I'm developing a web application for real estate agents and their clients to easily handle offer management for real estate transactions. Using docusign's API, I'm hoping to allow my users to use embedded signing features to sign and submit documents regarding offers of their transaction.
The major issue/problem we want to solve is allowing local access to the docusign documents natively within our web application. Meaning, if a user submits a document on our platform, and requests multiple parties to sign the given document, we would like to keep a live copy within our application as it gets signed by multiple parties.
Currently, most implementations of the API simply send over the original document to docusign, and use their backend to update and notify parties when signatures have been requested or completed; meanwhile the original document submitted by the user to the platform, remains in it's original condition without any updates or changes; which can be confusing for users of the platform to keep track of the document status.
Any help in regards to solving this issue would be greatly appreciated. Is this possible? if so what tools and services are required to achieve this.
Meaning, if a user submits a document on our platform, and requests
multiple parties to sign the given document, we would like to keep a
live copy within our application as it gets signed by multiple
parties.
I have a couple suggestions. Let me know if either is what you're looking for:
First, you can call GET /envelopes/{envelopeId}/documents/{doucmentId} to retrieve docs from an envelope. Here's a link to more info on this endpoint.
Now, it also sounds like you may want to provide your realtor users with envelope status in real-time. There are a couple of ways to accomplish this, but one is greatly preferred.
Technically you CAN retrieve information about your envelopes by calling GET /envelopes?include=recipients,tabs. On your front end, this enables you to dynamically update components, such as a color-coded status column indicating to users where their agreements are in the pipeline. Downside here is that there are polling restrictions, which limit you to one such call every 15 minutes.
The preferred method is to use the Connect webhook notification service. When you create a connect configuration in your account, you can proactively receive information about your envelopes moments after events occur. (We'll ping you.) Then you can update front end components to keep your agents in the know.
Here's a sample connect notification:
<?xml version="1.0" encoding="utf-8"?>
<DocuSignEnvelopeInformation xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.docusign.net/API/3.0">
<EnvelopeStatus>
<RecipientStatuses>
<RecipientStatus>
<Type>Signer</Type>
<Email>user.email#address.com</Email>
<UserName>User Name</UserName>
<RoutingOrder>1</RoutingOrder>
