Configuring Acrobat Reader DC extensions

Overview

Acrobat Reader DC extensions enables your organization to easily share interactive PDF documents by extending the functionality of Acrobat Reader with additional usage rights. The additional usage rights activate features that are not usually available when a PDF document is opened using Adobe Reader, such as adding comments to a document, filling forms, and saving the document. Users do not require additional software or plug-ins to work with rights-enabled documents.

Configuring credentials for use with Acrobat Reader DC extensions

To apply usage rights to PDF documents, configure AEM forms with a valid credential for Acrobat Reader DC extensions. A credential may have been configured during the installation of AEM forms. If you did not configure your Acrobat Reader DC extensions credential while running Configuration Manager or if you need to import a new or replacement credential, you can do so using the Trust Store Management pages.

If you are using an evaluation credential, replace it with a production credential when moving to your production environment. To update an expired or evaluations credential, first delete the old Acrobat Reader DC extensions credential.

For information about obtaining a credential, see Preparing to Install AEM forms (Single Server) .

The Trust Store may contain more than one Acrobat Reader DC extensions credential. You must designate one of those credentials as the default Reader Extensions credential. The default credential is used when a Workbench user is unable to determine which credential to use during process creation. These rules apply to default credentials:

  • If you import a Acrobat Reader DC extensions credential and the Trust Store contains no other Acrobat Reader DC extensions credentials, it is set as the default.

  • If you import a Acrobat Reader DC extensions credential with the Default option selected, the default type is removed from an existing default credential. The imported credential becomes the default.

  • You cannot delete a default Acrobat Reader DC extensions credential. To delete the default credential, first set another credential as the default. An exception to this rule is that if there is only one credential, you can delete it even though it is the default.

  • You cannot update a default Acrobat Reader DC extensions credential.

Note: You can also import and delete credentials programmatically. (See Programming with AEM forms .)

Import a Acrobat Reader DC extensions credential

  1. In administration console, click Settings > Trust Store Management > Local Credentials.

  2. Click Import and, under Trust Store Type, select Acrobat Reader DC extensions Credential.

  3. (Optional) To indicate that this credential is the default credential to use with Acrobat Reader DC extensions, select Default.

  4. In the Alias box, type an identifier for the credential. This identifier is used as the display name for the credential in Acrobat Reader DC extensions. This alias is also used to access the credential programmatically using the AEM forms SDK.

    Note: The alias name is automatically converted to uppercase for display purposes. The alias name is not case-sensitive when you refer to it in a process.

  5. Click Choose File to locate the credential, type the password of the credential, and then click OK.

    If the error message "Failed to import credential due to either incorrect file format, or incorrect password" appears, verify that the password is valid.

Remove a Acrobat Reader DC extensions credential

  1. In administration console, click Settings > Trust Store Management > Local Credentials.

  2. Select the credential and click Delete.

Replace a Acrobat Reader DC extensions credential

  1. In administration console, click Settings > Trust Store Management > Local Credentials.

  2. Make note of the existing credential’s alias and then select it and click Delete.

  3. Import the new credential using the exact same alias name.

Review credential use information

The credential contains information describing its intended use that is accessible through the Acrobat Reader DC extensions end-user web application. You can use this information to determine the type of credential installed (either evaluation or production) and its validity dates.

  1. Open a web browser and enter this URL:

    http://localhost: [port] /ReaderExtensions (where [port] is your application server’s port number)

  2. Log in using the default user name and password:

    User name: administrator

    Password: password

    Note: You must have administrator or super user privileges to log in using the default user name and password. To allow other users to access Acrobat Reader DC extensions, create the user accounts in User Management and grant the users the Acrobat Reader DC extensions Web Application role.

  3. Select the credential alias from the Select Credential list and review the information included in the Expiration Date and Intended Use Notice.

Note: The credential’s expiration date is also available on the Settings > Trust Store Management > Local Credentials page of administration console, under Expiration Date.

Review the usage rights of a PDF file

When you upload a PDF file to the Acrobat Reader DC extensions web application, you can view this information:to view whether it has been Reader extended, any usage rights applied, and their expiry dates.

  1. Log in to the Acrobat Reader DC extensions web application at http://localhost: [port] /ReaderExtensions (where [port] is your application server’s port number).

  2. Click Browse to upload the PDF file and then click Info. The information appears below the filename.

    See Acrobat Reader DC extensions Help for details on modifying the file’s usage rights.

