Configuration reference

This document describes all the parameters (set in config/config.json) that controls system behaviour.

Audience

System administrators.

Name Description Mandatory Choices/Default
publicUrl Public URL for the Signing Workflow service
yes
primaryServerInterface Listening interface for the web app API
0.0.0.0
primaryServerPort Listening port for the web app API
8080
automationApiEnabled

true, false
automationApiInterface
Listening interface for the Automation API
0.0.0.0
automationApiPort Listening port for the Automation API

8081
logoutUrl Browser redirect to this URL on logout

<publicUrl>
logNetworkActivity Enable TCP logging for incoming HTTP requests

true, false
sessionTimeout Session timeout in milliseconds

14400000 (4 hours)
database.user Database user
yes
database.password Database  password
yes
database.max_pool_size Maximal number of connections in connection pool

15
database.min_pool_size Minimal number of connections in connection pool

3
database.initial_pool_size Initial number of connections in connection pool

3
database.max_idle_time Maximum idle time for a connection in connection pool (0 means forever)

0
database.changelog Path to database changeset (do not edit) yes db_migrations/changelog.master.xml
database.migrations_enabled Enable database changeset (do not edit) yes true
database.driver_class Database driver (do not edit) yes
signingOrders.fileDirectory File storage yes
signingOrders.documentLocationId File storage ID. Change this to a unique value every time the File storage directory is changed. yes
signingOrders.documentMimeType Mime type header when downloading a signed document
application/octet-stream
signingOrders.usePdfAFlavours Allow these PDF/A flavours (string array)
[]
signingOrders.rejectInvalidPdfA
Reject invalid PDF/A file selections
true, false
signingOrders.bodyLimit Max upload file size

2097152 (2M)
documentRetention.enabled
Enable or disable the entire document retention function.
true, false
documentRetention.inactiveDocumentAge
Max age of an inactive document until it is deleted. Value in ISO8601

PT12H
documentRetention.completedDocumentAge
Max age of a completed (accepted) document until it is deleted. Value in ISO8601

P30D
orderReminder.enabled Enable reminder notifications
true, false
orderReminder.beforeExpiration Send reminder number of days before order expires
P2D
orderReminder.batchSize
Order reminder batch size
25
orderReminder.delay
Time delay in milliseconds until first order notification and reminder batch jobs after server start

3000
orderReminder.frequency
Target frequency (1/second) for order notification and reminder batch jobs

0.14
credentials.privatePkcs12 PKCS12 archive for server certificate and private key yes
credentials.password Password for PKCS12 archive yes, if privatePkcs12 is encrypted
signingService.url URL of Signing Service yes
fileService.url URL of File Service.  yes
fileService.username File service user yes
fileService.password File service user password yes
saml.postSsoUrl SAML IdP Request consumer URL
yes
saml.assertionConsumerServiceUrl SAML Assertion consumer URL yes
saml.issuerId SAML issuer ID yes
saml.defaultLocale SAML locale yes
saml.attributes.authority Authority attribute yes
saml.attributes.source Source attribute yes

saml.attributes.firstName First name attribute yes

saml.attributes.lastName Last name attribute yes

saml.attributes.mail Mail attribute yes

saml.roles.solicitor This value for the digo_saml_authority attribute indicates Solicitor permissions
yes

saml.trustedIssuers List of files containing trusted certificates for SAML ticket validation
yes

saml.skewTime SAML skew time yes

smtp.fromAddress Notification email from yes

smtp.enabled SMTP notifications enabled
true, false
smtp.client.hostname
yes
smtp.client.port
yes
smtp.client.login Use authentication on the SMTP service

DISABLED, NONE, REQUIRED
smtp.client.username
yes
smtp.client.password
yes
smtp.client.starttls Use StartTLS
DISABLED, OPTIONAL, REQUIRED
smtp.client.ssl Use TLS when connecting to mail server
true, false
smtp.client.trustAll Trust all certificates when connecting to mail server
true, false
smtp.client.keyStore Key store file to trust server certificates

smtp.client.keyStorePassword Password for key store file yes, if keyStore is encrypted
users.useSsl Use TLS towards User Query Service

true, false
users.useSslClientCert Use TLS Client Auth towards User Query Service

true, false
users.useSslTrustAll Trust all TLS server certificates

true, false
users.sslTrustFile Custom trust store

users.sslTrustFileType Trust store type
pkcs12
users.sslKeyFile Private key for TLS authentication


users.sslKeyFileType Key file type
pkcs12
users.sslKeyPassword Password for the private TLS key
yes, if sslKeyFile is encrypted
users.externalUserLookup URL for external user lookup
yes

users.internalUserLookup URL for internal user lookup
yes

users.internalUserSearch URL for internal user search
yes

users.internalUserAttributes.organization Organization attribute in internal user query result
yes

users.internalUserAttributes.userId
User ID attribute in internal user query result
yes

users.internalUserAttributes.mail
Mail attribute in internal user query result
yes

users.internalUserAttributes.firstName
First name attribute in internal user query result
yes

users.internalUserAttributes.lastName
Last name attribute in internal user query result
yes

users.internalUserAttributes.mobile
Mobile attribute in internal user query result
yes

users.internalUserAttributes.department
Department attribute in internal user query result
yes

users.externalUserAttributes.info
Info attribute in external user query result
yes

users.externalUserAttributes.mail
Mail attribute in external user query result
yes

users.externalUserAttributes.mobile
Mobile attribute in external user query result
yes

users.externalUserAttributes.firstName
First name attribute in external user query result
yes

users.externalUserAttributes.lastName
Last name attribute in external user query result
yes

users.externalUserAttributes.info
Info attribute in external user query result
yes

webHook.enabled Enable webhooks
true, false
webHook.endpoint
Endpoint for webhook yes
webHook.key
Extra query parameter in endpoint URL.

