Certifying policy-protected documents

Using certified forms that are secured using the Rights Management service is useful when you want to control who can use the form and also allow form users to verify the form’s authenticity.

This Quick Start will be most useful to you if you are already familiar with the Rights Management service. For more information, see Services Reference for AEM forms .

For example, a company’s purchase order process enables users to fill a PDF form and submit it online. The form is provided in PDF and is protected with an Rights Management 11 policy so that only registered users can use it. The form is also certified so that users can verify the form’s authenticity.

The following illustration shows the process diagram that is used to prepare the form before it is provided to users.

The above process diagram includes the following service operations:

  1. The renderPDFForm operation (Forms service) creates a PDF form from an XDP file. The name of this operation on the process diagram is Render Form.

  2. The Protect Document operation (Rights Management service) applies a policy to the form to implement usage rights. The name of this operation on the process diagram is Restrict Document To ‘All Principals’.

  3. The Certify PDF operation (Signature service) certifies the document. The certification signature assures the recipient of the form’s authenticity and integrity. The name of this operation on the process diagram is Certify Document With Sample Key.

Note: The order in which these operations are executed is very important. Policy protection of a PDF document must occur before certification.

Prerequisites

To policy-protect and certify a rendered PDF form, the following conditions must be met when the process executes at run time:

  • The form and, optionally, the initial data to merge with the form is available to the process.

  • The form includes a signature field so that it can be certified.

  • The policy that is used to protect the form has been created, and the name of the policy is available to the process. You use administration console to create the policy.

  • The credential that is used to certify the form and the credential’s alias is available to the process. You use administration console to import credentials into AEM forms.

In the example process described previously, the form (XDP file) is stored in the repository, and the form data is provided as input when the process is invoked. Upon invocation, the form data is saved in a document variable.

Configuration

This section describes how to configure the service operations that the example process diagram includes. The operations in the example process diagram build on the results of previous operations. Therefore, the output data from one operation is used as the input data of the subsequent operation. Specifically, a document variable is used to store the PDF form that is passed between operations. This variable is also configured as output data for the process.

The renderPDFForm operation requires the form and form data as input:

  • An xfaForm variable is configured to reference the XDP file that is stored in the repository. This variable is used as the value of the Form To Render property of the operation.

  • The document variable that stores the initial form data is used as the value of the Form Data property.

The PDF form that the renderPDFForm operation creates is stored in a document variable. This document variable is also used as input for the Apply Policy operation so that the PDF form is policy-protected:

  • The document variable is used as the value of the Input PDF Document property of the operation.

  • The name of the policy that was created using Administration Console is used as the value of the Policy Name property of the operation.

  • The policy set to which the policy belongs is used as the value of the Policy Set Name property of the operation.

The resulting policy-protected PDF form is stored in the same document variable that was used as the operation’s input. The document variable is then used as input for the Certify PDF operation:

  • The document variable is used as the value of the Input PDF Document property of the operation.

  • The alias of the credential that was imported to AEM forms using administration console is used as the value of the Alias property of the operation.

The certified PDF form is stored in the same document variable that was used as the operation’s input. Because the document variable is configured as output data for the process, when the process is complete, the policy-protected and certified PDF form is returned to the user that invoked the process.

Other considerations

The example process described in this Quick Start reused the document variable for saving the results of each operation. This practice minimizes storage space used in the AEM forms database. If your processes need to preserve the results of each operation, save the results in different variables.

This Quick Start did not describe how to create Rights Management policies or import credentials into AEM forms by using Administration Console. For information about how to perform these tasks, see Rights Management administration help and Trust Store Management Help .

// Ethnio survey code removed