<Sent>2010-06-26T09:19:18.883</Sent>
<Delivered>2010-06-26T09:19:40.723</Delivered>
<DeclineReason xsi:nil="true" />
<Status>Delivered</Status>
<RecipientIPAddress>::1</RecipientIPAddress>
<CustomFields />
<TabStatuses>
<TabStatus>
<TabType>Custom</TabType>
<Status>Active</Status>
<XPosition>364</XPosition>
<YPosition>52</YPosition>
<TabLabel>Radio</TabLabel>
<TabName>Two</TabName>
<TabValue />
<DocumentID>1</DocumentID>
<PageNumber>2</PageNumber>
<OriginalValue />
<ValidationPattern />
<RoleName>TestRole</RoleName>
</TabStatus>
</TabStatuses>
<AccountStatus>Active</AccountStatus>
<RecipientId>fb89d2ee-2876-4290-b530-ff1833d5d0d2</RecipientId>
</RecipientStatus>
</RecipientStatuses>
<TimeGenerated>2010-06-26T09:19:45.771206-07:00</TimeGenerated>
<EnvelopeID>0aa561b8-b4d9-47e0-a615-2367971f876b</EnvelopeID>
<Subject>CreateEnvelopeFromTemplates Test</Subject>
<UserName>User Name</UserName>
<Email> user.email#address.com </Email>
<Status>Delivered</Status>
<Created>2010-06-26T09:16:21.27</Created>
<Sent>2010-06-26T09:19:19.01</Sent>
<Delivered>2010-06-26T09:19:40.747</Delivered>
<ACStatus>Original</ACStatus>
<ACStatusDate>2010-06-26T09:16:21.27</ACStatusDate>
<ACHolder>ACHolder Name</ACHolder>
<ACHolderEmail> ACHolder.email#address.com </ACHolderEmail>
<ACHolderLocation>ACHolder Location</ACHolderLocation>
<SigningLocation>Online</SigningLocation>
<SenderIPAddress>::1 </SenderIPAddress>
<EnvelopePDFHash />
<CustomFields>
<CustomField>
<Name>Envelope Field 1</Name>
<Show>False</Show>
<Required>False</Required>
<Value />
</CustomField>
<CustomField>
<Name>Envelope Field 2</Name>
<Show>False</Show>
<Required>False</Required>
<Value />
</CustomField>
</CustomFields>
<AutoNavigation>true</AutoNavigation>
<EnvelopeIdStamping>true</EnvelopeIdStamping>
<AuthoritativeCopy>false</AuthoritativeCopy>
<DocumentStatuses>
<DocumentStatus>
<ID>1</ID>
<Name>Document_Name</Name>
<TemplateName>radio parents</TemplateName>
<Sequence>1</Sequence>
</DocumentStatus>
</DocumentStatuses>
</EnvelopeStatus>
<DocumentPDFs>
<DocumentPDF>
<Name>DocumentPDF_Name</Name>
<PDFBytes>PDFBytes_Information</PDFBytes>
</DocumentPDF>
</DocumentPDFs>
</DocuSignEnvelopeInformation>
Related
Our software has been integrated with DocuSign since 2007. We've never included the notification element and the company's using the integration have always been able to use the DocuSign Admin to control those Settings. For some reason it is no longer working. I'm using the Demo environment for my testing. Has there been a change at DocuSign?
Here is an example CreateAndSendEnvelope request.
<?xml version="1.0" encoding="Windows-1252"?>
<Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<AccountId xmlns="http://www.docusign.net/API/3.0">7ee2da0d-256c-4f73-8e7d-cd1bf921b2c1</AccountId>
<Documents xmlns="http://www.docusign.net/API/3.0">
<Document>
<ID>1067</ID>
