cindy | Posts: 380

Missing signature required 2nd signer to sign

0 votes

Hi ,

I have a package (see attachment for the package details), there are 2 signers required to sign the package (1st signer required to sign form 6249 and form Healthcheck, 2nd signer required to sign form 6249). From signers, they have same email, and use SSO as authentication method. 

for 1st signer signing: which is good

Actual result: when 1st signer launched signing ceremony, it prompted to sign form 6249 and form Healthcheck

Expected result: when 1st signer launched signing ceremony, it prompted to sign form 6249 and form Healthcheck

for 2nd signer signing: which is not expected

Actual result: when 2nd signer launched signing ceremony, no signature required to sign

Expected result:  when 2nd signer launched signing ceremony, it prompted to sign form 6249 

could you please review the scenario and to see if 2nd signer behavior is correct or not?

thanks, 

Cindy


Duo_Liang | Posts: 3776

Reply to: Missing signature required 2nd signer to sign

0 votes

Hi Cindy,

 

Thanks for your post! Because it's Signer SSO + signers sharing the same email, it will take some time to set up a similar environment. Just a quick question that in your Active Directory, the recipients are having the same email and names as configured in the package (signer1 [email protected], Joan1 River1; signer2 [email protected], Joan2 River2), right?

 

Duo


cindy | Posts: 380

Reply to: Missing signature required 2nd signer to sign

0 votes

This is only have in the remote eSig scenario, when the signer launch signing ceremony from email. 


Duo_Liang | Posts: 3776

Reply to: Missing signature required 2nd signer to sign

0 votes

Hi Cindy,

 

Do you by any chance have the package ID of this transaction? Want to check if signer1 has signed all the signatures, including the ones assigned for signer2.

 

Duo


cindy | Posts: 380

Reply to: Missing signature required 2nd signer to sign

0 votes

Hi Duo, 

No, in AD, only 1 person setup, but the package is allow to use the same email for different signer, so we'd like to test it. 


Duo_Liang | Posts: 3776

Reply to: Missing signature required 2nd signer to sign

0 votes

Hi Cindy,

 

I see, that might be the case of issue. When signer logged in via SSO, the IDP will send first/last name and email to OneSpan Sign, which will be checked against the package JSON signer list to identify which signer is currently signing. Although the email can be shared across signers, but the name + email combination will still be the unique identification.

 

Duo


cindy | Posts: 380

Reply to: Missing signature required 2nd signer to sign

0 votes

Hi Duo,

from the package signer list, signer1 and signer2 firstname and last name are all fake, only email address is correct and registered in our AD, in this case, how to identify? 


Duo_Liang | Posts: 3776

Reply to: Missing signature required 2nd signer to sign

0 votes

Hi Cindy,

 

From my understanding, I think it's a general rule that the name and email should be the same in both AD and package JSON. Mismatch information could result in errors during SAML authentication.

 

Duo


cindy | Posts: 380

Reply to: Missing signature required 2nd signer to sign

0 votes

but in my case, the name is fake, and email is correct. the signer is able to launch the signing ceremony via email though. any idea?


cindy | Posts: 380

Reply to: Missing signature required 2nd signer to sign

0 votes

Hi Duo, 

I found another scenario, it seems very odd. 

1) I created a package in my account ([email protected]), the package has 2 signers, both email is '[email protected]' which is the sender UI account in OSS, and I get 'error.validation.userAddition.duplicateEmailUsage' error, which is expected as

https://community.onespan.com/documentation/onespan-sign/guides/admin-guides/user/account-level-features

2) I created a package in my account ([email protected]), the package has 2 signers, both email is my account '[email protected]' , in this case, the package is successful created and sent, the only unexpected is there supposed to have 2 signers, now it became 1 signer. 

any idea for 2nd scenario? 

thanks,

Cindy


Duo_Liang | Posts: 3776

Reply to: Missing signature required 2nd signer to sign

0 votes

Hi Cindy,

 

I can reproduce the same that with the second scenario, instead of returning an error, the package was created unexpectedly. 

From my test, I believe this occurs when the duplicated email refers to the transaction sender (specifying sender with account owner's API Key also triggers this issue). I think it's more of an inconsistence that in this scenario, the API should also return the error like the first scenario does. If you preferred, we can report this to support and R&D team.

As a temporary workaround, you can add an additional check in your local that if the sender's email appears in multiple times, throw the duplicateEmailUsage error.

 

Duo


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off