Currently, all services in the EACAT Procedures Catalog that have procedures, which use forms made with .net technology, commonly referred to in EACAT jargon as web forms , are electronically signed with the user's T-CAT certificate and use the Signador application.
This application is compatible with any browser, but it is essential to run and install the Native Signador application. This JAVA dependency may cause the signature part to not work correctly for some users.
For this reason, the AOC Consortium has implemented an improvement that allows web forms to be signed using the centralized signer and the electronic seal certificate of the organization assigned exclusively for use of the AOC services (or that of the AOC Consortium if the entity has not assigned this certificate). In this way, possible problems with the installation of JAVA and the Signador Native application are avoided.
In order to make these changes, the specific service providers in the EACAT Procedures Catalog, which have procedures designed as web forms , are categorising them according to three types of identification and signature mechanisms. This process is complex and will take time; for this reason, from now on you can find procedures, which are web forms , with the different types of signature and identification mechanisms.
These mechanisms affect entry access to EACAT and the signing of the procedure. Based on this, the following signature and identification mechanisms have been classified:
- Ordinary signature with low-level authentication
- Ordinary signature with medium-level authentication
- Advanced or qualified signature based on qualified certificate (current mechanism)
a) Ordinary signature with low-level authentication
In this case, the user is allowed to access the form to sign with low-level identification (non-cryptographic systems), such as the users and passwords of the EACAT and GICAR platforms.
To make this mechanism more robust, when generating the signature, evidence of identification will be saved as another node in the XML of the form to be signed and a signature will be made using the centralized signer with the electronic seal of the entity exclusively assigned to the AOC Consortium. If it does not have one, it will be signed with the electronic seal of the AOC Consortium.
Once inside the completed procedure form, you must press the Sign button, and the signing process is carried out automatically.
Once you have signed the form, you can find the document entry in My procedures .
If you enter the procedure you will check the electronic seal that was used for the signature. In the example, the seal used is that of the AOC Consortium, since the local entity that is processing the procedure has not exclusively assigned its electronic seal.
b) Ordinary signature with medium-level authentication
To access the form to be signed, it is essential that the user has authenticated with a digital certificate when accessing the EACAT.
To provide greater robustness, when generating the signature, evidence of identification will be saved as another node in the XML of the form to be signed and a signature will be made using the centralized signer with the electronic seal of the entity exclusively assigned to the AOC Consortium and if it does not have one with the electronic seal of the AOC Consortium. Additionally, the PSIS response when validating the certificate at the time of authentication is also saved.
If when entering EACAT you have NOT identified yourself with your digital certificate, this message will appear:
And as it indicates, you will not be able to sign the document. To do so, disconnect from the current session and log in again by identifying yourself with the Access with certificate option, using your T-CAT digital certificate or similar.
You will see the document pending signature in My procedures, in the To sign tray.
Click on the entry and you will enter the document, where you can sign it with the Sign button.
If you go to My Procedures and click on the entry for the sent document, the signed and sent document will open:
Once inside you will see that the signature appears with the electronic seal of the entity or, failing that, with the electronic seal of the AOC Consortium.
c) Advanced or qualified signature based on a qualified certificate
The current signature mechanism is maintained, which allows us to identify ourselves either with a username and password or with the user's digital certificate, indistinctly.
Once the web form for the procedure has been completed, it is signed with the T-CAT or similar using the Signador .
A new tab is then opened in the browser and the web application is loaded for signing (the Signador).
Enter the PIN of your T-CAT certificate or similar and the signature generation process begins.
From this moment on, you can access My procedures where you will find your signed and submitted procedure.
Within your procedure you can see that it has been signed with your public worker signature T-CAT or similar.
The specific service providers in the EACAT Procedures Catalog, which have procedures designed as web forms , are categorized according to the three types of identification and signature mechanisms mentioned in point 2.
Signature errors in this type of form are usually related to the signer's native application. It is important to update this application to the latest version. If you have problems signing a submission, please install the latest version of the native application. You will find the installable ones at https://signador.aoc.cat/signador/installNativa
You might be interested in: