Quickstart - Deploy Adobe Access DRM License Server (Reference Implementation)

-

the flash access quickstart documentation online bit dated (http://www.adobe.com/support/adobeaccess/pdfs/server/adobeaccess_4_refimpl.pdf ), , speaks setting feature-limited "protected streaming license server".  makes mention of flash access packager manager, has been removed later releases of flash/adobe access.  document serve new version, , walk through deploying feature-rich reference implementation license server, instead.

 

as primer guide, recommended ask adobe representative copy of white paper titled “primetime drm ecosystem”, outlines lifecycle , components of adobe access drm product.

 

*note: flash access drm same adobe access drm same primetime drm.  going forward, refer product “adobe access” only.

 

 

[ purpose ]

end-to-end guide on deploying license server , confirming can issue licenses.

 

[ requirements ]

  • java 1.6 or above (download oracle)
  • latest adobe access drm dvd adobe sales representative
  • tomcat 6 or above (included on adobe access drm dvd)

 

[ overview ]

  1. acquire certificates adobe
  2. scramble password(s) certificates
  3. configure properties
  4. configure crossdomain.xml
  5. deploy war & launch server
  6. confirm server running & diagnose issues

 

[ details ]

1. acquire certificates adobe
adobe access drm relies on rsa certificates chain of trust.  of cryptography based on our pki hierarchy.  content , license server function in our pki ecosystem, have issued own certificate(s) rooted off of adobe’s certificate authority.  that, please follow instructions outlined in adobe access certificate enrollment guide: adobe access certificate enrollment guide
once complete, have collection of pfx/pem/der certificate files , associated password(s).  if requested trial or demo certificate, may have been issued single “super-certificate” play role of 3 key pairs.  if requested production certificates, receive different key pairs each component of adobe access ecosystem.  because different key pairs have different levels of associated security.  purposes of quick start, assume have trial or demo account adobe - single key pair issued you.

2. scramble password(s) certificates
the reference implementation license server assumes private key stored on disk, , password protected.  obviously, not secure, , recommended server’s private key (which acquired adobe in previous step) stored in secured manner, on hsm.  however, quick start assumes attempting put proof-of-concept, liberties allowed.
in order reference implementation read private key disk, must read password configuration file called flashaccess-refimpl.properties.  bad practice store password text file in clear text, password scrambled before saving file.  reference implementation know how unscramble password before consuming it.
to scramble password:

  1. open command prompt , navigate <dvd>\reference implementation\server\reference implementation server\refimpl\scrambler\
  2. run command: java -classpath ..\..\..\..\..\sdk\adobe-flashaccess-sdk.jar;. com.adobe.flashaccess.refimpl.util.scrambleutil <your pfx private key password>

 

save output of above command use while configuring license server.

 

 

3. configure properties

 

the reference implementation reads configuration options , associated data “resources” directory.  the dvd includes sample of @ <dvd>\reference implementation\server\reference implementation server\resources\.  within directory server’s configuration file: flashaccess-refimpl.properties.  must updated prior launching server.

 

1. config.resourcesdirectory = resources directory located.

2. handlerconfiguration.servertransportcredential = super-cert pfx

3. handlerconfiguration.servertransportcredential.password = scrambled password

4. licensehandler.servercredential = super-cert pfx

5. licensehandler.servercredential.password = scrambled password

6. metadataconverter.signatureparameters.servercredential = super-cert pfx

7. metadataconverter.signatureparameters.servercredential.password = scrambled password

8. v2keyparameters.licenseserverurl = http://localhost:8080

9. v2keyparameters.keyoptions.asymmetrickeyoptions.certificate = super-cert pem

10. v2keyparameters.licenseservertransportcertificate = super-cert pem

 

once above have been updated, copy entire \resources directory desired location , note it.  you’ll have update catalina.properties file in tomcat’s conf directory order let tomcat know directory is.  example:

 

shared.loader=../resources

 

finally, make easier diagnose issues, helpful increase logging level debug.  can opening \resources\log4j.xml , changing debug=“false” debug=“true”.  in addition, adobe access log file , location determined in file.  default configured “adobeflashaccess.log” no directory specified.  means log file written working directory of tomcat launched (e.g. <tomcat>\bin\).  if not ideal recommended updated other logs go (e.g. set value adobeflashaccess.log ../logs/adobeflashaccess.log).

