I'm not sure why you expect that it should?
Usually when Http is authenticated, http header authorization is present. But in this case, no athoritzation header is sent.
I hope so be more clear this way.
If Adobe didn't send the authentication header... how can i authenticate this user? Why is asking if this server should be authenticated if didnt send the authentication?
But I've never seen Adobe Reader engage in authentication, I have no reason to suppose it can.
You say "...when Http is authenticated... header authorization is present..."
This is true, but what process do you see as having authenticated?
Well. That's correct, I just suppose that adobe send http authentication.
Can you explain me how Adobe send authentication to server? Sure if I understand how it works I can solve that.
I don't think it ever does. It isn't a browser.
Browsers have the idea of
- contact server
- receive response saying authentication needed
- prompt and save response
- respond with response each time there is an authentication needed
But that's not part of Adobe Reader's behaviour.
I feel I should say, though I'm sure there are good reasons... why would a timestamp server need authentication? There is little that is private about the time.
What exactly are you trying to do? Are you signing a PDF with a certificate-based digital signature? You cannot sign in Adobe Reader unless your PDF is Reader-extended with permissions to sign.
If your PDF is Reader-extended or you're signing with Acrobat Pro, and you want your signature to be timestamped you need to set up the timestamp server in Acrobat/Reader. If your timestamp server requires authentication, you need to provide authentication information in the Acrobat's timestamp server setup. Some signing credentials (Digital IDs) have timestamp server information embedded in the certificate. In this case Acrobat will use this timestamp server to timestamp the signature and you do not need to set up this timestamp in Acrobat's timestamp servers list unless this timestamp server requires authentication. If it requires authentication, you need to set it up in Acrobat/Reader providing authentication info.
You should never access timestamp server if you just open a signed PDF.
Well I'm just trying add timestamp mark on my signature (certificate-based). The timestamp server I'm working requires authentication. I set up adobe providing server and authentication info.
When I sign (with my certificate) adobe send a non-authenticated POST to the server , which requires authentication, with the timestamp-query (well formed).
I'm trying to understand the flowchart from Adobe:
- First try a non-authenticated query? Why?
- If fails because the server sends a 401 error, why don't send the another authenticated?
Sorry if my first posts wasn't clear enough.