Recognizing valid and expired certificates in PDF documents

When a PDF document that has usage rights applied by Reader Extensions is opened in Adobe Reader, a status bar appears that describes the specific usage rights enabled in the PDF document.

When the digital certificate that specifies the usage rights for a PDF document expires and the PDF document is opened in Adobe Reader, a dialog box appears advising the user that the PDF document has usage rights, but these rights are disabled. Although the message indicates that the PDF document was altered or tampered with, this is not necessarily the case. Adobe Reader displays this message when a certificate expires or a document is modified. In Adobe Reader 7.0.x or later, you cannot determine which case is currently the issue.

After you close the dialog box, Adobe Reader opens the PDF document. The usage rights that were applied using Acrobat Reader DC extensions are not available, as expected. If the PDF document is an interactive form, the form fields are locked and the user cannot change the form data.

Certificate types used by Acrobat Reader DC extensions

The Certificate Viewer provides the following information about the certificate:

  • Certificate "friendly" name

  • Certificate profiles

  • Validity period

  • Acrobat Reader DC extensions usage rights

Certificate “friendly” name

The "friendly" name of a Acrobat Reader DC extensions certificate is a string that describes the properties of the certificate, as in the following example:

ARE 2D Barcode Full Production V6.1 P8 0002054

The string contains the following elements:

Certificate type:
Describes the AEM forms modules that the certificate activates, and the level of activation, such as ARE 2D Barcode Full. For a list of the certificate types available, see the Type column in the table in the Certificate profiles section.

Deployment type:
Indicates the intended use of the certificate, such as Production. The value can be Evaluation or Production. For a list of deployment types associated with each certificate type, see the Deployment type column in the table in the Certificate profiles section.

Usage rights version:
Describes the version of the usage rights algorithm that the certificate can be used for, such as V6.1. This version does not signify the version of Acrobat or Acrobat Reader DC extensions.

Profile code:
The profile code is a shorthand description of complete certificate properties, such as example, P8. For a list of the profile codes associated with each file type, see the Profile code column in the table in the Certificate Profiles section.

Serial number:
A serial number is assigned to each certificate issued by Adobe, such as 0002054. Adobe Enterprise Support or an Adobe Enterprise account representative can use this serial number to trace the certificate to a specific product order or to an OEM relationship.

Certificate profiles

The following table lists the certificate profiles that you may encounter when analyzing Acrobat Reader DC extensions certificates.

Profile code

Type

Validity period

Deployment type

P1

SAP Production

Max

Production

P2

SAP Internal Test

2 years

Evaluation and test

P3

Acrobat Reader DC extensions, Production

Max

Production

P4

Acrobat Reader DC extensions, Internal Adobe Use

2 years

Production

P5

Acrobat Reader DC extensions, Partner Integration

2 years

Evaluation and test

P6

Acrobat Reader DC extensions, Evaluation

60 days

Evaluation

P8

Forms, Production

Max

Production

P9

Adobe Acrobat 7.x, Production

Max

Production

I10

Forms; may be used by OEMs

Max

Production and evaluation

I11

Forms; may be used by OEMs

Max

Production and evaluation

I12

Signature only; may be used by OEMs

Max

Production and evaluation

I13

Offline Commenting only; may be used by OEMs

Max

Production and evaluation

I14

Commenting only; may be used by OEMs

Max

Production and evaluation

I15

Full permissions; may be used by OEMs

Max

Production and evaluation

Validity period

Evaluation certificates are issued to customers and developers so that they can evaluate and develop sample applications for products. The validity period of these certificates is between 60 and 90 days. They expire at the end of the second month following the data of issue.

Partner Integration certificates are issued to Adobe business partners to support software development, integration, prototyping, and demonstration. These certificates are valid for two years from the date of issue.

Adobe Internal Use certificates are used within Adobe to support software development, integration, prototyping and demonstration. These certificates are valid for two years from the date of issue.

Production certificates are issued to customers who purchased Acrobat Reader DC extensions. These certificates are valid for the maximum period permitted by the certificate authority (CA), shown as Max in the Certificate Profiles table.

Acrobat Reader DC extensions usage rights

When you examine the Acrobat Reader DC extensions certificate in the Certificate Viewer, you can select the usage rights item from the Details tab (if configured) to see an itemized list of the Adobe Reader usage rights that the certificate can enable. The usage rights enabled on a particular document may be a subset of those enabled by the certificate.

