Configure extended authentication from external browser for document security configure-external-browser-authentication-document-security
Extended authentication from an external browser allows users to authenticate for policy-protected PDF documents using the system’s default web browser (such as Microsoft Edge or Google Chrome) instead of the embedded browser control within Acrobat or Reader. This enables modern authentication methods such as PassKey, biometric authentication, and other Identity Provider (IDP) features that require a modern browser.
When enabled, opening a policy-protected document in Acrobat or Reader launches the IDP login page in the user’s default browser. After authentication, the user is automatically redirected back to Acrobat or Reader and the document is unlocked.
Prerequisites prerequisites
Before you configure external browser authentication, ensure that the following requirements are met:
- AEM Forms 6.5 on JEE with Service Pack 6.5.25.0 deployed, or Service Pack 6.5.24.0 with the applicable JEE hotfix patch installed on a supported application server (JBoss, WebLogic, or WebSphere). See Software distribution links for AEM Forms JEE Hotfix2 6.5.24.0.
- Extended authentication (third-party authentication) already enabled and functional with an IDP. See Server configuration settings and Add the extended authentication provider.
- Adobe Acrobat Pro or Adobe Acrobat Reader (64-bit) installed on the client Windows PC with the latest update.
Software distribution links for AEM Forms JEE Hotfix2 6.5.24.0 software-distribution-links
External browser authentication is available in AEM Forms on JEE Service Pack 6.5.25.0 and later.
If you are on AEM Forms on JEE Service Pack 6.5.24.0 or earlier, do one of the following:
- Upgrade to AEM Forms on JEE Service Pack 6.5.25.0.
- Install the AEM Forms JEE Hotfix 6.5.24.0 patch for your application server and platform using the links below.
Download and install the AEM Forms JEE Hotfix 6.5.24.0 patch for your platform from Adobe Software Distribution:
JBoss
WebSphere
WebLogic
For installation instructions, see Install a JEE patch.
Enable external browser authentication enable-external-browser-authentication
This video shows how to enable external browser authentication on the AEM Forms Document Security server.
-
In the administration console, click Services > Document Security > Configuration > Server Configuration.
-
Locate the section Allow extended authentication from external browser for Adobe client applications.
-
Select the checkbox for each Adobe client platform you want to enable:
- Adobe Acrobat and Reader (64-bit) - Desktop
- Adobe Acrobat Reader (32-bit) - Desktop
-
Click OK.
For the server setting description, see Server configuration settings.
Verification verification
This video shows how to verify external browser authentication: open a policy-protected PDF in Acrobat, sign in through your default browser, and confirm the document unlocks after authentication.
- Create a policy-protected PDF document using the Document Security server.
- On a Windows client machine, open the protected PDF in Acrobat Pro or Acrobat Reader.
- A consent dialog appears in Acrobat. Click Sign In.
- Verify that the system default browser opens with the IDP login page.
- Complete authentication.
- Verify that the protected document opens successfully.
Troubleshooting troubleshooting
The embedded browser opens instead of the system browser embedded-browser-opens-instead-of-system-browser
- Verify the server has external browser authentication enabled. See Enable external browser authentication.
- Confirm the Acrobat or Reader version supports this feature. See Acrobat.
Authentication succeeds in the browser but the document does not unlock authentication-succeeds-but-document-does-not-unlock
- Ensure Acrobat or Reader is running and not blocked by firewall or security software.
- If the issue persists, reinstall or repair the Acrobat or Reader installation to restore protocol handler registration.
“We couldn’t sign you in” message appears in Acrobat we-couldnt-sign-you-in-message
- The user may have taken too long to complete authentication. Try again.
- Check network connectivity between the browser and the AEM Forms server.
Authentication option does not appear on the login page authentication-option-does-not-appear
- Authentication methods and options are configured by the IDP, not by AEM Forms or Acrobat. Ensure the IDP supports the authentication method you want to use.
- Verify the login page is loading in the system browser (not the embedded browser).