Introduction

The Quick-Sign Portal is very easy to install and configure; it can be integrated in an existing environment. It is a web PHP application which interacts with a mail server to permit users to send and sign documents.
We recommend to install it on a dedicated machine and not on your WebADM/OpenOTP servers. This Quick-Sign portal is using the quicksign-milter, you must first configure the Quick-Sign Milter before deploying the Quick-Sign portal.
WebADM/OpenOTP infrastructure must be already deployed and integrated with your LDAP backend. Your OpenOTP license must also support Sign option.

Installation

As indicated in the introduction, the Quick-Sign Portal needs several components to run. They are mandatory.

  • Web server with PHP activated
  • IMAP and SMTP server associated to a Quick-Sign server
  • LDAP server
    • for authentication
    • to retrieve information to fill the signers lists, the user's personal data, etc.
  • Redis server
    • to store information about unsigned transactions such as rejected, cancelled, error (Portal Redis instance)
    • to retrieve information from Quick-Sign server (Quick-Sign server Redis instance)
  • WebADM server for the junction to the OpenOTP process

{{< note title="Note" >}}
Note that it is possible to use only one Redis instance : the sessions from Quick-Sign server and from Portal are different to prevent data loss.
Also, the Portal can run completely as standalone application : one server with its own mail server (independent of Company's), own LDAP (e.g. clone of the Company's).
{{</ note >}}

RHEL/CentOS through RCDevs Repository

The installation of the Quick-Sign Milter as a service is done with the following command once RCDevs repository is installed:

yum install quicksign-milter

OR

dnf install quicksign-milter

Debian/Ubuntu through RCDevs Repository

The installation of the Quick-Sign Milter as a service is done with the following command once RCDevs repository is installed:

apt install quicksign-milter

Portal tree structure

The portal is an MVC application with the below structure. Only public folder has to be reachable by users; the system administrator should configure web server according to this recommendation.
The core of the application is stored in the app folder, the public area stays in the public folder.
The only file which has to be modified is the config.ini; it is located in app/config folder.

/qsPortal
├── app
│   ├── config
│   ├── controllers
│   ├── core
│   ├── locales
│   ├── media
│   ├── models
│   ├── utility
│   └── views
└── public
    ├── css
    ├── font
    ├── img
    └── js

The users documents are stored in another folder, different from the application. It permits an easier maintenance (backup, purge, etc.).
The following tree example shows each user (IT Manager, HR, Rosy) who have 4 sub folders.

  • approved : contains all the document sent by the user and signed (so approved) by someone else.
  • mydocuments : we found here all the user's documents which can be sent for signature or sealing
  • sealed : all the documents the user sealed (signed for his own purpose)
  • signed : all the documents the user signed

All other documents (cancelled signatures, rejected signature, errors) are stored in Redis and are temporary.
As you can see, each signed/sealed document is composed of

  • its original name concatenated with a base64 string
  • the same pattern for an index file which contains relevant information about the signature

All these stored files can be downloaded by the user.

documents/
├── IT Manager
│   ├── approved
│   │   ├── IT charter by Rebecca.pdf_<base64String>
│   │   ├── IT charter by Rebecca.pdf_<base64String>.idx
│   │   ├── Computer workstation security agreement.pdf_<base64String>
│   │   └── Computer workstation security agreement.pdf_<base64String>.idx
│   ├── mydocuments
│   │   ├── Computer workstation security agreement.pdf
│   │   ├── IT charter.pdf
│   │   ├── IT infrastructure project.pdf
│   │   ├── IT infrastructure project (validated).pdf
│   │   └── Network architecture.pdf
│   ├── sealed
│   │   ├── Computer workstation security agreement.pdf_<base64String>
│   │   ├── Computer workstation security agreement.pdf_<base64String>.idx
│   │   ├── IT infrastructure project (validated).pdf_<base64String>
│   │   └── IT infrastructure project (validated).pdf_<base64String>.idx
│   └── signed
│       ├── Alpha server purchase Q1-2023.pdf_<base64String>
│       ├── Alpha server purchase Q1-2023.pdf_<base64String>.idx
│       ├── CEO-IT service reorganization Q3-2022.pdf_<base64String>
│       ├── CEO-IT service reorganization Q3-2022.pdf_<base64String>.idx
│       ├── Subcontractor, confidentiality agreement Q4-2022.pdf_<base64String>
│       └── Subcontractor, confidentiality agreement Q4-2022.pdf_<base64String>.idx
├── HR
│   ├── approved
│   │   ├── Appointment 2022-11-11 by Pike.pdf_<base64String>
│   │   ├── Appointment 2022-11-11 by Pike.pdf_<base64String>.idx
│   │   ├── Long term contract by Rosy.pdf_<base64String>
│   │   └── Long term contract by Rosy.pdf_<base64String>.idx
│   ├── mydocuments
│   │   ├── Appointment 2022-11-11.pdf
│   │   ├── Long term contract.txt
│   │   ├── Long term contract template.pdf
│   │   └── Reorg project.pdf
│   ├── sealed
│   │   ├── Long term contract template.pdf_<base64String>
│   │   └── Long term contract template.pdf_<base64String>.idx
│   └── signed
├── Rosy
│   ├── ...
│   ├── ...

