Electronic Signature Setup
If the eSignatures are in an LDAP directory that has already been established for Windchill, there is no additional setup required.
If your authorization environment is configured for single sign-on (SSO) verification, you can configure your site to prompt for user credentials before submitting a signature.
If an LDAP directory is not used with Windchill, you can use the JNDI adapter to validate authentication.
 |
To use a JNDI adapter for electronic signature authentication, the following fields in the JNDI adapter definition must be populated with the distinguished name and password to be used to authenticate requests made to the LDAP directory service:
• Directory System Agent User
• Directory System Agent Credentials
|
You must identify the directory in the wt.org.electronicIdentity.authenticationService property.
• Set the following property in the <customizationRootDirectory>/configurations/xconf/custom.site.xconf file to specify the existing and new value (append new value to the existing property value). You can specify one or more JNDI adapter service names. Use a comma to separate the adapter names. An example is shown below:
<Property name="wt.org.electronicIdentity.authenticationService" value="<JNDIadapter service name(s)>" targetFile="codebase/wt.properties"/>
• The parameter wt.org.electronicIdentification.class can be set to determine the authentication required. The parameter can be set as follows:
◦ wt.org.electronicIdentity.engines.LDAPPasswordSignatureEngine – this signature engine only requires a password to be supplied. It verifies that the password belongs to the currently logged in user.
◦ wt.org.electronicIdentity.engines.LDAPFDACompliantSignatureEngine – this signature engine requires both a user name and a password field to be entered, in compliance with FDA rule 21 CFR part 11 section 11.2. It verifies that the user name and password belong to the currently logged in user.