Path authorization via x.509 digital certificate


applies to version: 8.2.x; author: Paweł Jawień

The default way of authorizing users performing tasks on Forms in WEBCON BPS is via Active Directory. The system assumes that the user currently logged into the computer is also the one carrying out tasks on the given Step of the Workflow.

There are cases where a company or Workflow might require heightened security measures. One way of adding a second level of authentication is through the use of a digital signature (certificate).

To successfully complete and authorization process with a digital signature, a user may either use a signature/certificate stored on their computer or on a portable device (Smart card, USB flash Drive etc.).  Both qualified and non-qualified (like ones issued by a company’s Public Key Infrastructure) may be used.

Configuring additional authentication with certificate x.509

To give Workflow users additional authorization for a certain Path, in the form of a digital signature, add an Action to the Action list for that specific Path – For the Action kind, select “Authorize user”, found in the “Digital signatures and Certificates” subgroup.


Sample configuration of the „Authorize user” Action

In the example below, the user will have to confirm their identity with a digital signature on the first Step of the Workflow (Document registration).

A Path named „Register with signature” has been created in this Workflow. In the Action tab create a new Action for the “On path” category, name it “Authorize with digital signature”. In the Action kind menu, find the group “Digital signatures and certificates” and select “Authorize user”.


After choosing the action type, click the „Configure” button in the bottom right corner.


Configuring allows you to set the „Certificate issue filter”. This setting limits the usable digital signatures to those issued by approved sources.

The value entered into the „Certificate issue filter” is then checked against the value in the “Issuer” field from the certificate’s (signature’s) properties.


In our example, the certificate’s issuer is „CA-WebCon” (The filter only takes into consideration: CN=CA-WebCon).

If the value in the „Certificate issue filter” field doesn’t match up to the „Issuer” of the certificate, the system will block the Workflow Path and display a relevant error message:



The user registers a Workflow document, they add an attachment and select the Path („Register with Signature”.) to the next Step of the Workflow.


A pop-up window will prompt the user to pick the certificate (digital signature) that will be used to authorize the operation.


After picking the correct certificate, the system allows the Workflow to proceed to the next Step, completing the authorization process.

Warning! Authorization via digital signature requires Internet Explorer 8.0 or higher (due to the WEBCON BPS Client ActiveX component). If the user doesn’t have the aforementioned ActiveX component installed, the system will detect this fact, and redirect them over to the ActiveX installation site.


Leave a Reply

Your email address will not be published. Required fields are marked *