steps to add directories to the temporary directory list:

  1. Open Acrobat, Choose Edit > Preferences.

  2. From the Categories on the left, select Security (Enhanced), and then select the Enable Enhanced Security option.

  3. To add AEM forms on JEE temporary directory and PDF Generator temporary directory to the trusted directories list, click Add Folder Path , select directories and click OK.

6.4.4 Adding fonts to PDF Generator

AEM forms on JEE provides a central repository of fonts, which is accessible to all AEM forms on JEE modules. Make the extra fonts available to non-AEM forms on JEE applications on the server so that PDF Generator can use these fonts to create PDF documents that are created with these applications.

Note: Restart the application server after adding new fonts to the specified fonts folder.

6.4.4.1 Non-AEM forms on JEE applications

The following list contains non-AEM forms on JEE applications that PDF Generator can use for PDF generation on the server side:

Windows-only Applications

  • Microsoft Office Word

  • Microsoft Office Excel

  • Microsoft Office PowerPoint

  • Microsoft Office Project

  • Microsoft Office Publisher

  • Adobe FrameMaker

  • Adobe PageMaker

  • Adobe Acrobat Professional

Multiplatform applications

  • OpenOffice Writer

  • OpenOffice Calc

  • OpenOffice Draw

  • OpenOffice Impress

Note: In addition to these applications, your list may include additional applications that you added.

Of the above applications, the OpenOffice Suite (which includes Writer, Calc, Draw, and Impress) is available on Windows, Solaris, and Linux platforms, whereas other applications are available on Windows only.

6.4.4.2 Adding new fonts to Windows applications only

All the Windows-only applications that are mentioned above can access all the fonts that are available in the C:\Windows\Fonts (or equivalent) folder. In addition to C:\Windows\Fonts, each of these applications may have its own private fonts folders.

Therefore, if you plan to add any custom fonts to the AEM forms on JEE fonts repository, ensure that the same fonts are available to the Windows-only applications also by copying these fonts to either C:\Windows\Fonts or to an equivalent folder.

Your custom fonts must be licensed under an agreement that allows you to use them with the applications that have access to these fonts.

6.4.4.3 Adding new fonts to other applications

If you added support for PDF creation in other applications, see the Help for these applications to add new fonts. In Windows, copying your custom fonts to the C:\Windows\Fonts (or equivalent) folder should be sufficient.

6.4.5 Configuring HTML to PDF conversions

The HTML-to-PDF conversion process is designed to use the settings from Acrobat DC Pro that override the settings from PDF Generator.

Note: This configuration is required to enable the HTML-to-PDF conversion process, otherwise this conversion type will fail.

6.4.5.1 Configure the HTML-to-PDF conversion

  1. Install and validate Acrobat as described in 6.4.3 Configuring Acrobat Professional (Windows-based Computers Only) .

  2. Locate the pdfgen.api file in the [aem-forms root] \plugins\x86_win32 directory and copy it to [Acrobat root] \Acrobat\plug_ins directory.

6.4.5.2 Enable support for Unicode fonts in HTML to PDF conversions

Important: The HTML-to-PDF conversion fails if a zipped input file contains HTML files with double-byte characters in filenames. To avoid this problem, do not use double-byte characters when naming HTML files.

  1. Copy the Unicode font to any of the following directories as appropriate for your system:

    • Windows

      [Windows root] \Windows\fonts

      [Windows root] \WINNT\fonts

    • UNIX

      /usr/lib/X11/fonts/TrueType

      /usr/openwin/lib/X11/fonts/TrueType

      /usr/share/fonts/default/TrueType

      /usr/X11R6/lib/X11/fonts/ttf

      /usr/X11R6/lib/X11/fonts/truetype

      /usr/X11R6/lib/X11/fonts/TrueType

      /usr/X11R6/lib/X11/fonts/TTF

      /Users/cfqauser/Library/Fonts

      /System/Library/Fonts

      /Library/Fonts

      /Users/ + System.getProperty(<user name>, root) + /Library/Fonts

      System.getProperty(JAVA_HOME) + /lib/fonts

      /usr/share/fonts (Solaris)

    Note: Ensure that the directory /usr/lib/X11/fonts exists. If it does not, create a symbolic link from /usr/share/X11/fonts to /usr/lib/X11/fonts using the ln command.

  2. Modify the font-name mapping in the cffont.properties file located in the [aem-forms root] /deploy/adobe-generatepdf-dsc.jar file:

    • Extract this archive, and locate the cffont.properties file and open it in an editor.

    • In the comma-separated list of Java font names, add a map to your Unicode system font for each font type. In the example below, kochi mincho is the name of your Unicode system font.

      dialog=Arial, Helvetica, kochi mincho

      dialog.bold=Arial Bold, Helvetica-Bold, kochi mincho ...

    • Save and close the properties file, and then repackage and redeploy the adobe-generatepdf-dsc.jar file.

    Note: On a Japanese operating system, specify the font mapping in the cffont.properties.ja file as well, which takes precedence over the standard cffont.properties file.
    Fonts in the list are searched from left to right, using the first font found. HTML-to-PDF conversion logs return a list of all the font names that are found in the system. To determine the font name you need to map, add the font to one of the directories above, restart the server, and run a conversion. You can determine from the log files the font name to use for mapping.

    To embed the font in the generated PDF files, set the embedFonts property in the cffont.properties file to true (the default is false ).

6.4.6 Installing the Network Printer Client

PDF Generator includes an executable file to install the PDF Generator network printer on a client computer. After the installation is complete, a PDF Generator printer is added to the list of existing printers on the client computer. This printer can then be used to send documents for conversion to PDF.

