Configuration reference
This document describes all the parameters (set in config/config.json) that controls system behaviour.
Audience
System administrators.
| Name | Description | Mandatory | Choices/Default |
|---|---|---|---|
| publicUrl | Public URL for the Signing Workflow service |
yes | |
| primaryServerInterface | Listening interface for the web app API | 0.0.0.0 | |
| primaryServerPort | Listening port for the web app API | 8080 | |
| automationApiEnabled | true, false |
||
| automationApiInterface |
Listening interface for the Automation API | 0.0.0.0 | |
| automationApiPort | Listening port for the Automation API |
8081 | |
| logoutUrl | Browser redirect to this URL on logout |
<publicUrl> | |
| logNetworkActivity | Enable TCP logging for incoming HTTP requests |
true, false |
|
| sessionTimeout | Session timeout in milliseconds |
14400000 (4 hours) |
|
| database.user | Database user |
yes | |
| database.password | Database password |
yes | |
| database.max_pool_size | Maximal number of connections in connection pool |
15 | |
| database.min_pool_size | Minimal number of connections in connection pool |
3 | |
| database.initial_pool_size | Initial number of connections in connection pool |
3 | |
| database.max_idle_time | Maximum idle time for a connection in connection pool (0 means forever) |
0 |
|
| database.changelog | Path to database changeset (do not edit) | yes | db_migrations/changelog.master.xml |
| database.migrations_enabled | Enable database changeset (do not edit) | yes | true |
| database.driver_class | Database driver (do not edit) | yes | |
| signingOrders.fileDirectory | File storage | yes | |
| signingOrders.documentLocationId | File storage ID. Change this to a unique value every time the File storage directory is changed. | yes | |
| signingOrders.documentMimeType | Mime type header when downloading a signed document | application/octet-stream | |
| signingOrders.usePdfAFlavours | Allow these PDF/A flavours (string array) | [] | |
| signingOrders.rejectInvalidPdfA |
Reject invalid PDF/A file selections | true, false | |
| signingOrders.bodyLimit | Max upload file size |
2097152 (2M) |
|
| documentRetention.enabled |
Enable or disable the entire document retention function. | true, false |
|
| documentRetention.inactiveDocumentAge |
Max age of an inactive document until it is deleted. Value in ISO8601 |
PT12H | |
| documentRetention.completedDocumentAge |
Max age of a completed (accepted) document until it is deleted. Value in ISO8601 |
P30D | |
| orderReminder.enabled | Enable reminder notifications |
true, false |
|
| orderReminder.beforeExpiration | Send reminder number of days before order expires |
P2D |
|
| orderReminder.batchSize |
Order reminder batch size |
25 |
|
| orderReminder.delay |
Time delay in milliseconds until first order notification and reminder batch jobs after server start |
3000 |
|
| orderReminder.frequency |
Target frequency (1/second) for order notification and reminder batch jobs |
0.14 |
|
| credentials.privatePkcs12 | PKCS12 archive for server certificate and private key | yes | |
| credentials.password | Password for PKCS12 archive | yes, if privatePkcs12 is encrypted | |
| signingService.url | URL of Signing Service | yes | |
| fileService.url | URL of File Service. | yes | |
| fileService.username | File service user | yes | |
| fileService.password | File service user password | yes | |
| saml.postSsoUrl | SAML IdP Request consumer URL |
yes | |
| saml.assertionConsumerServiceUrl | SAML Assertion consumer URL | yes | |
| saml.issuerId | SAML issuer ID | yes | |
| saml.defaultLocale | SAML locale | yes | |
| saml.attributes.authority | Authority attribute | yes | |
| saml.attributes.source | Source attribute | yes |