<Name>Test DocuSign Lead</Name>
<PDFBytes>JVBERi0xLjMNCjEgMCBvYmoNClsvUERGIC9UZXh0IC9JbWFnZUIgL0ltYWdlQyAvSW1hZ2VJXQ0KZW5kb2JqDQo1IDAgb2JqDQo8PCAvTGVuZ3RoIDY0NyAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PiBzdHJlYW0NCnicrZZNb5tAEIbvkfwf5tj2sGE/BnZzqRS7bVJVVVMj9WDlQPDWcW0gxU6j/PvOLrZLDFixqZBWfOy8z7yzy8Dg7DdEggU0gAo1nYTKjaWFH5AP6KmW7qZBGjEIaOSq9vwyhvOPEgwzxkD8EwJ/lDNQKFjENcRfvAIPSYNmcQHxFN58W9pkZWE1n+XwXDyWkBb5ukzSNdzZZfHE3kL8C+J38CEenN24LIzLUSGlpoCH0SlpOAlKQ4WCmdBn8TnJLQyXSblo8KTEGlDjKUCv8ZIIHcZU8Epj3B/txpTaYiZjKuyVLe1t05hSvYFeY484LJKHB4dtIiuLXP4HizzaAUfJutteL9jOXo3m7R1CSh2yQJq+TGmCl8yvSdbC9CWVGLwWeeB9kLhbxFGRPmY2X8PVfLUuyme4Hl1AZFA3+FVTQOO4p9G3TSGU+02BErBl1RXuknwBOVXgopGB0PyYFNpq7iX2cphcErK95t4zCt6n5hvXKHBb86viCbLH9B6mhfMMWbKw7zvcHgE/5LdGn1znaZFZ3uE2lP7T0GuBZbi/wFN7N19D9txcVB55KhcMBSA1UKb0URa9wB51UsccJUJ1irASGZ4sQoVDU4k0q1wZxghdu+pjGOnjqqKehlFrJjdVG58sQtuFY6dhLXruK6+wt8TDe5su5vmsA4dGuQ3Vj1ev8Dj5Q7RVR1t2iL5/KZLrg1255SskmaC4QFYtItIsoi1FOZsNf3PhkNVZPURBmsH5daZgVAAJVql9/wSu7zzB5JauphQhmNS0T0P3hhrIqJcIxsW/O0sYHwpG7meGqCh2e4P4jciAYQu2mlmjtoW+gLqZQY25ua7F+eod+gW++QuC+HBbDQplbmRzdHJlYW0NCmVuZG9iag0KMiAwIG9iag0KPDwgL1R5cGUgL1BhZ2UgL1BhcmVudCA2IDAgUiAvTWVkaWFCb3ggWzAgMCA2MTIuMCA3OTIuMF0gL0NvbnRlbnRzIDUgMCBSIC9SZXNvdXJjZXMgPDwgL1Byb2NTZXQgMSAwIFIgL1hPYmplY3QgPDwgL0ltNCA0IDAgUiA+PiAvRm9udCA8PCAvRjMgMyAwIFIgPj4gPj4gPj4NCmVuZG9iag0KNCAwIG9iag0KPDwgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9Db2xvclNwYWNlIC9EZXZpY2VSR0IgL0JpdHNQZXJDb21wb25lbnQgOCAvRmlsdGVyIC9GbGF0ZURlY29kZSAvTWFzayBbMCAwIDAgMCAwIDBdIC9XaWR0aCAxIC9IZWlnaHQgMSAvTGVuZ3RoIDExID4+DQpzdHJlYW0NCnicY2BgAAAAAwABDQplbmRzdHJlYW0NCmVuZG9iag0KOCAwIG9iag0KPDwgL0xlbmd0aCAxNDkgL0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4gc3RyZWFtDQp4nH2OwQrCMBBE74X+wxxVMCbttk2ugp48WFjwXGtalNJgWhH/3qQnT7LDY9kZhk2TJ6pMyABQqcNSUqS3uGBMg7vNdRHPJrKQMlDRT2LP2B1zGGGMAXeQy/geVGSiUhp8ih0kjKbQEnIqA9+wOg+2mSymez/i414erRtn37QzrnZwb7EGP8AbHDhN6kX/X62/AxwvCQ0KZW5kc3RyZWFtDQplbmRvYmoNCjcgMCBvYmoNCjw8IC9UeXBlIC9QYWdlIC9QYXJlbnQgNiAwIFIgL01lZGlhQm94IFswIDAgNjEyLjAgNzkyLjBdIC9Db250ZW50cyA4IDAgUiAvUmVzb3VyY2VzIDw8IC9Qcm9jU2V0IDEgMCBSIC9YT2JqZWN0IDw8ID4+IC9Gb250IDw8IC9GMyAzIDAgUiA+PiA+PiA+Pg0KZW5kb2JqDQozIDAgb2JqDQo8PCAvVHlwZSAvRm9udCAvU3VidHlwZSAvVHlwZTEgL0Jhc2VGb250IC9IZWx2ZXRpY2EgL0VuY29kaW5nIC9XaW5BbnNpRW5jb2RpbmcgPj4NCmVuZG9iag0KNiAwIG9iag0KPDwgL1R5cGUgL1BhZ2VzIC9LaWRzIFsgMiAwIFIgNyAwIFIgXSAvQ291bnQgMiA+Pg0KZW5kb2JqDQo5IDAgb2JqDQo8PCAvVHlwZSAvQ2F0YWxvZyAvUGFnZXMgNiAwIFIgPj4NCmVuZG9iag0KMTAgMCBvYmoNCjw8IC9UaXRsZSA8ZmVmZjAwNTQwMDY1MDA3MzAwNzQwMDQ0MDA2ZjAwNjMwMDc1MDA1MzAwNjkwMDY3MDA2ZT4NCi9BdXRob3IgPD4NCi9TdWJqZWN0IDw+DQovQ3JlYXRvciAoTWljcm9zb2Z0IFJlcG9ydGluZyBTZXJ2aWNlcyAxMi4wLjAuMCkNCi9Qcm9kdWNlciAoTWljcm9zb2Z0IFJlcG9ydGluZyBTZXJ2aWNlcyBQREYgUmVuZGVyaW5nIEV4dGVuc2lvbiAxMi4wLjAuMCkNCi9DcmVhdGlvbkRhdGUgKEQ6MjAxOTA0MjUxODU4MTktMDQnMDAnKQ0KPj4NCmVuZG9iag0KeHJlZg0KMCAxMQ0KMDAwMDAwMDAwMCA2NTUzNSBmDQowMDAwMDAwMDEwIDAwMDAwIG4NCjAwMDAwMDA3ODkgMDAwMDAgbg0KMDAwMDAwMTU1MyAwMDAwMCBuDQowMDAwMDAwOTYzIDAwMDAwIG4NCjAwMDAwMDAwNjUgMDAwMDAgbg0KMDAwMDAwMTY1MyAwMDAwMCBuDQowMDAwMDAxMzkwIDAwMDAwIG4NCjAwMDAwMDExNjQgMDAwMDAgbg0KMDAwMDAwMTcyMSAwMDAwMCBuDQowMDAwMDAxNzczIDAwMDAwIG4NCnRyYWlsZXIgPDwgL1NpemUgMTEgL1Jvb3QgOSAwIFIgL0luZm8gMTAgMCBSID4+DQpzdGFydHhyZWYNCjIwNTINCiUlRU9G</PDFBytes>