Note: The Network Printer Client installation wizard available in the administration console is supported only on Windows operating system. Ensure that you use a 32-bit JVM to launch the Network Printer Client installation wizard. You will encounter an error if you use a 64-bit JVM.

If the PDFG Network Printer fails to install on Windows or if you want to install the printer on UNIX or Linux platforms, use the operating system’s native Add Printer utility and configure it as described in 6.4.6.2 Configure PDFG Network Printer on Windows using the native Add Printer wizard

6.4.6.1 Install the PDF Generator Network Printer Client

Note: Before installing the PDF Generator network printer client on Windows Server 2008, Ensure that you have the Internet Printing Client feature installed on your Windows Server 2008. For installing the feature, see Windows Server 2008 Help.

  1. Ensure that you successfully installed PDF Generator on your server.

  2. Do one of the following:

    • From a Windows client computer, enter the following URL in your web browser, where [host] is the name of the server where you installed PDF Generator and [port] is the application server port used: 
      http://[host]:[port]/pdfg-ipp/install

    • In administration console, click Home > Services > PDF Generator > PDFG Network Printer . In the PDFG Network Printer Installation section, click Click here to launch the PDFG Network Printer Installation.

  3. On the Configure Internet Port screen, select Use the specified user account option, and provide the credentials of a AEM forms on JEE user who has the PDFG Administrator/User role. This user must also have an email address that can be used to receive the converted files. To have this security setting apply to all users on the client computer, select Use the same security options for all users , and then click OK .
    Note: If the user’s password changes, then users will need to reinstall the PDFG Network Printer on their computers. You cannot update the password from administration console.

    Upon successful installation, a dialog box appears, indicating that the printer is successfully installed.

  4. Click OK . You will now have a PDF Generator printer available in your list of printers.

6.4.6.2 Configure PDFG Network Printer on Windows using the native Add Printer wizard

  1. Click Start > Printers and Faxes and double-click Add Printer .

  2. Click Next , select A network printer, or a printer attached to another computer , and then click Next .

  3. Select Connect to a printer on the internet or on a home or office network and type the following URL for the PDFG printer, where [host] is the server name and [port] is the port number where the server is running: 
    http://[host]:[port]/pdfg-ipp/printer

  4. On the Configure Internet Port screen, select Use the specified user account and provide valid User credentials.

  5. In the Printer Driver Select box, choose any standard PostScript-based printer driver (for example, HP Color LaserJet PS).

  6. Complete the installation by choosing appropriate options (for example, setting this printer as default).

    Note: The user credentials used while adding the printer must have a valid email ID configured in User Management to receive the response.

  7. Configure the email service’s sendmail service. Provide a valid SMTP server and authentication information in the service’s configuration options.

6.4.6.3 Install and configure the PDF Generator Network Printer Client using Proxy server port forwarding

  1. Configure port forwarding on the CC Proxy server on a particular port to the AEM forms on JEE Server, and disable the authentication at proxy server level (because AEM forms on JEE uses its own authentication). If a client connects to this Proxy server on the forwarded port, then all the requests will be forwarded to the AEM forms on JEE Server.

  2. Install PDFG Network Printer using the following URL: 

    http://[proxy server]:[forwarded port]/pdfg-ipp/install.

  3. Provide the necessary credentials for authentication of the PDFG Network Printer.

  4. The PDFG Network Printer will be installed on the client machine which you can use for PDF conversion using the firewall protected AEM forms on JEE Server.

6.4.7 Changing File Block Settings

Change Microsoft Office trust center settings to enable PDFG to convert older versions of Microsoft office documents.

  1. Click the File tab in any Office 2013 application. Under File , click Options ; the Options dialog box appears

  2. Click Trust Center , and then click Trust Center Settings .

  3. In the Trust Center settings , click File Block Settings .

  4. In the File Type list, uncheck open for the file type that you want to be converted by PDFG.

6.4.8 Watched folder performance parameters

To avoid java.io.IOException error messages indicating that not enough disk space is available to perform PDF conversions by using a watched folder, you can modify the settings for PDF Generator in administration console.

Set performance parameters for PDF Generator

  1. Log in to administration console and click Services > Applications and Services > Service Management .

  2. In the list of services, navigate to and click PDFGConfigService , and then set the following values:

    • PDFG Cleanup Scan Seconds : 1800

    • Job Expiration Seconds : 6000

    • Server Conversion Timeout : Change the default of 270 to a higher value, such as 450.

  3. Click Save and restart the server.

6.4.9 Enable PDF Conversion for Microsoft Word document containing protected fields

The PDF Generator supports Microsoft Word documents containing protected fields. To enable PDF Conversion for Microsoft Word document containing protected fields, change the file type settings:

  1. In the administration console , navigate to Services > PDF Generator > File Type Settings , and open your file type settings profile.

  2. Expand the Microsoft Word option and select the Preserve document markup in Adobe PDF (for Microsoft Office 2003 or later) option.

  3. Click Save As , specify name of the file type setting, and click OK .

6.5 Final setup for Document Security

Document Security requires the application server to be configured to use SSL. (See administration help .)

6.6 Configuring LDAP access

6.6.1 Configure User Management (Local Domain)

  1. Open a web browser, navigate to http:// [host] : [port] /adminui, and log in. (See 6.1.3.1 Accessing administration console .)

  2. Click Settings > User Management > Domain Management , and then click New Local Domain .

  3. In the appropriate boxes, enter the domain ID and name. (See “Adding local domains” in Administration help.)

  4. (Optional) Disable account locking by deselecting the Enable Account Locking option.

