7 Replies Latest reply on Jul 11, 2013 12:46 AM by vansid

    Timestamp server authentication issues

    vansid

      I'm using Adobe Reader XI and when using http timeStamp server that requires basic authentication is always tried without the needed BasicAuth field set.

       

      That's the request adobe send

       

      POST /cdie/HttpService HTTP/1.1

      accept: */*

      content-type: application/timestamp-query

      content-length: 69

      character-encoding: binary

      user-agent: PPKHandler

      connection: Keep-Alive

      cache-control: no-cache

       

      The reply is a simply HTTP/1.1 401 Unauthorized because the request hasn't the authentication field.

       

      I've tried using Windows and Macintosh

       

      Why didn't send the basic authentication?

        • 1. Re: Timestamp server authentication issues
          Test Screen Name Most Valuable Participant

          I'm not sure why you expect that it should?

          • 2. Re: Timestamp server authentication issues
            vansid Level 1

            Usually when Http is authenticated, http header authorization is present. But in this case, no athoritzation header is sent.

             

            I hope so be more clear this way.

             

            If Adobe didn't send the authentication header... how can i authenticate this user? Why is asking if this server should be authenticated if didnt send the authentication?

            • 3. Re: Timestamp server authentication issues
              Test Screen Name Most Valuable Participant

              But I've never seen Adobe Reader engage in authentication, I have no reason to suppose it can.

               

              You say "...when Http is authenticated... header authorization is present..."

              This is true, but what process do you see as having authenticated?

              • 4. Re: Timestamp server authentication issues
                vansid Level 1

                Well. That's correct, I just suppose that adobe send http authentication.

                 

                Can you explain me how Adobe send authentication to server? Sure if I understand how it works I can solve that.

                 

                Thank you

                • 5. Re: Timestamp server authentication issues
                  Test Screen Name Most Valuable Participant

                  I don't think it ever does. It isn't a browser.

                   

                  Browsers have the idea of

                  - contact server

                  - receive response saying authentication needed

                  - prompt and save response

                  - respond with response each time there is an authentication needed

                   

                  But that's not part of Adobe Reader's behaviour.

                   

                  I feel I should say, though I'm sure there are good reasons... why would a timestamp server need authentication? There is little that is private about the time.

                  • 6. Re: Timestamp server authentication issues
                    IsakTen Level 4

                    What exactly are you trying to do? Are you signing a PDF with a certificate-based digital signature? You cannot sign in Adobe Reader unless your PDF is Reader-extended with permissions to sign.

                    If your PDF is Reader-extended or you're signing with Acrobat Pro, and you want your signature to be timestamped you need to set up the timestamp server in Acrobat/Reader. If your timestamp server requires authentication, you need to provide authentication information in the Acrobat's timestamp server setup. Some signing credentials (Digital IDs) have timestamp server information embedded in the certificate. In this case Acrobat will use this timestamp server to timestamp the signature and you do not need to set up this timestamp in Acrobat's timestamp servers list unless this timestamp server requires authentication. If it requires authentication, you need to set it up in Acrobat/Reader providing authentication info.

                    You should never access timestamp server if you just open a signed PDF.

                    • 7. Re: Timestamp server authentication issues
                      vansid Level 1

                      Well I'm just trying add timestamp mark on my signature (certificate-based). The timestamp server I'm working requires authentication. I set up adobe providing server and authentication info.

                       

                      When I sign (with my certificate) adobe send a non-authenticated POST to the server , which requires authentication, with the timestamp-query (well formed).

                       

                      I'm trying to understand the flowchart from Adobe:

                      - First try a non-authenticated query? Why?

                      - If fails because the server sends a 401 error, why don't send the another authenticated?

                       

                      Sorry if my first posts wasn't clear enough.