If online commenting is required in a non-collaborative environment, contact Adobe Support for more information. The Mode property matches the deployment type and is either production or evaluation .

The permitted Acrobat Reader DC extensions usage rights consist of one or more specific elements. These elements are used in different combinations to achieve varieties of licensed product functionality.

Usage rights element

Capability enabled in Adobe Reader when viewing a rights-enabled PDF document

FormFillInAndSave

Fill in form fields and save files locally.

FormImportExport

Import and export form data as FDF, XFDF, XML, and XDP files.

FormAddDelete

Add, change, or delete fields and field properties on the PDF form.

SubmitStandalone

Submit data, by email or offline, to a server when it is not running in a browser session.

SpawnTemplate

Create pages from template pages within the same PDF form.

Signing

Digitally sign and save PDF documents, and clear digital signatures.

AnnotModify

Create and modify document annotations such as comments.

AnnotImportExport

Save annotations such as comments in a separate data file and load comments from a file.

BarcodePlaintext

Print a document with form data barcoded in an unencrypted form that does not require licensed server software to decode.

AnnotOnline

Upload and download annotations such as comments to and from an online document review and comment server.

FormOnline

Connect to web services or databases that are defined within a PDF form.

EFModif

Modify embedded file objects associated with the PDF document.

Note: Acrobat Reader DC extensions usage rights can be licensed from Adobe only in certain combinations that work together. It is not possible to license these capabilities independently. For information about the available combinations of usage rights, contact an AEM forms account representative.

Configuring Acrobat Reader DC extensions for data capture

If users of your AEM forms installation use the data capture functionality of Content Services (Deprecated), it is recommended that you create a role with read-only access for these users.
Note: Adobe® LiveCycle® Content Services ES (Deprecated) is a content management system installed with LiveCycle. It enables users to design, manage, monitor, and optimize human-centric processes. Content Services (Deprecated) support ends on 12/31/2014. See Adobe product lifecycle document . To know about configuring Content Services (Deprecated), see Administering Content Services .

Data capture requires that you assign a user role to access the SampleReaderExtensionsCredential. You may assign the standard Trust Administrator role, but consider that this role gives general, non-administrative users the powerful administrator privileges that control the PKI Trust settings and manage PKI Credentials, which could compromise the security of your AEM forms installation in a production environment. It is recommended that the AEM forms system administrator create a role that grants only read-only access to the Trust Store, and assign this new role to non-administrator users who use data capture.

Create a role for data capture users

  1. In administration console, click Settings > User Management > Role Management, and then click New Role.

  2. Enter the role name (for example, Data Capture User) and description in the appropriate fields, then click Next.

  3. On the Role Permissions screen, click Find Permissions, then select Credential Read from the list of available permissions.

  4. Click OK, then click Finish.

Assign the data capture role

  1. In administration console, click Settings > User Management > Role Management, and then click Find.

  2. Click the data capture user role you created.

  3. On the Role Users/Groups tab, click Find Users/Groups.

  4. On the Find Users and Groups screen, click Find, select the users who require the data capture user role, then click OK.

  5. On the Edit Role screen, click Save.

Enabling online commenting for Adobe Reader web browser plug-in

To enable the Comment and Markup toolbar in a PDF file that is viewed by using the Adobe Reader web browser plug-in, a collaboration back end must be in place, such as a review server. If a collaboration back end is not available, you must save the PDF file to your computer, review and mark up the file in Adobe Reader, and send it back to the originator.

If online commenting is required in a non-collaborative environment, contact Adobe Support for more information.

Setting timeout values for use with Acrobat Reader DC extensions

When working on many PDF files in Acrobat Reader DC extensions, ensure that the following time-out values are set appropriately to prevent jobs from timing out and failing:

Document Disposal Timeout:
This value can be set in administration console. Click Settings > Core System Settings > Configurations and specify a value for Default Document Disposal Timeout.

User Manager AEM forms Timeout:
This value can be set by editing the config.xml file. In administration console, click Settings > User Management > Configuration > Import and export configuration files, and then click Export. Open the exported config.xml file and edit the following lines:

<entry key="assertionValidityInMinutes" value="600"/>

<entry key="SessionTimeout" value="600"/>

Save and then import the config.xml file back into administration console.

Application Server Session Timeout:
This value can be set on the application server. For more information, see the documentation provided with your application server.

// Ethnio survey code removed