  5. Click OK .

6.6.2 Configure User Management with LDAP (Enterprise Domain)

  1. Open a web browser, navigate to http:// [host] : [port] /adminui and log in. (See 6.1.3.1 Accessing administration console .)

  2. Click Settings > User Management > Domain Management , and then click New Enterprise Domain .

  3. In the ID box, type a unique identifier for the domain and, in the Name box, type a descriptive name for the domain.

    Note: When using MySQL for your AEM forms on JEE database, use only single-byte (ASCII) characters for the ID. (See “Adding enterprise domains” in Administration Help .)

  4. Click Add Authentication and, in the Authentication Provider list, select LDAP .

  5. Click OK .

  6. Click Add Directory and, in the Profile Name box, type a name for your LDAP profile.

  7. Click Next .

  8. Specify values in the Server , Port , SSL , and Binding boxes, and in the Populate Page with box, select a directory settings option such as Default Sun ONE values . Also, specify values in the Name and Password box that would be used to connect to the LDAP database when anonymous access is not enabled. (See “Directory settings” in Administration Help.)

  9. (Optional) Test your configuration:

    • Click Test . The screen displays a message indicating either a successful server test or any configuration errors that exist.

  10. Click Next and configure the User Settings as required. (See “Directory settings” in Administration Help.)

  11. (Optional) Test your configuration:

    • Click Test .

    • In the Search Filter box, verify the search filter or specify a new search filter, and then click Submit . The screen displays a list of entries that match the search criteria.

    • Click Close to return to the User Settings screen.

  12. Click Next configure the Group Settings as required. (See “Directory settings” in Administration Help.)

  13. (Optional) Test your configuration:

    • Click Test .

    • In the Search Filter box, verify the search filter or specify a new search filter, and then click Submit . The screen displays a list of entries that match the search criteria.

    • Click Close to return to the Group Settings screen.

  14. Click Finish to exit the New Directory page and then click OK to exit.

6.7 Enabling FIPS mode

AEM forms on JEE provides a FIPS mode to restrict data protection to Federal Information Processing Standard (FIPS) 140-2 approved algorithms using the RSA BSAFE Crypto-C 2.1 encryption module.

If you did not enable this option by using Configuration Manager during AEM forms on JEE configuration or if you enable it but want to turn it off, you can change this setting through Administration Console.

Modifying FIPS mode requires you to restart the server.

FIPS mode does not support Acrobat versions earlier than 7.0. If FIPS mode is enabled and the Encrypt With Password and Remove Password processes include the Acrobat 5 setting, the process fails.

In general, when FIPS is enabled, the Assembler service does not apply password encryption to any document. If this is attempted, a FIPSModeException is thrown, indicating that “Password encryption is not permitted in FIPS mode.” Additionally, the PDFsFromBookmarks element is not supported in FIPS mode when the base document is password-encrypted.

Turn FIPS mode on or off

  1. Log in to administration console.

  2. Click Settings > Core System Settings > Configurations .

  3. Select Enable FIPS to enable FIPS mode or deselect it to disable FIPS mode.

  4. Click OK and restart the application server.

Note: AEM forms on JEE software does not validate code to ensure FIPS compatibility. It provides a FIPS operation mode so that FIPS-approved algorithms are used for cryptographic services from the FIPS-approved libraries (RSA).

6.8 Configuring HTML digital signature

To use the HTML digital signature feature of Forms, complete the following procedure.

  1. Manually deploy the [aem-forms root] /deploy/adobe-forms-ds.ear file to your application server.

  2. Log in to administration console and click Services > PDF forms .

  3. Select HTML Digital Signature Enabled and then click Save .

6.9 Configuring Kerberos authentication support for AEM forms on JEE Connector for Microsoft SharePoint

  1. Navigate to [ appserver root ]/standalone/configuration.

  2. Open lc_<db>.xml file for editing.

  3. Add following text to lc_<db>.xml file: 
    <security-domain name="LC_SP_CONNECTOR"> 
<authentication> 
<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required"> </login-module> 
</authentication> 
</security-domain>

  4. Navigate to [ appserver root] /

  5. Create a file named krb5.conf

  6. Modify following text according to your envrionment settings. Add modified text to krb5.conf file: 

    [libdefaults] 
default_realm = SP.COM 
default_checksum = rsa-md5 
[realms] 
SP.COM = { 
kdc = hostname.sp.com 
} 
[domain_realm] 
.sp.com = SP.COM

    Note: You must ensure that ,

    • SP.COM is replaced with the domain name in capital letters.

    • hostname.sp.com is replaced with fully qualified domain name of the domain controller and domain name is in small letters.

    • .sp.com with replaced with domain name in small letters prefixed with a period (.).

  7. Copy file addSpnego.mar from [ appserver root]/configurationManager/bin/Kerberos/modules/ to [appserver root]/bin/modules/ directory.
    Note: If the directory named modules does not exists, create it.

  8. Restart JBoss Server to complete the configuration.

6.10 Configuring Connector for EMC Documentum

Note: AEM forms on JEE supports EMC Documentum, versions 6.7 SP1 and 7.0 with minor updates only. Make sure your ECM is upgraded accordingly.

If you installed Connector for EMC Documentum as part of your AEM forms on JEE, complete the following procedure to configure the service to connect to the Documentum repository.

Configure Connector for EMC Documentum

  1. Locate the adobe-component-ext.properties file in the [appserver root] /bin folder (if the file does not exist, create it).