|
| saml.attributes.firstName | First name attribute | yes |
|
| saml.attributes.lastName | Last name attribute | yes |
|
| saml.attributes.mail | Mail attribute | yes |
|
| saml.roles.solicitor | This value for the digo_saml_authority attribute indicates Solicitor permissions |
yes |
|
| saml.trustedIssuers | List of files containing trusted certificates for SAML ticket validation |
yes |
|
| saml.skewTime | SAML skew time | yes |
|
| smtp.fromAddress | Notification email from | yes |
|
| smtp.enabled | SMTP notifications enabled |
true, false |
|
| smtp.client.hostname | yes | ||
| smtp.client.port | yes | ||
| smtp.client.login | Use authentication on the SMTP service |
DISABLED, NONE, REQUIRED | |
| smtp.client.username | yes | ||
| smtp.client.password | yes | ||
| smtp.client.starttls | Use StartTLS | DISABLED, OPTIONAL, REQUIRED |
|
| smtp.client.ssl | Use TLS when connecting to mail server | true, false |
|
| smtp.client.trustAll | Trust all certificates when connecting to mail server | true, false |
|
| smtp.client.keyStore | Key store file to trust server certificates | ||
| smtp.client.keyStorePassword | Password for key store file | yes, if keyStore is encrypted | |
| users.useSsl | Use TLS towards User Query Service |
true, false |
|
| users.useSslClientCert | Use TLS Client Auth towards User Query Service |
true, false |
|
| users.useSslTrustAll | Trust all TLS server certificates |
true, false |
|
| users.sslTrustFile | Custom trust store | ||
| users.sslTrustFileType | Trust store type | pkcs12 | |
| users.sslKeyFile | Private key for TLS authentication |
||
| users.sslKeyFileType | Key file type | pkcs12 | |
| users.sslKeyPassword | Password for the private TLS key |
yes, if sslKeyFile is encrypted | |
| users.externalUserLookup | URL for external user lookup |
yes |
|
| users.internalUserLookup | URL for internal user lookup |
yes |
|
| users.internalUserSearch | URL for internal user search |
yes |
|
| users.internalUserAttributes.organization | Organization attribute in internal user query result |
yes |
|
| users.internalUserAttributes.userId |
User ID attribute in internal user query result |
yes |
|
| users.internalUserAttributes.mail |
Mail attribute in internal user query result |
yes |
|
| users.internalUserAttributes.firstName |
First name attribute in internal user query result |
yes |
|
| users.internalUserAttributes.lastName |
Last name attribute in internal user query result |
yes |
|
| users.internalUserAttributes.mobile |
Mobile attribute in internal user query result |
yes |
|
| users.internalUserAttributes.department |
Department attribute in internal user query result |
yes |
|
| users.externalUserAttributes.info |
Info attribute in external user query result |
yes |
|
| users.externalUserAttributes.mail |
Mail attribute in external user query result |
yes |
|
| users.externalUserAttributes.mobile |
Mobile attribute in external user query result |
yes |
|
| users.externalUserAttributes.firstName |
First name attribute in external user query result |
yes |
|
| users.externalUserAttributes.lastName |
Last name attribute in external user query result |
yes |
|
| users.externalUserAttributes.info |
Info attribute in external user query result |
yes |
|
| webHook.enabled | Enable webhooks | true, false |
|
| webHook.endpoint |
Endpoint for webhook | yes | |
| webHook.key |
Extra query parameter in endpoint URL. | ||
| webHook.connectionTimeout |
Timeout for the http POST. Duration in ISO-8601. | PT30S | |
| webHook.secret |
Secret to create header signature. | ||
| webHook.useSslTrustAll |
Trust all TLS server certificates |
true, false |
|
| webHook.useSslClientCert |
Use TLS Client authentication towards webhook service |
true, false |
