Signing session for group signing
Wednesday, December 9, 2020 at 10:42amIn the application we have users and organizations. A user can be a member of an organization. The use cases for signing are as follows:
1) An individual user has a required signature field
2) A user is part of a group that has a required signature field
3) A user has both an individual signature field and is also part of a group that has a signature field on the same package
I am currently using the Java SDK to integrate the OneSpan signing process into my application. I know how to create a signing session for an individual signer, but I can't figure out how to create a signing session for a sender in a group. For example, if the user Jane Stewart is a sender in OneSpan and is a member of a signing group on a package, how can I initiate a signing session in my application for her?
As a follow up on that last question, I would also like to know how I can create a signing session where Jane Stewart could sign fields for both her signing group and also for herself.
Reply to: Signing session for group signing
Wednesday, December 9, 2020 at 12:09pmHi Samira,
For group signing scenario, the only signing URL is in format of:
https://sandbox.esignlive.com/login?destination=https%3A%2F%2Fsandbox.esignlive.com%2Fa%2Ftransaction%2FZeHw5nWRlv8N9X7rIw-IDihslOI%3D%2Fsign
Which means no matter which member under the group accessed the link, they have to first log onto their sender portal and identify themselves, then be redirected to the package signing ceremony and complete signing within the sender portal.
So assuming you've created a package like below:
String groupId = "bc6f0de7-c529-4e84-b96e-e53127c9038d";
DocumentPackage myPackage = PackageBuilder.newPackageNamed("My Package with Group Signers Java Developers")
.withSigner(SignerBuilder.newSignerFromGroup(new GroupId(groupId)))
.withDocument(DocumentBuilder.newDocumentWithName("My Document").fromFile(FILE_PATH)
.withSignature(SignatureBuilder.signatureFor(new GroupId(groupId)).onPage(0).atPosition(370, 680)))
.build();
PackageId packageId = eslClient.createAndSendPackage(myPackage);
System.out.println(packageId);
You can use this code to retrieve the signing URL and kick off the group signing.
Method getSigningUrlMethod = PackageService.class.getDeclaredMethod("getSigningUrl", PackageId.class, com.silanis.esl.api.model.Role.class);
getSigningUrlMethod.setAccessible(true);
String signingUrl = (String)getSigningUrlMethod.invoke(eslClient.getPackageService(), packageId, new com.silanis.esl.api.model.Role().setId(groupId));
System.out.println(signingUrl);
The reason why I have to use reflection and access a private function is because the regular getSigningUrl() method won't be able to find the correct role ID for the group signing.
To note: because the group signing process has to be done within the sender portal, this means you can't embed the process directly into your application and has to open a new tab/windows with the URL instead.
For your next question: what if the signer also be a sender under the group. I'd like to put some facts first then you can decide which path you want to follow:
(1)by accessing the group signing URL, the signer can sign both the group signatures and the individual signatures.
(2)by accessing the individual signing URL, the signer can only sign on behalf of themselves. But you can embed this individual signing ceremony into an iFrame.
Duo
Duo Liang OneSpan Evangelism and Partner Integrations Developer
Reply to: Signing session for group signing
Thursday, December 17, 2020 at 03:22pmDuo,
I originally asked this question to the support team through an email ticket and I would like to follow up on your response. You mention that it is not possible to integrate the group signing session directly into the application because this must be done through the sender portal. Would this change if I were to enable SSO authentication for the signing group?
Reply to: Signing session for group signing
Thursday, December 17, 2020 at 05:16pmHi Andrew,
This is a signing url (group signing + sender SSO) I built for test:
https://sandbox.esignlive.com/sso/saml/login/alias/e-signlive?idp=http://www.okta.com/exk15buf92ZX5fm2g357&RelayState=eyJzc29Mb2dpbkZvclNpZ25pbmciOiJ0cnVlIiwidHJhbnNhY3Rpb25VaWQiOiJGYVdidW5DMFA3ODlCMWdMaFhreTZGMDRvdjA9In0=
However, seems OneSpan Sign doesn't allow this link to be presented in an iFrame:
So I am afraid the answer is you can't embed the signing group in an iFrame even with sender SSO.