  2. Add a new system property that provides the following Documentum Foundation Classes JAR files:

    • dfc.jar

    • aspectjrt.jar

    • log4j.jar

    • jaxb-api.jar

    • configservice-impl.jar

    • configservice-api.jar

    • commons-codec-1.3.jar

    • commons-lang-2.4.jar

    The new system property should take on this form: 

    [component id].ext=[JAR files and/or folders]

    For example, using default Content Server and Documentum Foundation Classes installations, add to the file one of the following system properties on a new line, with no line breaks, and end the line with a carriage return:

    • Connector for EMC Documentum 6.7 SP1 and 7.0 only: 
      com.adobe.livecycle.ConnectorforEMCDocumentum.ext= 
C:/Program Files/Documentum/Shared/dfc.jar, 
C:/ProgramFiles/Documentum/Shared/aspectjrt.jar, 
C:/Program Files/Documentum/Shared/log4j.jar, 
C:/Program Files/Documentum/Shared/jaxb-api.jar, 
C:/Program Files/Documentum/Shared/configservice-impl.jar, 
C:/Program Files/Documentum/Shared/configservice-api.jar 
C:/Program Files/Documentum/Shared/commons-codec-1.3.jar 
C:/Program Files/Documentum/Shared/commons-lang-2.4.jar
      Note: The above text contains formatting characters for line breaks. If you copy and paste this text, you must remove the formatting characters.

  3. Open a web browser and enter this URL: 

    http://[host]:[port]/adminui

  4. Log in using the default user name and password:

    User name : administrator

    Password : password

  5. Navigate to Services > Connector for EMC Documentum > Configuration Settings and perform these tasks:

    • Type all the required Documentum repository information.

    • To use Documentum as your repository provider, under Repository Service Provider Information, select EMC Documentum Repository Provider , and then click Save . For more information, click the Help link in the upper-right corner of the page in the Administration Help.

  6. (Optional) Navigate to Services > Connector for EMC Documentum > Repository Credentials Settings , click Add , specify the Docbase information, and then click Save . (For more information, click Help in the upper-right corner.)

  7. If the application server is not currently running, start the server. Otherwise, stop and then restart the server.

  8. Open a web browser and enter this URL. 

    http://[host]:[port]/adminui

  9. Log in using the default user name and password:

    User name : administrator

    Password : password

  10. Navigate to Services > Applications and Services > Service Management and select these services:

    • EMCDocumentumAuthProviderService

    • EMCDocumentumContentRepositoryConnector

    • EMCDocumentumRepositoryProvider

    • EMCDocumentumECMUpgradeService

  11. Click Start . If any of the services do not start correctly, check the settings you completed earlier.

  12. Do one of the following tasks:

    • To use the Documentum Authorization service (EMCDocumentumAuthProviderService) to display content from a Documentum repository in the Resources view of Workbench, continue with this procedure. Using the Documentum Authorization service overrides the default AEM forms on JEE authorization and must be configured to log in to Workbench using Documentum credentials.

    • To use the AEM forms on JEE repository, log in to Workbench by using the AEM forms on JEE super administrator credentials (by default, administrator and password ).

    You have now completed the required steps for this procedure. Use the credentials provided in step 19 for accessing the default repository in this case and use the default AEM forms on JEE authorization service.

  13. Restart the application server.

  14. Log in to administration console and click Settings > User Management > Domain Management .

  15. Click New Enterprise Domain , and type a domain ID and name. The domain ID is the unique identifier for the domain. The name is a descriptive name for the domain.

    Note: When using MySQL for your AEM forms on JEE database, use only single-byte (ASCII) characters for the ID. (See “Adding enterprise domains” in AEM forms on JEE administration help .)

  16. Add a custom authentication provider:

    • Click Add Authentication .

    • In the Authentication Provider list, select Custom .

    • Select EMCDocumentumAuthProvider and then click OK .

  17. Add an LDAP authentication provider:

    • Click Add Authentication .

    • In the Authentication Provider list, select LDAP , and then click OK .

  18. Add an LDAP directory:

    • Click Add Directory .

    • In the Profile Name box, type a unique name, and then click Next .

    • Specify values for the Server , Port , SSL , Binding , and Populate page with options. If you select User for the Binding option, you must also specify values for the Name and Password fields.

    • (Optional) Select Retrieve Base DN to retrieve base domain names, as required.

    • Click Next , configure the user settings, click Next , configure group settings, as required, and then click Next .

      For details about the settings, click User Management Help in the upper-right corner of the page.

  19. Click OK to exit the Add Directory page and then click OK again.

  20. Select the new enterprise domain and click Sync Now . Depending on the number of users and groups in your LDAP network and the speed on your connection, the synchronization process may take several minutes.

    (Optional) To verify the status of the synchronization, click Refresh and view the status in the Current Sync State column.

  21. Navigate to Settings > User Management > Users and Groups .

  22. Search for users that were synchronized from LDAP and perform these tasks:

    • Select one or more users and click Assign Role .

    • Select one or more AEM forms on JEE roles and click OK .

    • Click OK a second time to confirm the role assignment.

      Repeat this step for all users that you assign roles to. For more information, click User Management Help in the upper-right corner of the page.

  23. Start Workbench and log in by using the credentials for the Documentum repository:

    Username : [ username ]@[ repository_name ]

    Password : [ password ]

    After you log in, the Documentum repository appears in the Resources view within Workbench. If you do not log in using the username@repository_name , Workbench attempts to log in to the default repository.

  24. (Optional) To install the AEM forms on JEE Samples for Connector for EMC Documentum, create a Documentum repository named Samples, and then install the samples in that repository.

After you configure the Connector for EMC Documentum service, see AEM forms on JEE administration help for information about configuring Workbench with your Documentum repository.