|
| webHook.sslTrustFile | Certificate file, mandatory if using client authentication. | (yes) | |
| webHook.sslTrustFileType |
Content type. | pkcs12 | |
| webHook.sslKeyFile |
Private key for TLS authentication, mandatory if using SSL. | (yes) | |
| webHook.sslKeyFileType |
Content type. |
pkcs12 |
|
| webHook.sslKeyPassword |
Password for the private TLS key |
(yes) | |
| notifications.downloadLink | Direct download link for document in email | true, false | |
| orderOptions.enableNotifyAllSignersOption | Allow option to let signers download signed documents | true, false |
Example configuration file
{
"publicUrl": "https://signing-workflow.phenixid.net/",
"apiHost": "172.16.238.11",
"primaryServerPort": 8080,
"automationApiEnabled": true,
"automationApiHost": "172.16.239.11",
"apiPort": 8081,
"logoutUrl": "https://signing-workflow.phenixid.net/",
"logNetworkActivity": false,
"sessionTimeout": 30000,
"database": {
"url": "jdbc:sqlserver://10.128.22.34:61466;database=workflow",
"user": "workflow_owner",
"password": "Secret8899",
"max_pool_size": 15,
"min_pool_size": 3,
"initial_pool_size": 3,
"max_idle_time": 0,
"changelog": "db_migrations/changelog.master.xml",
"migrations_enabled": true,
"driver_class": "com.microsoft.sqlserver.jdbc.SQLServerDriver"
},
"signingOrders": {
"fileDirectory": "C:/PhenixID/FileStorage",
"documentLocationId": 1,
"usePdfAFlavours": ["PDFA_1_A", "PDFA_3_A"],
"rejectInvalidPdfA": true
},
"orderReminder": {
"enabled": true,
"beforeExpiration": "P2D"
},
"documentRetention": {
"enabled": true,
"inactiveDocumentAge": "PT12H",
"completedDocumentAge": "P30D"
},
"credentials": {
"privatePkcs12": "C:/PhenixID/Keys/token_signer.pkcs12",
"password": "zecret"
},
"signingService": {
"url": "https://signing.phenixid.net/pdf_sign//authenticate/logout/?nextTarget=https://signing.phenixid.net/pdf_sign//"
},
"fileService": {
"url": "https://signing-service.phenixid.net/files/session",
"username": "workflow",
"password": "secret7zce"
},
"documentRetention": {
"enabled": true,
"inactiveDocumentAge": "PT12H",
"completedDocumentAge": "P30D"
},
"saml": {
"postSsoUrl": "https://idp.phenixid.net/saml/authenticate/idp",
"assertionConsumerServiceUrl": "https://signing-workflow.phenixid.net/auth/saml",
"issuerId": "https://signing-workflow.phenixid.net/saml/sp",
"defaultLocale": "sv",
"attributes": {
"authority": "description",
"source": "source",
"firstName": "givenName",
"lastName": "sn",
"mail": "mail"
},
"roles": {
"solicitor": "role:solicitor"
},
"trustedIssuers": [
"https://idp.phenixid.net/saml/idp"
],
"trustedCertificates": [
"C:/PhenixID/Certs/samltrust.pem"
],
"skewTime": 30000
},
"smtp": {
"fromAddress": "[email protected]",
"enabled": "true",
"client": {
"host": "smtp.sendgrid.net",
"port": 25,
"username": "user",
"password": "zecret"
"login": "REQUIRED"
}
},
"webHook": {
"enabled": true,
"endpoint": "http://www.example.org/automation"
},
"users": {
"useSsl": false,
"useSslClientCert": false,
"useSslTrustAll": false,
"sslTrustFile": "C:/PhenixID/Trust/saml-trust.pkcs8",
"sslKeyFile": "C:/PhenixID/Keys/key.der",
"sslKeyPassword": "abc123",
"externalUserLookup": "https://signing-service.net/pipes/users/external",
"internalUserLookup": "https://signing-service.net/pipes/users/internal",
"internalUserSearch": "https://signing-service.net/pipes/users/search",
"internalUserAttributes": {
"organization": "o",
"userId": "sAMAccountName",
"mail": "mail",
"firstName": "givenName",
"lastName": "sn",
"mobile": "mobile",
"department": "ou"
},
"externalUserAttributes": {
"info": "o",
"mail": "mail",
"mobile": "mobile",
"firstName": "givenName",
"lastName": "sn"
}
},
"notifications": {
"downloadLink": false
},
"orderOptions": {
"enableNotifyAllSignersOption": false
}
}