</Document>
</Documents>
<Recipients xmlns="http://www.docusign.net/API/3.0">
<Recipient>
<ID>97461</ID>
<UserName>Jane Clark</UserName>
<Email>smcmillan#gmail.com</Email>
<Type>Signer</Type>
<AccessCode>6541</AccessCode>
<RoutingOrder>1</RoutingOrder>
</Recipient>
</Recipients>
<Tabs xmlns="http://www.docusign.net/API/3.0">
<Tab>
<DocumentID>1067</DocumentID>
<RecipientID>97461</RecipientID>
<AnchorTabItem>
<AnchorTabString>[SignHere]</AnchorTabString>
</AnchorTabItem>
<Type>SignHere</Type>
</Tab>
<Tab>
<DocumentID>1067</DocumentID>
<RecipientID>97461</RecipientID>
<AnchorTabItem>
<AnchorTabString>[Date]</AnchorTabString>
</AnchorTabItem>
<Type>DateSigned</Type>
</Tab>
<Tab>
<DocumentID>1067</DocumentID>
<RecipientID>97461</RecipientID>
<AnchorTabItem>
<AnchorTabString>[BankName]</AnchorTabString>
</AnchorTabItem>
<Type>Custom</Type>
<Name>Custom Bank Name</Name>
<TabLabel>Custom Bank Label</TabLabel>
<CustomTabType>Text</CustomTabType>
<CustomTabWidth>200</CustomTabWidth>
<CustomTabHeight>25</CustomTabHeight>
</Tab>
</Tabs>
<Subject xmlns="http://www.docusign.net/API/3.0">CreditSoft - DocuSign</Subject>
<EmailBlurb xmlns="http://www.docusign.net/API/3.0">Please click link to sign the document</EmailBlurb>
Did the account settings get changed? There is a default set at the account level.
In your testing, do you get the notifications?
The setting is via the Admin Tool: Signing and Sending / Reminders and Expiration In my demo account, it appears that the default for reminders and expiring warnings is off.
Admin tool screenshot:
Update from DocuSign that a bit over a year ago they made Notification.UseAccountDefaults required. In testing I also had to set Notification.UseAccountDefaultsSpecified to be true as well. Once that was complete my envelopes showed the correction expiration and reminder Settings in the Demo account.
Dim Notification As Notification = New Notification
Notification.UseAccountDefaults = True
Notification.UseAccountDefaultsSpecified = True
envelope.Notification = Notification
I have the code written which is using envelopes to request a signature from the client like in this tutorial:
https://www.docusign.com/developer-center/recipes/request-a-signature-via-email-using-a-template
My question is, how can I define a web hook URL which can be used to update the envelope's status? I would like to be notified and to be able to update the envelope status in my database once the client signs the documents. Is this possible?