6.10.1 Creating the XDP MIME format in a Documentum repository

Before users can store and retrieve XDP files from a Documentum repository, you must do one of these tasks:

  • Create a corresponding XDP format in each repository where users will access XDP files.

  • Configure the Connector for EMC Documentum service to use a Documentum Administrator account when accessing the Documentum repository. In this case, the Connector for EMC Documentum service uses the XDP format whenever it is required.

Create the XDP format on Documentum Content Server using Documentum Administrator

  1. Log in to Documentum Administrator.

  2. Click Formats and then select File > New > Format .

  3. Type the following information in the corresponding fields:

    Name: xdp

    Default File Extension: xdp

    Mime Type: application/xdp

  4. Repeat steps 1 to 3 for all other Documentum repositories where users will store XDP files.

Configure the Connector for EMC Documentum service to use a Documentum Administrator

  1. Open a web browser and enter this URL:

    http:// [host] : [port] /adminui

  2. Log in using the default user name and password:

    User name : administrator

    Password : password

  3. Click Services > Connector for EMC Documentum > Configuration Settings .

  4. Under Documentum Principal Credentials Information, update the following information and then click Save :

    User Name: [Documentum Administrator user name]

    Password: [Documentum Administrator password]

  5. Click Repository Credentials Settings , select a repository from the list or, if none exist, click Add .

  6. Provide the appropriate information in the corresponding fields and then click Save :

    Repository Name: [Repository Name]

    Repository Credentials User Name: [Documentum Administrator user name]

    Repository Credentials Password: [Documentum Administrator password]

  7. Repeat steps 5 and 6 for all repositories where users will store XDP files.

6.10.2 Add support for multiple connection brokers

AEM forms on JEE Configuration Manager supports configuring only one connection broker. Use AEM forms on JEE Administrator Console to add support for multiple connection brokers:

  1. Open AEM forms on JEE Administrator Console.

  2. Navigate to Home > Services > Connector for EMC Documentum > Configuration Settings.

  3. In the Connection broker Host Name or IP Address, enter comma seperated list of hostnames of different connection brokers. For example, host1, host2, host3.

  4. In the Port Number of Connection broker , enter comma seperated list of the ports of corresponding connection brokers. For example, 1489, 1491, 1489.

  5. Click Save .

6.11 Configuring the Connector for IBM Content Manager

Note: AEM forms supports IBM Content Manager. See the Supported Platform Combinations document and make sure your ECM is upgraded to the supported version.

If you installed the Connector for IBM Content Manager as part of your AEM forms installation, complete the following procedure to configure the service to connect to the IBM Content Manager datastore.

Configure Connector for IBM Content Manager

  1. Locate the adobe-component-ext.properties file in the [appserver root] /bin folder. If the file does not exist, create it.

  2. Add a new system property that provides the location of the following IBM II4C JAR files:

    • cmb81.jar

    • cmbcm81.jar

    • cmbicm81.jar

    • cmblog4j81.jar

    • cmbsdk81.jar

    • cmbutil81.jar

    • cmbutilicm81.jar

    • cmbview81.jar

    • cmbwas81.jar

    • cmbwcm81.jar

    • cmgmt

    Note: cmgmt is not a JAR file. On Windows, by default, this folder is at C:/Program Files/IBM/db2cmv8/ .

    • common.jar

    • db2jcc.jar

    • db2jcc_license_cisuz.jar

    • db2jcc_license_cu.jar

    • ecore.jar

    • ibmjgssprovider.jar

    • ibmjsseprovider2.jar

    • ibmpkcs.jar

    • icmrm81.jar

    • jcache.jar

    • log4j-1.2.8.jar

    • xerces.jar

    • xml.jar

    • xsd.jar

    The new system property looks similar to the following: 

    [component id].ext=[JAR files and/or folders]

    For example, using a default DB2 Universal Database Client and II4C installation, in the file, add the following system property on a new line, with no line breaks, and end the line with a carriage return: 

            C:/Program Files/IBM/db2cmv8/cmgmt, 
        C:/Program Files/IBM/db2cmv8/java/jre/lib/ibmjsseprovider2.jar, 
        C:/Program Files/IBM/db2cmv8/java/jre/lib/ibmjgssprovider.jar, 
        C:/Program Files/IBM/db2cmv8/java/jre/lib/ibmpkcs.jar, 
        C:/Program Files/IBM/db2cmv8/java/jre/lib/xml.jar, 
        C:/Program Files/IBM/db2cmv8/lib/cmbview81.jar, 
        C:/Program Files/IBM/db2cmv8/lib/cmb81.jar, 
        C:/Program Files/IBM/db2cmv8/lib/cmbcm81.jar, 
        C:/Program Files/IBM/db2cmv8/lib/xsd.jar, 
        C:/Program Files/IBM/db2cmv8/lib/common.jar, 
        C:/Program Files/IBM/db2cmv8/lib/ecore.jar, 
        C:/Program Files/IBM/db2cmv8/lib/cmbicm81.jar, 
        C:/Program Files/IBM/db2cmv8/lib/cmbwcm81.jar, 
        C:/Program Files/IBM/db2cmv8/lib/jcache.jar, 
        C:/Program Files/IBM/db2cmv8/lib/cmbutil81.jar, 
        C:/Program Files/IBM/db2cmv8/lib/cmbutilicm81.jar, 
        C:/Program Files/IBM/db2cmv8/lib/icmrm81.jar, 
        C:/Program Files/IBM/db2cmv8/lib/db2jcc.jar, 
        C:/Program Files/IBM/db2cmv8/lib/db2jcc_license_cu.jar, 
        C:/Program Files/IBM/db2cmv8/lib/db2jcc_license_cisuz.jar, 
        C:/Program Files/IBM/db2cmv8/lib/xerces.jar, 
        C:/Program Files/IBM/db2cmv8/lib/cmblog4j81.jar, 
        C:/Program Files/IBM/db2cmv8/lib/log4j-1.2.8.jar, 
        C:/Program Files/IBM/db2cmv8/lib/cmbsdk81.jar, 
        C:/Program Files/IBM/db2cmv8/lib/cmbwas81.jar

  3. If the application server is not currently running, start the server; otherwise, stop and then restart the server.

You can now connect to the IBM Content Manager datastore from the IBMCMConnectorService Property Sheets by using the Use User Credentials as the login mode.

