PhenixID Documentation

Configuration reference

This document describes all the parameters (set in config/config.json) that controls system behaviour.

Audience

System administrators.

Name	Description	Mandatory	Choices/Default
publicUrl	Public URL for the Signing Workflow service	yes
primaryServerInterface	Listening interface for the web app API		0.0.0.0
primaryServerPort	Listening port for the web app API		8080
automationApiEnabled			true, false
automationApiInterface	Listening interface for the Automation API		0.0.0.0
automationApiPort	Listening port for the Automation API		8081
logoutUrl	Browser redirect to this URL on logout		<publicUrl>
logNetworkActivity	Enable TCP logging for incoming HTTP requests		true, false
sessionTimeout	Session timeout in milliseconds		14400000 (4 hours)
database.user	Database user	yes
database.password	Database password	yes
database.max_pool_size	Maximal number of connections in connection pool		15
database.min_pool_size	Minimal number of connections in connection pool		3
database.initial_pool_size	Initial number of connections in connection pool		3
database.max_idle_time	Maximum idle time for a connection in connection pool (0 means forever)		0
database.changelog	Path to database changeset (do not edit)	yes	db_migrations/changelog.master.xml
database.migrations_enabled	Enable database changeset (do not edit)	yes	true
database.driver_class	Database driver (do not edit)	yes
signingOrders.fileDirectory	File storage	yes
signingOrders.documentLocationId	File storage ID. Change this to a unique value every time the File storage directory is changed.	yes
signingOrders.documentMimeType	Mime type header when downloading a signed document		application/octet-stream
signingOrders.usePdfAFlavours	Allow these PDF/A flavours (string array)		[]
signingOrders.rejectInvalidPdfA	Reject invalid PDF/A file selections		true, false
signingOrders.bodyLimit	Max upload file size		2097152 (2M)
documentRetention.enabled	Enable or disable the entire document retention function.		true, false
documentRetention.inactiveDocumentAge	Max age of an inactive document until it is deleted. Value in ISO8601		PT12H
documentRetention.completedDocumentAge	Max age of a completed (accepted) document until it is deleted. Value in ISO8601		P30D
orderReminder.enabled	Enable reminder notifications		true, false
orderReminder.beforeExpiration	Send reminder number of days before order expires		P2D
orderReminder.batchSize	Order reminder batch size		25
orderReminder.delay	Time delay in milliseconds until first order notification and reminder batch jobs after server start		3000
orderReminder.frequency	Target frequency (1/second) for order notification and reminder batch jobs		0.14
credentials.privatePkcs12	PKCS12 archive for server certificate and private key	yes
credentials.password	Password for PKCS12 archive	yes, if privatePkcs12 is encrypted
signingService.url	URL of Signing Service	yes
fileService.url	URL of File Service.	yes
fileService.username	File service user	yes
fileService.password	File service user password	yes
saml.postSsoUrl	SAML IdP Request consumer URL	yes
saml.assertionConsumerServiceUrl	SAML Assertion consumer URL	yes
saml.issuerId	SAML issuer ID	yes
saml.defaultLocale	SAML locale	yes
saml.attributes.authority	Authority attribute	yes
saml.attributes.source	Source attribute	yes
saml.attributes.firstName	First name attribute	yes
saml.attributes.lastName	Last name attribute	yes
saml.attributes.mail	Mail attribute	yes
saml.roles.solicitor	This value for the digo_saml_authority attribute indicates Solicitor permissions	yes
saml.trustedIssuers	List of files containing trusted certificates for SAML ticket validation	yes
saml.skewTime	SAML skew time	yes
smtp.fromAddress	Notification email from	yes
smtp.enabled	SMTP notifications enabled		true, false
smtp.client.hostname		yes
smtp.client.port		yes
smtp.client.login	Use authentication on the SMTP service		DISABLED, NONE, REQUIRED
smtp.client.username		yes
smtp.client.password		yes
smtp.client.starttls	Use StartTLS		DISABLED, OPTIONAL, REQUIRED
smtp.client.ssl	Use TLS when connecting to mail server		true, false
smtp.client.trustAll	Trust all certificates when connecting to mail server		true, false
smtp.client.keyStore	Key store file to trust server certificates
smtp.client.keyStorePassword	Password for key store file	yes, if keyStore is encrypted
users.useSsl	Use TLS towards User Query Service		true, false
users.useSslClientCert	Use TLS Client Auth towards User Query Service		true, false
users.useSslTrustAll	Trust all TLS server certificates		true, false
users.sslTrustFile	Custom trust store
users.sslTrustFileType	Trust store type		pkcs12
users.sslKeyFile	Private key for TLS authentication
users.sslKeyFileType	Key file type		pkcs12
users.sslKeyPassword	Password for the private TLS key	yes, if sslKeyFile is encrypted
users.externalUserLookup	URL for external user lookup	yes
users.internalUserLookup	URL for internal user lookup	yes
users.internalUserSearch	URL for internal user search	yes
users.internalUserAttributes.organization	Organization attribute in internal user query result	yes
users.internalUserAttributes.userId	User ID attribute in internal user query result	yes
users.internalUserAttributes.mail	Mail attribute in internal user query result	yes
users.internalUserAttributes.firstName	First name attribute in internal user query result	yes
users.internalUserAttributes.lastName	Last name attribute in internal user query result	yes
users.internalUserAttributes.mobile	Mobile attribute in internal user query result	yes
users.internalUserAttributes.department	Department attribute in internal user query result	yes
users.externalUserAttributes.info	Info attribute in external user query result	yes
users.externalUserAttributes.mail	Mail attribute in external user query result	yes
users.externalUserAttributes.mobile	Mobile attribute in external user query result	yes
users.externalUserAttributes.firstName	First name attribute in external user query result	yes
users.externalUserAttributes.lastName	Last name attribute in external user query result	yes
users.externalUserAttributes.info	Info attribute in external user query result	yes
webHook.enabled	Enable webhooks		true, false
webHook.endpoint	Endpoint for webhook	yes
webHook.key	Extra query parameter in endpoint URL.
webHook.connectionTimeout	Timeout for the http POST. Duration in ISO-8601.		PT30S
webHook.secret	Secret to create header signature.
webHook.useSslTrustAll	Trust all TLS server certificates		true, false
webHook.useSslClientCert	Use TLS Client authentication towards webhook service		true, false
webHook.sslTrustFile	Certificate file, mandatory if using client authentication.	(yes)
webHook.sslTrustFileType	Content type.		pkcs12
webHook.sslKeyFile	Private key for TLS authentication, mandatory if using SSL.	(yes)
webHook.sslKeyFileType	Content type.		pkcs12
webHook.sslKeyPassword	Password for the private TLS key	(yes)
notifications.downloadLink	Direct download link for document in email		true, false
orderOptions.enableNotifyAllSignersOption	Allow option to let signers download signed documents		true, false