Does EnvelopeDefinition class expose some property which allows me to define the web hook's url?
Updated
We now have new series of recommended WebHook code examples which use serverless functions and cloud-based reliable queuing services. These example enable you to receive and process the DocuSign webhook notifications inside your firewall with no changes to your filewall.
Examples are available now for Node. Examples for C#, Java, PHP, and Python are being written.
AWS listener and worker Node.js examples
Azure listener and worker Node.js examples
Google Cloud listener and worker Node.js examples
The format of the webhook XML messages is documented.
Note The Connect guide (March, 2016 date on page 2) is old, and is incorrect in many cases. A new guide is in production. This guide is useful for the XML format information.
WSDL file, including the notification messages format is available.
To see the XML messages that are returned, here's a sample notification for a completed envelope:
<?xml version="1.0" encoding="utf-8"?>
<DocuSignEnvelopeInformation xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.docusign.net/API/3.0">
<EnvelopeStatus>
<RecipientStatuses>
<RecipientStatus>
<Type>Signer</Type>
<Email>signer_email#example.com</Email>
<UserName>Signer's name</UserName>
<RoutingOrder>1</RoutingOrder>
<Sent>2020-05-23T12:43:07.22</Sent>
<Delivered>2020-05-23T12:43:14.767</Delivered>
<Signed>2020-05-23T12:43:18.22</Signed>
<DeclineReason xsi:nil="true"/>
<Status>Completed</Status>
<RecipientIPAddress>141.226.182.70</RecipientIPAddress>
<ClientUserId>1000</ClientUserId>
<CustomFields/>
<TabStatuses>
<TabStatus>
<TabType>SignHere</TabType>
<Status>Signed</Status>
<XPosition>427</XPosition>
<YPosition>531</YPosition>
<TabLabel>Sign Here</TabLabel>
<TabName>SignHere</TabName>
<TabValue/>
<DocumentID>1</DocumentID>
<PageNumber>1</PageNumber>
</TabStatus>
</TabStatuses>
<AccountStatus>Active</AccountStatus>
<RecipientId>56e11847-da17-43c3-95f6-d4b675af8621</RecipientId>
</RecipientStatus>
</RecipientStatuses>
<TimeGenerated>2020-05-23T12:43:38.7282968</TimeGenerated>
<EnvelopeID>cd67ff4a-6cb1-42f3-87d3-f7c149031549</EnvelopeID>
<Subject>Please sign the attached document</Subject>
<UserName>Larry Kluger</UserName>
<Email>larry#worldwidecorp.us</Email>
<Status>Completed</Status>
<Created>2020-05-23T12:43:06.753</Created>
<Sent>2020-05-23T12:43:07.253</Sent>
<Delivered>2020-05-23T12:43:14.83</Delivered>
<Signed>2020-05-23T12:43:18.22</Signed>
<Completed>2020-05-23T12:43:18.22</Completed>
<ACStatus>Original</ACStatus>
<ACStatusDate>2020-05-23T12:43:06.753</ACStatusDate>
<ACHolder>Larry Kluger</ACHolder>
<ACHolderEmail>larry#worldwidecorp.us</ACHolderEmail>
<ACHolderLocation>DocuSign</ACHolderLocation>
<SigningLocation>Online</SigningLocation>
<SenderIPAddress>208.113.165.37 </SenderIPAddress>
<EnvelopePDFHash/>
<CustomFields>
<CustomField>
<Name>Team</Name>
<Show>True</Show>
<Required>False</Required>
<Value/>
</CustomField>
<CustomField>
<Name>Office</Name>
<Show>True</Show>
<Required>False</Required>
<Value/>
</CustomField>
<CustomField>
<Name>Order ID</Name>
<Show>True</Show>
<Required>False</Required>
<Value/>
</CustomField>
<CustomField>
<Name>AccountId</Name>
<Show>false</Show>
<Required>false</Required>
<Value>4197223</Value>
<CustomFieldType>Text</CustomFieldType>
</CustomField>
<CustomField>
<Name>AccountName</Name>
<Show>false</Show>
<Required>false</Required>
<Value>World Wide Corp</Value>
<CustomFieldType>Text</CustomFieldType>
</CustomField>
<CustomField>
<Name>AccountSite</Name>
<Show>false</Show>