You have now completed the required steps for this procedure.

(Optional) If you want to connect to IBM Content Manager datastore from IBMCMConnectorService Property Sheets by using the Use Credentials From Process Context as the login mode, complete the following procedure.

Connect using Use Credentials from process context login mode

  1. Open a web browser and enter this URL:

    http:// [host] : [port] /adminui

  2. Log in using the super administrator credentials. Default values set during installation are:

    User name: administrator

    Password: password

  3. Click Services > Connector for IBM Content Manager

  4. Type all of the required repository information and click Save . For more information about the IBM Content Manager repository information, click the Help link in the upper-right corner of the page.

  5. Do one of these tasks:

    • To use the IBM Content Manager Authorization service IBMCMAuthProvider to use content from an IBM Content Manager datastore, in the Processes view of Workbench, continue with this procedure. Using the IBM Content Manager Authorization service overrides the default AEM forms authorization and must be configured to log in to Workbench by using IBM Content Manager credentials.

    • To use the System Credentials provided in step 4 to use content from an IBM Content Manager datastore, in the Processes view of Workbench, log in to Workbench by using the AEM forms super administrator credentials (by default, administrator and password ). You have now completed the required steps for this procedure. The System Credentials that are provided in step 4 use the default AEM forms authorization service for accessing the default repository in this case.

  6. Log in to the administration console, and click Settings > User Management > Domain Management .

  7. Click New Enterprise Domain and type a domain ID and name. The domain ID is the unique identifier for the domain. The name is a descriptive name for the domain.

    Note: When using MySQL for your AEM forms database, use only single-byte (ASCII) characters for the ID. (See Adding enterprise domains in administration help .)

  8. Add a custom authentication provider:

    • Click Add Authentication .

    • In the Authentication Provider list, select Custom , and then select IBMCMAuthProviderService and click OK .

  9. Add an LDAP authentication provider:

    • Click Add Authentication .

    • In the Authentication Provider list, select LDAP and then click OK .

  10. Add an LDAP directory:

    • Click Add Directory .

    • In the Profile Name box, type a unique name, and then click Next .

    • Specify values for the Server , Port , SSL , Binding , and Populate page with options. If you select User for the Binding option, you must also specify values for the Name and Password fields. (Optional) Select Retrieve Base DN to retrieve base domain names, as required. When finished, click Next .

    • Configure the user settings, click Next , configure group settings as required, and then click Next .

    For details about the above settings, click the Help link in the upper-right corner of the page.

  11. Click OK to exit the Add Directory page and click OK again.

  12. Select the new enterprise domain and click Sync Now . Depending on the number of users and groups in your LDAP network and the speed on your connection, the synchronization process may take several minutes.

  13. To verify the status of the synchronization, click Refresh and view the status in the Current Sync State column.

  14. Navigate to Settings > User Management > Users and Groups .

  15. Search for users that were synchronized from LDAP and do these tasks:

    • Select one or more users and click Assign Role .

    • Select one or more AEM forms roles and click OK .

    • Click OK a second time to confirm the role assignment.

    Repeat this step for all users that you want to assign roles to. For more information, click the Help link in the upper-right corner of the page.

  16. Start Workbench and log in using the following credentials for IBM Content Manager datastore:

    Username: [username]@[repository_name]

    Password: [password]

    The IBM Content Manager datastore can now be used in the Processes view within Workbench when the login mode for IBMCMConnectorService orchestrable components is selected as Use Credentials from process context.

6.12 Configuring the Connector for IBM FileNet

AEM forms supports IBM FileNet, versions 5.0 and 5.2 only. Make sure your ECM is upgraded accordingly.

Note: AEM forms supports FileNet 5.2 Content Engine; FileNet 5.2 Process Engine is not supported.

If you installed Connector for IBM FileNet as part of your AEM forms, you must configure the service to connect to the FileNet object store.

Complete the following procedure to configure Connector for IBM FileNet.

  1. Locate the adobe-component-ext.properties file in the [appserver root] /bin folder (if the file does not exist, create it).

  2. Add a new system property that provides the location of these FileNet Application Engine JAR files:

    For FileNet 5.x add following JAR files

    • Jace.jar

    • javaapi.jar

    • log4j.jar

    • pe.jar

    • stax-api.jar

    • xlxpScanner.jar

    • xlxpScannerUtils.jar

    Note: Add the pe.jar file only if your deployment uses the IBMFileNetProcessEngineConnector service. The new system property should reflect this structure: 
    [component id].ext=[JAR files and/or folders]

    For example, using a default FileNet Application Engine installation on a Windows operating system, add the following system property on a new line with no line breaks and end the line with a carriage return:

    Note: The following text contains formatting characters for line breaks. If you copy this text to a location outside this document, remove the formatting characters when you paste it to the new location. 
    com.adobe.livecycle.ConnectorforIBMFileNet.ext= 
C:/Program Files/FileNet/AE/CE_API/lib2/javaapi.jar, 
C:/Program Files/FileNet/AE/CE_API/lib2/log4j-1.2.13.jar

  3. (FileNet Process Engine Connector only) Configure the connection properties for the process engine as follows:

    • Using a text editor, create a file with the following content as a single line and end the line with a carriage return:

      (FileNet 5.0 only) 

      RemoteServerUrl = cemp:http://[contentserver_IP]:[contentengine_port]/wsi/FNCEWS40DIME/

      (FileNet 5.2 only) 

      RemoteServerUrl = cemp:http://[contentserver_IP]:[contentengine_port]/wsi/FNCEWS40MTOM/

    • Save the file as WcmApiConfig.properties in a separate folder, and add the location of the folder that contains the WcmApiConfig.properties file to the adobe-component-ext.properties file.