Configuration

Please find below, the standard Portal configuration file for domain "server.com".

Standard configuration file config.ini

[Portal]
applicationFullname     = "QuickSign Portal"
applicationFlag         = "QuickSignPortal"
portalId                = "a9a9a9a9-a9a9-a9a9-a9a9-a9a9a9a9a9a9"
; Do NOT forget the ending SLASH
url_base                = "/quicksign/"
refreshArray            = false
refreshDelay            = 5
[Logging]
logFileName             = "/var/log/quicksign/quicksign-portal.log"
level = WARNING
; DEBUG
; INFO
; WARNING
; ERROR
; CRITICAL
[Documents]
; Do NOT forget the ending DS
documentsFolder         = "/var/www/quicksign/documents/"
; System credentials for documents
documentsCredentials    = "0750"
[Postfix]
name                    = "server.com"
realDomain              = "server.com"
port                    = 143
type                    = ""
security                = ""
folder                  = "INBOX"
SMTPDebug               = false
signDomain              = "sign.server.com"
sealEmail               = "seal@sign.server.com"
manager                 = "Postman"
password                = "mngPassword"
[Redis]
; Milter Redis
redisMilterHost         = "server.com"
redisMilterPort         = 6379
; Portal Redis (used for temporary status like "Error", "Rejected", etc.)
redisedFoldersHost      = "server.com"
redisedFoldersPort      = 6379
; Keep the intel inside the Portal Redis (in hours) ; this is just for Rejected, Cancelled & Error requests
keepAlive               = 120
[LDAP]
host                    = "webadm.server.com"
port                    = 389
; encryption can be none/ssl/tls
encryption              = none
timeout                 = 10
username                = "cn=admin,o=Root"
password                = "admPassword"
baseDn                  = "o=Root"
filter                  = "(objectclass=person)"
filterUser              = "(uid=%s)"
filterMail              = "(mail=%s)"
columnFirstname         = "givenname"
columnLastname          = "sn"
columnLogin             = "uid"
columnMail              = "mail"
[Media]
iconType                = "png"
iconExtension           = ".webp"
extensionSeparator      = "_"
missing                 = "_missing"

Parameters explanations

Variables Meaning
[Portal]
applicationFullname Name to display especially in the top banner
applicationFlag Short name used
• to send Portal messages to milter
• to read logs
portalId Portal ID which permits to link the milter and the Portal emails.
This ID has to be also written in the Milter configuration file to perform the link.
url_base url used in the web browser, root of the Portal web site
refreshArray Permits to refresh automatically the files lists
refreshDelay Delay between two refreshes (in seconds)
[Logging]
level = WARNING Define log level ; can be DEBUG, INFO, WARNING, ERROR, CRITICAL
[Documents]
documentsFolder Root folder for documents storage.
For each user's folder, there are 4 subfolders :
approved for documents approved by user's colleagues
mydocuments which contains user's documents
sealed for user's sealed documents
signed which contains documents signed by user
Note : the other Portal tabs are temporary virtual folders stored in Redis
documentsCredentials Define credential for directory creation (disable on MS Windows)
[Postfix] More information on PHP imap-open function
name Mail Server name used to send signs and seals requests
realDomain Real domain mail server as opposed to sign domain (below)
port Mail Server port (cf. standard Postfix configuration)
type pop or imap protocol or empty value
security ssl, tls, notls or empty value
folder INBOX folder
SMTPDebug Debug protocol negotiations as boolean (defaultfalse)
signDomain Signature domain, generally concatenation ofsign and real domain value
sealEmail Seal email ; it has to be seal@sign.server.com
manager Manager of the mails from and to Portal.
This special user will receive all emails from the milter to prevent standard users mailbox to be flooded
password Manager password
[Redis] Two Redis servers are needed.
First, the Redis used by the milter with which the Portal can interact.
Second, specific Portal Redis to manage cancellations, errors, rejections.
These Redis servers can be merged into one thanks to the Portal prefix sessions
redisMilterHost Milter Redis hostname
redisMilterPort Milter Redis port
redisedFoldersHost Portal Redis hostname
redisedFoldersPort Portal Redis port
keepAlive Time during which the information is kept in the Portal Redis (in hours)
[LDAP] LDAP is used to authentication, to fill the users lists, the user personal information, etc.
host LDAP server hostname
port LDAP server port
encryption Used to define encryption to LDAP (none/ssl/tls)
timeout Standard LDAP timeout
username Special user ID who is allowed to read the LDAP
password Special user password
baseDn LDAP base DN
filter Used to search information about LDAP users (depends on your LDAP configuration).
e.g. search in a group of person.
filterUser Used to search information about LDAP users (depends on your LDAPconfiguration).
e.g. search information according to the login name (here uid).
filterMail Used to search information about LDAP users (depends on your LDAPconfiguration).
e.g. search information according to the user's mail (here mail).
columnFirstname Users' firstname (displayed in users lists)
columnLastname Users' lastname (displayed in users lists)
columnLogin LDAP User login ID
columnMail LDAP User email
[Media]
iconType Type of pictures used in the portal
iconExtension Extension of pictures used in the portal
extensionSeparator Separator used to display pictures
missing Display this picture is one is missing