To review electronic signature details:A notification can require that a user's response be signed electronically, either with a password-based signature or with a certificate-based digital signature. Use the Signature Evidence Store to review details about the electronic signatures requested or submitted for notifications that require signatures. For example, you can check the status of a signature request and review details that provide evidence of the signature.
You can also view some signature details in the Notification Response Details page in the Status Monitor. See: Viewing Responses.
You can only review signatures for notifications that have not been purged. To preserve electronic signature evidence for future reference, the Purge Obsolete Workflow Runtime Data concurrent program and the Oracle Workflow purging APIs by default do not delete any notifications that required signatures or their associated signature information. If you anticipate needing access to signature evidence after the associated workflow processes are complete, ensure that you choose to preserve signature data when purging. If you do not need to maintain signature evidence, you can choose to delete signature-related information when purging. See: Purging Workflow Data and Workflow Purge APIs.
To review electronic signature details:Navigate to the Electronic Signature page by selecting Administration in the top level menu for the Oracle Workflow administrator Web pages and then selecting the Signature Evidence Store tab.
Search for the signatures you want to review. The search criteria are:
Notification ID - Enter the numerical notification ID for a specific notification that requires a signature. Note that if you specify a notification ID, all other search criteria are ignored.
Signature Policy - Select the policy that identifies the type of signature and signed text required by a notification, or select Any to display signatures for any policy.
PSIG_ONLY - This policy requires a password-based signature for signed response text that contains only the notification header information and the response values entered by the user.
PSIG_BODY - This policy requires a password-based signature for signed response text that contains the notification header information, the response values entered by the user, and the notification message body.
PKCS7X509_ONLY - This policy requires a certificate-based digital signature for signed response text that contains only the notification header information and the response values entered by the user.
PKCS7X509_BODY - This policy requires a certificate-based digital signature for signed response text that contains the notification header information, the response values entered by the user, and the notification message body.
Requested Signer - Select the user to whom the notification requesting a signature was sent.
Note: If an administrator has configured restrictions for the user list of values, then only the values to which you have access appear in the list. See: Configuring the Oracle Workflow User List of Values.
Status - Select the status of the signatures you want to review, or select Any to display signatures in any status.
Requested - Oracle Workflow has requested a signature from a user by sending a notification that requires a signature.
Signed - The user has submitted a signature with the notification response.
Verified - Oracle Workflow has verified that the signature was well formed, that it was created with a private key corresponding to the offered signing certificate, and that it is signing the plain text that it purports to sign.
Authorized - Oracle Workflow has confirmed that the user who submitted the signature is authorized to sign the notification by checking that the certificate is assigned to a user who is a member of the recipient role for the notification.
Validation Attempted - Oracle Workflow has attempted to confirm that the certificate used to create the signature was valid at the time the signature was received, meaning it had not expired or been revoked. To validate a certificate, Oracle Workflow checks that the certificate does not appear on a certificate revocation list (CRL) issued by the certificate authority after the time the signature was received. If the currently available CRL was issued before the time the signature was received, Oracle Workflow sets the signature status to Validation Attempted and checks the CRL again later.
Validated - Oracle Workflow has successfully validated the signature against a CRL issued by the certificate authority after the time the signature was received.
Request Failed - The request for a signature was not successfully created. An error may have occurred in notification processing.
Signature Failed - The user attempted to submit a signature but did not successfully complete the signature.
Signature Cancelled - The user or an administrator canceled the submitted signature. The notification may have been canceled.
Verification Failed - Oracle Workflow could not verify the signature because the signature was not well formed, it was not created with a private key corresponding to the offered signing certificate, or it did not sign the plain text that it purported to sign.
Authorization Failed - Oracle Workflow could not confirm that the user who submitted the signature was authorized to sign the notification, because the certificate used to create the signature was not assigned to a user who was a member of the recipient role for the notification.
Validation Failed - Oracle Workflow could not confirm that the certificate used to create the signature was valid at the time the signature was received. The certificate may have been expired or revoked.
Error - Oracle Workflow encountered an error in signature processing.
Creation Date - Enter the date when the request for a signature was created.
Signed Date - Enter the date when the user submitted the signature.
Verified Date - Enter the date when Oracle Workflow confirmed that the signature was well formed, that it was created with a private key corresponding to the offered signing certificate, and that it signed the plain text that it purported to sign.
Last Validation Date - Enter the most recent date when Oracle Workflow attempted to check that the certificate used to create the signature was valid at the time the signature was received.
Validated Complete Date - Enter the date when Oracle Workflow successfully validated the signature against a CRL issued by the certificate authority after the time the signature was received.
Note: You must enter at least one of the following criteria when you search in order to limit the size of the results list.
Notification ID
Requested Signer
Creation Date
Signed Date
Verified Date
Review the list of signatures that match your search criteria.