      For example, if you save the file as c:/pe_config/WcmApiConfig.properties, add the path c:/pe_config to the adobe-component-ext.properties file.

      Note: The filename is case-sensitive.

  4. Locate the lc_turnkey.xml file in the following folder and add the following application policy as a child of the <security-domains> node:

    • (Manually-configured JBoss, single server) [appserver root] [appserver root]/standalone/configuration

    • (Adobe-preconfigured JBoss, single server) [appserver root]/standalone/configuration 

      <security-domain name = "FileNetP8WSI"> 
    <authentication> 
        <login-module code = "com.filenet.api.util.WSILoginModule" flag = "required"> 
        </login-module> 
    </authentication> 
</security-domain>

      If you are using process engine then add the following code after the </security-domain> node: 

      <security-domain name = "FileNetP8"> 
   <authentication> 
      <login-module code = "com.filenet.api.util.WSILoginModule" flag = "required"> 
      </login-module> 
   </authentication> 
</security-domain>
    • (Adobe-preconfigured JBoss, cluster) [appserver root] /domain/configuration/ 
      <security-domain name = "FileNetP8WSI"> 
    <authentication> 
        <login-module code = "com.filenet.api.util.WSILoginModule" flag = "required"> 
        </login-module> 
    </authentication> 
</security-domain>

      If you are using process engine then add the following code after the </security-domain> node: 

      <security-domain name = "FileNetP8"> 
   <authentication> 
      <login-module code = "com.filenet.api.util.WSILoginModule" flag = "required"> 
      </login-module> 
   </authentication> 
</security-domain>

  5. If the application server is not currently running, start the server. Otherwise, stop and then restart the server.

  6. If JBoss runs as a service, start (or restart) the JBoss for Adobe Experience Manager forms Service.

  7. ( Cluster only ) Repeat all previous steps on each instance on the cluster.

  8. Open a web browser and enter this URL:

    http://[host]:[port]/adminui

  9. Log in using the default user name and password:

    User name : administrator

    Password : password

  10. Click Services > Connector for IBM FileNet .

  11. Provide the Content Engine URL. For example, cemp:http://ContentEngineHostNameorIP:port/wsi/FNCEWS40MTOM?jaasConfigurationName=FileNetP8WSI

  12. Provide all of the required FileNet repository information and, under Repository Service Provider Information, select IBM FileNet Repository Provider .

    If your deployment uses the optional process engine service, under Process Engine Settings, select Use Process Engine Connector Service and specify the process engine settings. For more information, click the Help link in the upper-right corner of the page.

    Note: The credentials that you provide in this step are validated later when you start the IBM FileNet repository services. If the credentials are not valid, an error is thrown and the services will not start.

  13. Click Save and navigate to Services > Applications and Services > Service Management .

  14. Select the check box next to each of these services and then click Start :

    • IBMFileNetAuthProviderService

    • IBMFileNetContentRepositoryConnector

    • IBMFileNetRepositoryProvider

    • IBMFileNetProcessEngineConnector (if configured)

    If any of the services do not start correctly, verify the Process Engine settings.

  15. Do one of the following tasks:

    • To use the FileNet Authorization service (IBMFileNetAuthProviderService) to display content from a FileNet object store in the Resources view of Workbench, continue with this procedure. Using the FileNet Authorization service overrides the default AEM forms authorization and must be configured to log in to Workbench by using FileNet credentials.

    • To use the AEM forms repository, log in to Workbench by using the super administrator credentials (by default, administrator and password ). The credentials provided in step 16 use the default AEM forms authorization service for accessing the default repository in this case.

  16. Restart your application server.

  17. Log in to administration console and click Settings > User Management > Domain Management .

  18. Click New Enterprise Domain and then type a domain ID and name. The domain ID is the unique identifier for the domain. The name is a descriptive name for the domain.

    When using MySQL for your AEM forms database, use only single-byte (ASCII) characters for the ID. (See “Adding enterprise domains” in Administration Help

  19. Add a custom authentication provider:

    • Click Add Authentication .

    • In the Authentication Provider list, select Custom .

    • Select IBMFileNetAuthProviderService and then click OK .

  20. Add an LDAP authentication provider:

    • Click Add Authentication .

    • In the Authentication Provider list, select LDAP and then click OK .

  21. Add an LDAP directory:

    • Click Add Directory and, in the Profile Name box, type a unique name, and then click Next .

    • Specify values for the Server , Port , SSL , Binding , and Populate page with options. If you select User for the Binding option, you must also specify values for the Name and Password fields.

    • (Optional) Select Retrieve Base DN to retrieve base domain names, as required. When finished, click Next .

    • Configure the user settings, click Next , configure group settings as required, and then click Next .

      For details about the settings, click Help link in the upper-right corner of the page.

  22. Click OK to exit the Add Directory page, and then click OK again.

  23. Select the new enterprise domain and click Sync Now . Depending on the number of users and groups in your LDAP network and the speed on your connection, the synchronization process may take several minutes.