webHook.connectionTimeout
Timeout for the http POST. Duration in ISO-8601.
PT30S
webHook.secret
Secret to create header signature.

webHook.useSslTrustAll
Trust all TLS server certificates

true, false
webHook.useSslClientCert
Use TLS Client authentication towards webhook service

true, false
webHook.sslTrustFile Certificate file, mandatory if using client authentication. (yes)
webHook.sslTrustFileType
Content type.
pkcs12
webHook.sslKeyFile
Private key for TLS authentication, mandatory if using SSL. (yes)
webHook.sslKeyFileType
Content type.

pkcs12
webHook.sslKeyPassword
Password for the private TLS key
(yes)
notifications.downloadLink Direct download link for document in email 
true, false
orderOptions.enableNotifyAllSignersOption Allow option to let signers download signed documents
true, false

Example configuration file

{
  "publicUrl": "https://signing-workflow.phenixid.net/",
  "apiHost": "172.16.238.11",
  "primaryServerPort": 8080,
  "automationApiEnabled": true,
  "automationApiHost": "172.16.239.11",
  "apiPort": 8081,
  "logoutUrl": "https://signing-workflow.phenixid.net/",
  "logNetworkActivity": false,
  "sessionTimeout": 30000,
  "database": {
    "url": "jdbc:sqlserver://10.128.22.34:61466;database=workflow",
    "user": "workflow_owner",
    "password": "Secret8899",
    "max_pool_size": 15,
    "min_pool_size": 3,
    "initial_pool_size": 3,
    "max_idle_time": 0,
    "changelog": "db_migrations/changelog.master.xml",
    "migrations_enabled": true,
    "driver_class": "com.microsoft.sqlserver.jdbc.SQLServerDriver"
  },
  "signingOrders": {
    "fileDirectory": "C:/PhenixID/FileStorage",
    "documentLocationId": 1,
    "usePdfAFlavours": ["PDFA_1_A", "PDFA_3_A"],
    "rejectInvalidPdfA": true
  },
  "orderReminder": {
    "enabled": true,
    "beforeExpiration": "P2D"
  },
  "documentRetention": {
    "enabled": true,
    "inactiveDocumentAge": "PT12H",
    "completedDocumentAge": "P30D"
  },
  "credentials": {
    "privatePkcs12": "C:/PhenixID/Keys/token_signer.pkcs12",
    "password": "zecret"
  },
  "signingService": {
    "url": "https://signing.phenixid.net/pdf_sign//authenticate/logout/?nextTarget=https://signing.phenixid.net/pdf_sign//"
  },
  "fileService": {
    "url": "https://signing-service.phenixid.net/files/session",
    "username": "workflow",
    "password": "secret7zce"
  },
  "documentRetention": {
     "enabled": true,
     "inactiveDocumentAge": "PT12H",
     "completedDocumentAge": "P30D"
  },
  "saml": {
    "postSsoUrl": "https://idp.phenixid.net/saml/authenticate/idp",
    "assertionConsumerServiceUrl": "https://signing-workflow.phenixid.net/auth/saml",
    "issuerId": "https://signing-workflow.phenixid.net/saml/sp",
    "defaultLocale": "sv",
    "attributes": {
      "authority": "description",
      "source": "source",
      "firstName": "givenName",
      "lastName": "sn",
      "mail": "mail"
    },
    "roles": {
      "solicitor": "role:solicitor"
    },
    "trustedIssuers": [
      "https://idp.phenixid.net/saml/idp"
    ],
    "trustedCertificates": [
      "C:/PhenixID/Certs/samltrust.pem"
    ],
    "skewTime": 30000
  },
  "smtp": {
    "fromAddress": "[email protected]",
    "enabled": "true",
    "client": {
       "host": "smtp.sendgrid.net",
       "port": 25,
       "username": "user",
       "password": "zecret"
       "login": "REQUIRED"
    }
  },
  "webHook": {
    "enabled": true,
    "endpoint": "http://www.example.org/automation"
  }, 
  "users": {
    "useSsl": false,
    "useSslClientCert": false,
    "useSslTrustAll": false,
    "sslTrustFile": "C:/PhenixID/Trust/saml-trust.pkcs8",
    "sslKeyFile": "C:/PhenixID/Keys/key.der",
    "sslKeyPassword": "abc123",
    "externalUserLookup": "https://signing-service.net/pipes/users/external",
    "internalUserLookup": "https://signing-service.net/pipes/users/internal",
    "internalUserSearch": "https://signing-service.net/pipes/users/search",
    "internalUserAttributes": {
      "organization": "o",
      "userId": "sAMAccountName",
      "mail": "mail",
      "firstName": "givenName",
      "lastName": "sn",
      "mobile": "mobile",
      "department": "ou"
    },
    "externalUserAttributes": {
      "info": "o",
      "mail": "mail",
      "mobile": "mobile",
      "firstName": "givenName",
      "lastName": "sn"
    }
  },
  "notifications": {
    "downloadLink": false
  },
  "orderOptions": {
    "enableNotifyAllSignersOption": false
  }
}