 

 

4. configure crossdomain.xml (flash player only)

 

to allow service communicate off-host resources, idea have open crossdomain.xml file @ root of license server.  please copy http://access.adobeprimetime.com/crossdomain.xml root of tomcat server (<tomcat>\webapps\root\).

 

 

5. deploy war , launch server

 

copy pre-built adobe access reference implementation license server tomcat \webapps directory.  pre-built war can found at: <dvd>\reference implementation\server\reference implementation server\ , should copied <tomcat>\webapps\

 

launch tomcat command prompt:

1. navigate <tomcat>\bin\

2. run command: startup.bat

 

 

6. confirm server running & diagnose issues

 

if there issues, first place server logs.  if server set per instructions above, logs should output <tomcat>\logs\.   perform self-check on license server, open browser , go following url: http://localhost:8080/flashaccess/license/v4

 

 

congratulations.  have completed setup of adobe access drm license server.  next step process package content protected , requires acquiring license license in order play content.

 

 

[ references ]

online comprehensive guide on reference implementations come adobe access: http://help.adobe.com/en_us/primetime/drm/5.3/reference_implementations/index.html#concept -adobe_primetime_drm_reference_implementations

 

troubleshooting: http://help.adobe.com/en_us/primetime/drm/5.3/reference_implementations/index.html#concept -troubleshooting



More discussions in Adobe Access DRM / Primetime DRM


adobe

Comments

Post a Comment

Popular posts from this blog

Reader DC

-
my adobe reader dc export subscription not ocr on large file when export word. works fine on small files, , used work wellon files of sizes.   any idea issue is? hi sherry, we sorry inconvenience caused you. can please provide following details: 1. adobe reader version using. 2. if possible, share file on trying run ocr , language of it   just mention, export pdf allows conversion of files upto 100 mb   regards, poorvi More discussions in Acrobat Reader adobe
Read more

AdobeIDの作り方

-
よろしくお願いいたします。 わたしはとある職場でadobeccの管理者をしています。 先日、職場の人に adobecc のアプリを使ってもらうことになりました。 まず最初に、わたしがこの人に成り代わり、この人のメアドでadobe idを作りました。 わたしとしては、数年前の経験から、その確認メールが本人のメアド宛に届くはずだと思っていたのですが、本人からは、adobeからの確認メールは届いていないとのこと。 不思議に思いつつ、、試しにこの人のメアドでadobeidのサイトにアクセスを試みたら、ちゃんと入ることができました。 そこで、伺いたいことがございます。   1. 今は、adobeid作成の確認メールは発信していないのでしょうか? 2.もしかしたら、この人のadobeidは既にできあがっているのでしょうか? アドビジャパンフォーラムをご利用いただきありがとうございます。   ご質問の回答ですが、 1につきましては通常はadobeid作成時に弊社より 「creative cloud:電子メールアドレスをご確認ください」と言うメールが送られ ご登録のメールアドレスがお客様のものか確認をさせて頂いております。 ですので、メールが届かなかったと言う事は既にadobeidが存在していた可能性もございます。 ※お客様のメールのセキュリティ等の設定によっては届いていない可能性がございます。   adobeid作成状況の詳細についての確認につきましては 弊社chatサポート迄お問い合わせをお願い致します。   アドビチャットサポート サポート総合案内 (Japan) でのその他のディスカッション adobe
Read more

Adobe InDesign CC 2017 has stopped working

-
Image
after installing indesign cc 2017 first time, when try launch application error "adobe indesign cc 2017 has stopped working" i have tried following: uninstalling , reinstalling indesign deleting files c:\users\<user>\appdata\roaming\adobe\indesign , c:\users\<user>\appdata\local\adobe\indesign i've uninstalled (i think) fonts had downloaded , installed restarted computer many times signed out of creative cloud , signed in   i able install , run on different computer i'm assuming there sort of conflict or missing component on computer.   computer details: processor intel core i7-4770k ram 16 gb os windows 10 pro ver. 1607 build: 14393.447 video card nvidia geforce gtx 970     this error windows event logs: faulting application name: indesign.exe, version: 12.0.0.81, time stamp: 0x57f545c7 faulting module name: appframework.rpln, version: 12.0.0.81, time stamp: 0x57f547eb exception code: 0xc0000005 fault offset: 0x000000000009fa88 faulting process id: 0xcac...
Read more