<Required>false</Required>
<Value>demo</Value>
<CustomFieldType>Text</CustomFieldType>
</CustomField>
</CustomFields>
<AutoNavigation>true</AutoNavigation>
<EnvelopeIdStamping>true</EnvelopeIdStamping>
<AuthoritativeCopy>false</AuthoritativeCopy>
<DocumentStatuses>
<DocumentStatus>
<ID>1</ID>
<Name>Example document</Name>
<TemplateName/>
<Sequence>1</Sequence>
</DocumentStatus>
</DocumentStatuses>
</EnvelopeStatus>
<TimeZone>Pacific Standard Time</TimeZone>
<TimeZoneOffset>-7</TimeZoneOffset>
</DocuSignEnvelopeInformation>
There are two possible ways to do this.
One is to set up an account wide Connect Configuration within the DS WebApp, this will send the requested event notifications on every envelope sent/completed to the URL: https://www.docusign.com.au/sites/default/files/connect-guide_0.pdf#page=5
You can also define this per envelope with the eventNotification parameter. However, the parameter is not baked into the provided recipes. EDIT: I stand corrected, see Larry's response below https://www.docusign.com.au/p/RESTAPIGuide/Content/REST%20API%20References/Send%20an%20Envelope.htm
Another way to test your "Listener" is to get the DocuSign XML response using
https://webhook.site
From there you will see the POST request with the complete XML body for your envelope.
TEST THE CREATE ENVELOPE FIRST
Before I would test my Listener, I wanted to confirm that my C# code would trigger the WebHook (via EnvelopeDefinition.EventNotification) in the DocuSign Envelope.
EnvelopeDefinition.EventNotification sets 2 lists of objects for EnvelopeEvent & RecipientEvents. Properly configuring these will fire the trigger in DocuSign Connect (Webhook).
All that was needed was to set the EventNotification.Url = the custom URL created for me on https://webhook.site
I locally ran my C# API code to create a DocuSign Envelope that would trigger the Webhook. Then I used the the DocuSign email (received moments after creating the envelope) to sign the document - which again fired the Webhook to my test listener.
GET THE XML
My properly configured code fired the DocuSign Connect (Webhook) POST event. I can see the POST request (and its XML body) on my custom URL at https://webhook.site
RESEND THE XML
Finally, copy the POST request XML sent from DocuSign and paste that XML in PostMan. Then I can locally use PostMan to "resend" that POST request (and XML body) to test my local Listener API that I am developing.
Apologies if these seems like a duplicate but I have been searching through the posts and I cannot find exactly what I am looking for.
My web application is sending an auth request to Azure for Single Sign On. Upon receipt of the response, what field and attributes need to be verified to ensure that the assertions can be trusted and why?
An example response is here from the Microsoft documentation-
<samlp:Response ID="_a4958bfd-e107-4e67-b06d-0d85ade2e76a" Version="2.0" IssueInstant="2013-03-18T07:38:15.144Z" Destination="https://contoso.com/identity/inboundsso.aspx" InResponseTo="id758d0ef385634593a77bdf7e632984b6" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> https://login.microsoftonline.com/82869000-6ad1-48f0-8171-272ed18796e9/</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
...
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<Assertion ID="_bf9c623d-cc20-407a-9a59-c2d0aee84d12" IssueInstant="2013-03-18T07:38:15.144Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>https://login.microsoftonline.com/82869000-6ad1-48f0-8171-272ed18796e9/</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
...
