Electronic Signature Setup

Basic Administration > Supporting Collaboration > Workflow Administration > Workflow Management > Electronic Signatures > Electronic Signature Setup

If the eSignatures are in an LDAP directory that has already been established for Windchill, there is no additional setup required.

If your authorization environment is configured for single sign-on (SSO) verification, you can configure your site to prompt for user credentials before submitting a signature. For more information, see eSignature Validation for SSO Configurations.

If an LDAP directory is not used with Windchill, you can use the JNDI adapter to validate authentication. For more information, see JNDI Adapter LDAP Entry.

To use a JNDI adapter for electronic signature authentication, the following fields in the JNDI adapter definition must be populated with the distinguished name and password to be used to authenticate requests made to the LDAP directory service:

• Directory System Agent User

• Directory System Agent Credentials

You must identify the directory in the wt.org.electronicIdentity.authenticationService property. From a Windchill shell, execute the following commands:

• To display the current value of the property:

xconfmanager -d wt.org.electronicIdentity.authenticationService

• Specify the existing and new value (append new value to the existing property value). You can specify one or more JNDI adapter Service Names. Use a comma to separate the adapter names. See the xconfmanager guidelines for specifying multiple property and property value combinations:

xconfmanager -s wt.org.electronicIdentity.authenticationService=
<JNDIadapter service name(s)> -t <Windchill>/codebase/
wt.properties -p

Where <Windchill> is the location where Windchill is installed.

• The parameter wt.org.electronicIdentification.class can be set to determine the authentication required. The parameter can be set as follows:

◦ wt.org.electronicIdentity.engines.LDAPPasswordSignatureEngine – this signature engine only requires a password to be supplied. It verifies that the password belongs to the currently logged in user.

◦ wt.org.electronicIdentity.engines.LDAPFDACompliantSignatureEngine – this signature engine requires both a user name and a password field to be entered, in compliance with FDA rule 21 CFR part 11 section 11.2. It verifies that the user name and password belong to the currently logged in user.