Example configuration file

{
  "publicUrl": "https://signing-workflow.phenixid.net/",
  "apiHost": "172.16.238.11",
  "primaryServerPort": 8080,
  "automationApiEnabled": true,
  "automationApiHost": "172.16.239.11",
  "apiPort": 8081,
  "logoutUrl": "https://signing-workflow.phenixid.net/",
  "logNetworkActivity": false,
  "sessionTimeout": 30000,
  "database": {
    "url": "jdbc:sqlserver://10.128.22.34:61466;database=workflow",
    "user": "workflow_owner",
    "password": "Secret8899",
    "max_pool_size": 15,
    "min_pool_size": 3,
    "initial_pool_size": 3,
    "max_idle_time": 0,
    "changelog": "db_migrations/changelog.master.xml",
    "migrations_enabled": true,
    "driver_class": "com.microsoft.sqlserver.jdbc.SQLServerDriver"
  },
  "signingOrders": {
    "fileDirectory": "C:/PhenixID/FileStorage",
    "documentLocationId": 1,
    "usePdfAFlavours": ["PDFA_1_A", "PDFA_3_A"],
    "rejectInvalidPdfA": true
  },
  "orderReminder": {
    "enabled": true,
    "beforeExpiration": "P2D"
  },
  "documentRetention": {
    "enabled": true,
    "inactiveDocumentAge": "PT12H",
    "completedDocumentAge": "P30D"
  },
  "credentials": {
    "privatePkcs12": "C:/PhenixID/Keys/token_signer.pkcs12",
    "password": "zecret"
  },
  "signingService": {
    "url": "https://signing.phenixid.net/pdf_sign//authenticate/logout/?nextTarget=https://signing.phenixid.net/pdf_sign//"
  },
  "fileService": {
    "url": "https://signing-service.phenixid.net/files/session",
    "username": "workflow",
    "password": "secret7zce"
  },
  "documentRetention": {
     "enabled": true,
     "inactiveDocumentAge": "PT12H",
     "completedDocumentAge": "P30D"
  },
  "saml": {
    "postSsoUrl": "https://idp.phenixid.net/saml/authenticate/idp",
    "assertionConsumerServiceUrl": "https://signing-workflow.phenixid.net/auth/saml",
    "issuerId": "https://signing-workflow.phenixid.net/saml/sp",
    "defaultLocale": "sv",
    "attributes": {
      "authority": "description",
      "source": "source",
      "firstName": "givenName",
      "lastName": "sn",
      "mail": "mail"
    },
    "roles": {
      "solicitor": "role:solicitor"
    },
    "trustedIssuers": [
      "https://idp.phenixid.net/saml/idp"
    ],
    "trustedCertificates": [
      "C:/PhenixID/Certs/samltrust.pem"
    ],
    "skewTime": 30000
  },
  "smtp": {
    "fromAddress": "[email protected]",
    "enabled": "true",
    "client": {
       "host": "smtp.sendgrid.net",
       "port": 25,
       "username": "user",
       "password": "zecret"
       "login": "REQUIRED"
    }
  },
  "webHook": {
    "enabled": true,
    "endpoint": "http://www.example.org/automation"
  }, 
  "users": {
    "useSsl": false,
    "useSslClientCert": false,
    "useSslTrustAll": false,
    "sslTrustFile": "C:/PhenixID/Trust/saml-trust.pkcs8",
    "sslKeyFile": "C:/PhenixID/Keys/key.der",
    "sslKeyPassword": "abc123",
    "externalUserLookup": "https://signing-service.net/pipes/users/external",
    "internalUserLookup": "https://signing-service.net/pipes/users/internal",
    "internalUserSearch": "https://signing-service.net/pipes/users/search",
    "internalUserAttributes": {
      "organization": "o",
      "userId": "sAMAccountName",
      "mail": "mail",
      "firstName": "givenName",
      "lastName": "sn",
      "mobile": "mobile",
      "department": "ou"
    },
    "externalUserAttributes": {
      "info": "o",
      "mail": "mail",
      "mobile": "mobile",
      "firstName": "givenName",
      "lastName": "sn"
    }
  },
  "notifications": {
    "downloadLink": false
  },
  "orderOptions": {
    "enableNotifyAllSignersOption": false
  }
}