We have a request from our customer to allow for digitally signing PDF documents within Appian using the signature stored on the users government issued Common Access Card. From looking at the current list of plugins such as Sign PDF Document none appear to meet the requirement as the signature cannot be stored locally on the server. From our initial analysis it appears our only option will be building our own custom plugin or integrating with a third party application. I was curious if anyone has developed a similar solution and if so what third party applications/API's were chosen for the implementation.
The requirement also includes
Users are currently using their CAC's for authentication when logging in to the application.
Discussion posts and replies are publicly visible
Did you have any success @forrestr644?
About to build the same... if nothing is public.
David L Did you end up building something? If so, I would be interested in talking to you about it. Thank you!
community.appian.com/.../notary-seal-tools Notary Seal Tool will likely do this for you.The CAC and other local client keys are not available through a browser interface without locally installed software and browser add-ins. For security purposes, the browser intentionally and rightfully blocks the certificate private keys from being accessible to the browser content.
However, you can have the Application, with a server side Certificate sign as a Notary (just like a physical notary) on behalf of the end user. So long as the end user is authenticated over SSL with their client cert to the application, the app has proof of authenticity (like you showing your driver's license to a physical notary). Then the App, acting as the Notary, can digitally sign with cryptographic integrity, on behalf of the end user. The Digital Signature is a completely valid digital signature and shows up with green checkboxes inside the PDF and stuff, BUT it is signed by the server side Notary private key on behalf of the SSL authenticated end user.For reference this is how DocuSign (without local installs) works as well.