    (Optional) To verify the status of the synchronization, click Refresh and view the status in the Current Sync State column.

  24. Navigate to Settings > User Management > Users and Groups .

  25. Search for users that were synchronized from LDAP and perform these tasks:

    • Select one or more users and click Assign Role .

    • Select one or more AEM forms roles and click OK .

    • Click OK a second time to confirm the role assignment.

    Repeat this step for all users you want to assign roles to. For more information, click the Help link in the upper-right corner of the page.

  26. Start Workbench and log in using the following credentials for the IBM FileNet repository:

    User name: [username]@[repository_name]

    Password: [password]

    The FileNet object store should now be visible in the Resources view within Workbench. If you do not log in using the username @ repository name , Workbench attempts to log in to the default repository specified in step 16.

  27. (Optional) If you intend to install the AEM forms Samples for Connector for IBM FileNet, create a FileNet object store named Samples and install the samples in that object store.

    After you configure Connector for IBM FileNet, it is recommended that you see administration help for information about configuring Workbench functions properly with your FileNet repository.

6.13 Isolating JBoss Clusters

There are a lot of JBoss services that create multiple JGroup channels services. These channels should only communicate with specific channels.

To isolate JGroups clusters from other clusters on the network, ensure that

  • The channels in the various clusters use different group names. Use ./run.sh -g QAPartition -b <ipaddress> -c all to create unique groups.

  • The channels in the various clusters use different multicast addresses. Use /run.sh -u <UDP group Ip address> -g QAPartition -b <ipaddress> -c all to control the multicast address.

  • The channels in each cluster use different multicast ports. Use /run.sh -u <UDP group Ip address> -g QAPartition -b <ipaddress> -c all \\-Djboss.jgroups.udp.mcast_port=12345 -Djboss.messaging.datachanneludpport=23456 to control the muticast sockets.

    See, Isolating JGroups Channels in jbossclustering guide at http://docs.jboss.org/ for detailed information to isolate JBoss Clusters

6.14 (Optional)Enable JMX console security

In the default setup of AEM forms on JEE, JBoss JMX console security is disabled. To enable the security, follow the steps mentioned below:

  1. Shut down the application server.

  2. Navigate to the [appserver root] /server/<profile_name>/deploy directory and open the jmx-invoker-service.xml file in a text editor.

  3. Ensure that the following line is not commented out in the invoke section: 

    <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor" securityDomain="java:/jaas/jmx-console"/>

  4. Save and close the file.

  5. Create a new file, work-manager.properties, at [appserver root] /server/.

  6. Open work-manager.properties file in a text editor and add following code: 
        adobe.work-    manager.jboss.jmx.lookup.java.naming.factory.initial=org.jboss.security.jndi.JndiLo    ginInitialContextFactory 
    adobe.work-manager.jboss.jmx.lookup.java.naming.provider.url=jnp://localhost:1099/ 
    adobe.work-manager.jboss.jmx.lookup.java.naming.security.credentials=<password> 
    adobe.work-manager.jboss.jmx.lookup.java.naming.security.principal=<username> 
    adobe.work-manager.jboss.jmx.lookup.java.naming.security.protocol=jmx-console
    Note: Ensure that identical credentials are mentioned in jmx-console-users.properties file and in work-manager.properties file. The default credentials are admin/admin.

  7. Save and close the file.

  8. Navigate to the [appserver root] /server/<profile_name>/conf/props directory and open jmx-console-users.properties file in a text editor.

  9. Ensure that an entry that contains credentials used in the work-manager.properties file is not commented out.

  10. Save and close the file.

  11. Navigate to [appserver root] /bin and open standalone.conf.bat file in a text editor and add following code: 

    set "JAVA_OPTS=%JAVA_OPTS%  -Dadobe.workmanager.properties = <path of the work-manager.properties file>

  12. Save and close the file.

  13. Start the application server.

6.15 Enable messaging on standalone JBoss

To enable messaging on a standalone JBoss 6.2 server for AEM forms on JEE:

  1. Enable the messaging module on the JBOSS 6.2 if it is not enabled yet.

    Copy the following tags from the standalone_full.xml file to the specified location in the lc_turnkey.xml file. Both the files are located in the < aem-forms root >/jboss/standalone/configuration directory.

    • Copy the entire tag with its content <extension module="org.jboss.as.messaging">....</extension> from the standalone_full.xml file and put it after the <extensions> tag in the lc_turnkey.xml file

    • Copy the entire tag with its content <subsystem xmlns="urn:jboss:domain:messaging:1.4">....</subsystem> from the standalone_full.xml file and put it after the <profile> tag in the lc_turnkey.xml file

  2. Run the add-user.bat script located at < aem-forms root >/jboss/bin to create an application user and add the user to the guest group. The JMS DSC component on AEM forms on JEE expects a Connection User Name and Password to be specified. This user must have permission to use JMS Queue/Topic for performing the Send/Receive operation.
    Note: In the lc_turnkey.xml file, a user with a guest role is already defined under the <security-setting match="#">..... </security-settings> tag. The default user has the privilege to send-receive messages via JMS. However, you must create an application user on the JBoss 6.2 server with the above role to send-receive JMS messages. While creating a user using the add-user.bat script, you can assign it the guest group.

  3. Change the JMS DSC Configuration with the user created in step 2.

    1. Log in to the administration console for AEM forms on JEE.

    2. Navigate to Services > Application and Services > Service Management .

    3. Search JMS service.

    4. In the configuration tab, change the JMS configuration.

// Ethnio survey code removed