</ds:Signature>
<Subject>
<NameID>Uz2Pqz1X7pxe4XLWxV9KJQ+n59d573SepSAkuYKSde8=</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData InResponseTo="id758d0ef385634593a77bdf7e632984b6" NotOnOrAfter="2013-03-18T07:43:15.144Z" Recipient="https://contoso.com/identity/inboundsso.aspx" />
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2013-03-18T07:38:15.128Z" NotOnOrAfter="2013-03-18T08:48:15.128Z">
<AudienceRestriction>
<Audience>https://www.contoso.com</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>testuser#contoso.com</AttributeValue>
</Attribute>
<Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier">
<AttributeValue>3F2504E0-4F89-11D3-9A0C-0305E82C3301</AttributeValue>
</Attribute>
...
</AttributeStatement>
<AuthnStatement AuthnInstant="2013-03-18T07:33:56.000Z" SessionIndex="_bf9c623d-cc20-407a-9a59-c2d0aee84d12">
<AuthnContext>
<AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</samlp:Response>
What i know so far.
You must verify the signature to ensure the message has not been modified.
You must verify that the certificate public key is from a trusted source or else any validly signed certificate would authenticate.
What else?
The signature - remember to check the references.
Verify that the certificate is from the right peer (as you've noticed yourself)
The Conditions of the assertion.
I'd recommend that you do not write your own code for this and instead use an existing SAML2 SP library. Getting all of this right is a lot of work (I've done it, and I'm not sure I would if I had known how much work it is).
I sent few custom fields to docusign through API with document to be signed. When document got completed and docusign conenct hit my callback listener for passing event, I do not find the custom fields in that. My request looks like:
<envelopeDefinition xmlns=\"http://www.docusign.com/restapi\">
<emailSubject>API Call for adding signature request to document and sending</emailSubject>
<status>sent</status>
<documents>
<document>
<documentId>1</documentId>
<name> <DOCUMENT_NAME> </name>
</document>
</documents>
<recipients>
<signers>
<signer>
<recipientId>1</recipientId>
<name> <RECIPIENT_NAME> </name>
<email> <RECIPIENT_EMAIL> </email>
</signer>
</signers>
</recipients>
<customFields>
<customField>
<name>callingApp</name>
<show>false</show>
<required>true</required>
<value>DMS</value>
<customFieldType>text</customFieldType>
</customField>
</customFields>
</envelopeDefinition>
Please tell me if I am doing anything wrong.
In your connect listener you want to enable Include Document Fields.
If you were doing an Envelope based Event Notification (connect event), it would be different.
We send some DocuSign envelopes via email and we can't find anything in the API that will tell us if a signer failed security check. The envelope status stays in 'sent'.
The docs do not mention any status that would correspond to failed security check: https://docs.docusign.com/esign/guide/appendix/status_and_error_codes.html#envelope--recipient-status-codes
Are you using Connect to receive status events? You can have it tell you when there's an Authentication Failure. Here's what comes through when that happens. You're right the Envelope status stays Sent. The Failure is noted lower down. I imagine you'd get the same if you called the API to get envelope status directly.
<EnvelopeStatus>
<RecipientStatuses>
<RecipientStatus>
<Type>Signer</Type>
<Email>XXXXX</Email>
<UserName>John Q Signer</UserName>
<RoutingOrder>1</RoutingOrder>
<Sent>2014-12-30T07:29:45.747</Sent>
<DeclineReason xsi:nil="true" />
<Status>Sent</Status> <!-- STILL SENT -->
<RecipientIPAddress />
<IDCheckInformation />
<RecipientAuthenticationStatus>
<IDQuestionsResult>
<Status>Failed</Status> <!-- HERE IS THE FAILURE -->
<EventTimestamp>2014-12-30T13:30:09.79Z</EventTimestamp>
</IDQuestionsResult>
<IDLookupResult>
<Status>Passed</Status>
<EventTimestamp>2014-12-30T13:30:09.79Z</EventTimestamp>
</IDLookupResult>
</RecipientAuthenticationStatus>