Duo
Duo Liang OneSpan Evangelism and Partner Integrations Developer
Reply to: Hi Andrew, This is a…
Friday, December 18, 2020 at 01:11pmDuo,
Thank you for the quick reply. Would it be possible to start a signing session for a user who is part of 2 different groups that both require signatures on a document? Or would I need to initiate 2 different signing sessions in this case?
Reply to: Hi Andrew, This is a…
Monday, December 21, 2020 at 12:34pmHi Duo,
I'm assuming this can't be changed in the OneSpan sandbox account but I was wondering if it would be possible to customize this iFrame option when using a dedicated on-premise solution.
Also, I am having trouble adding a group signer to a package and successfully starting a signing session. If I add the signer when creating the package then everything works fine but if the group signer is added at any point after creating the package (either through the Java SDK or the OneSpan interface) then I am unable to access the signing session and receive the following error:
Caused by: com.silanis.esl.sdk.EslException: Could not get a signing url.
tracker-acs-162_1 | at com.silanis.esl.sdk.service.PackageService.getSigningUrl(PackageService.java:1296)
tracker-acs-162_1 | ... 137 more
tracker-acs-162_1 | Caused by: com.silanis.esl.sdk.internal.RequestException: HTTP GET on URI https://sandbox.esignlive.com/api/packages/JY3ZIHOSqFLaE1qYyipAA65RdnM=/roles/934a3f14-d490-4c76-ad09-c98dd427abe3/signingUrl resulted in response with status code: [500, Internal Server Error]. Optional details: {"messageKey":"error.internal.default","message":"Unexpected error. We apologize for any inconvenience this may have caused you, please try again. If the problem persists, please contact our support team.","code":500,"name":"Unhandled Server Error"}
tracker-acs-162_1 | at com.silanis.esl.sdk.internal.RestClient.execute(RestClient.java:214)
tracker-acs-162_1 | at com.silanis.esl.sdk.internal.RestClient.get(RestClient.java:324)
tracker-acs-162_1 | at com.silanis.esl.sdk.internal.RestClient.get(RestClient.java:316)
tracker-acs-162_1 | at com.silanis.esl.sdk.service.PackageService.getSigningUrl(PackageService.java:1292)
tracker-acs-162_1 | ... 137 more
I would like to know how I should be adding group signers once a package has been created so that it is possible to start a group signing session for that signer.
Thank you,
Andrew Boka
Edit: I actually solved my second issue with the group signers by using the deprecated withRoleId method/option when adding a new signer from a group.
Reply to: Duo, Thank you for the…
Tuesday, December 22, 2020 at 09:28amFor this question "Would it be possible to start a signing session for a user who is part of 2 different groups that both require signatures on a document?"
You only need one signing session to complete signatures belonging to different groups.
Duo
Duo Liang OneSpan Evangelism and Partner Integrations Developer
Reply to: Hi Duo, I'm assuming…
Tuesday, December 22, 2020 at 09:52amHi Andrew,
Because for this link "https://sandbox.esignlive.com/sso/saml/login/alias/e-signlive?idp=http://www.okta.com/exk15buf92ZX5fm2g357&RelayState=eyJzc29Mb2dpbkZvclNpZ25pbmciOiJ0cnVlIiwidHJhbnNhY3Rpb25VaWQiOiJGYVdidW5DMFA3ODlCMWdMaFhreTZGMDRvdjA9In0=", the X-Frame-Options is set to DENY, which forbids the page from being displayed in an iFrame. So even if you are in an on-premise environment and the server domain is a subdomain of your application, it's still won't be possible.
Duo
Duo Liang OneSpan Evangelism and Partner Integrations Developer