1

I want to add the CoSign signature solution to my company's custom Oracle forms system using the CoSign api. For extended security and compliance with local legislation I want to use OTP (One Time Passwords).

Desired functionality:

  1. The user logs in to my custom application
  2. A custom form with a list of many pdf (50-100) files opens with a check box next to them
  3. If he wants, the user opens each pdf. Usually he will not but it’s his decision
  4. The user checks all the check boxes next to the list of pdf files and presses the Sign button
  5. A custom pop up asks the user for his CoSign username/password and OTP
  6. Using CoSign api the user is authenticated. At first an api call is made to CoSign regarding username and password. Afterwards another api call is made to the Radius server regarding the OTP.
  7. If authentication is successful all 50-100 pdfs are signed at once without asking the user for username-password-otp again.
  8. If the user wants to sign another set of 50-100 pdfs then it is ok if he is asked for his credentials again.

Is the above possible or must the user provide the application with his credentials 50-100 times in this batch signing custom app?

Is the above flow supported by the CoSign api? Will there be duration problems regarding the otp or session lifetime?

Larry K
  • 47,808
  • 15
  • 87
  • 140
manolisk
  • 11
  • 2

1 Answers1

2

You have 2 options I can think of:

  1. Your OTP tokens are software tokens and have a GetOTP() API that does not prompt for user input.
  2. Get OTP once and sign as many documents you can during the OTP validity time window in parallel (concurrently).

Details

1. Sequential batch process with GetOTP() API

Immediately after you get the OTP from the (software) token, you have to use use the SAPI local SignEx* functions that receive as parameter also the OTP.

You can implement it also with our ARFileSign utility that is called from a batch or power-shell script. Also here the OTP has to be pre-fetched.

2. Concurrent batch process

Perform once (per process)

SAPICrypt SAPI = new SAPICryptClass();
SAPI.Init();

Then for each document spawn a different thread that will perform:

SAPI.HandleAcquire(out SesHandle);
rc = SAPI.Logon(SesHandle, User, Domain, Password);
//create signature field code comes here
SAPI.SignatureFieldSignEx(SesHandle, sf, 0, OTP);

The maximum number of documents that can be signed concurrently should be determined experimentally. Start from 10 and slowly increase the amount until you see that some are not signed. It depends on the strength of your client computer (how many cores, how much memory, link to CoSign server quality etc.) and on the duration of the OTP validity.

After you determine how many you can sign concurrently, just to be on the safe side, you can implement a “fail to be signed collector”: the 1st failure will stop the parallel execution; then the serial “fail to be signed collector” will insert all the documents that were scheduled for signing but are not signed to the next signing round.

Hope it helps,

Aviv Simionovici Sales Engineer and Project Manager, DocuSign

Larry K
  • 47,808
  • 15
  • 87
  • 140
Aviv Simionovici
  • 81
  • 4