Configuration reference

This document describes all the parameters (set in config/config.json) that controls system behaviour.

Audience

System administrators.

Name Description Mandatory Choices/Default
publicUrl Public URL for the Signing Workflow service
yes
primaryServerInterface Listening interface for the web app API
0.0.0.0
primaryServerPort Listening port for the web app API
8080
automationApiEnabled

false
automationApiInterface
Listening interface for the Automation API
0.0.0.0
automationApiPort Listening port for the Automation API

8081
logoutUrl Browser redirect to this URL on logout

Same value as publicUrl
logNetworkActivity Enable TCP logging for incoming HTTP requests

false
sessionTimeout Session timeout in milliseconds

30000
database.url Database URL
yes
database.user Database user
yes
database.password Database  password
yes
database.max_pool_size Maximal number of connections in connection pool

15
database.min_pool_size Minimal number of connections in connection pool

3
database.initial_pool_size Initial number of connections in connection pool

3
database.max_idle_time Maximum idle time for a connection in connection pool (0 means forever)

0
database.changelog Path to database changeset (do not edit) yes
database.migrations_enabled Enable database changeset (do not edit) yes true, false
database.driver_class Database driver (do not edit) yes
signingOrders.fileDirectory File storage yes
signingOrders.documentLocationId File storage ID. Change this to a unique value every time the File storage directory is changed. yes
signingOrders.documentMimeType Mime type header when downloading a signed document
application/octet-stream
documentRetention.enabled
Enable or disable the entire document retention function.
false
documentRetention.inactiveDocumentAge
Max age of an inactive document until it is deleted. Value in ISO8601

PT12H
documentRetention.completedDocumentAge
Max age of a completed (accepted) document until it is deleted. Value in ISO8601

P30D
orderReminder.enabled Enable reminder notifications
false
orderReminder.beforeExpiration Send reminder number of days before order expires
P2D
jwt.privateKeyFile A private key file yes
jwt.publicCertFile Public certificate corresponding to the private key yes
signingService.url URL of Signing Service yes
fileService.url URL of File Service.  yes
fileService.username File service user yes
fileService.password File service user password yes
saml.postSsoUrl SAML IdP Request consumer URL
yes
saml.assertionConsumerServiceUrl SAML Assertion consumer URL yes
saml.issuerId SAML issuer ID yes
saml.defaultLocale SAML locale yes
saml.attributes.authority Authority attribute yes
saml.attributes.source Source attribute yes

saml.attributes.firstName First name attribute yes

saml.attributes.lastName Last name attribute yes

saml.attributes.mail Mail attribute yes

saml.roles.solicitor This value for the digo_saml_authority attribute indicates Solicitor permissions
yes

saml.trustedIssuers List of iles containing trusted certificates for SAML ticket validation
yes

saml.skewTime SAML skew time yes

smtp.host SMTP service host yes

smtp.port SMTP service port yes

smtp.trust Used with SMTP TLS. Set to same as smtp.host when using TLS.

smtp.username SMTP service username

smtp.password SMTP service password

smtp.fromAddress Notification email from yes

smtp.enabled SMTP notifications enabled. (Must be set to string, ie "true" or "false") yes
true, false
smtp.enable
Set to true if TLS is used. (Must be set to string, ie "true" or "false")    

true, false / false
smtp.auth Use authentication on the SMTP service
true, false / false
users.useSsl Use TLS towards User Query Service

true, false
users.useSslClientCert Use TLS Client Auth towards User Query Service

true, false
users.useSslTrustAll Trust all TLS server certificates

true, false
users.sslKeyFile Private key for TLS authentication


users.sslKeyPassword Password for the private TLS key


users.externalUserLookup URL for external user lookup
yes

users.internalUserLookup URL for internal user lookup
yes

users.internalUserSearch URL for internal user search
yes

users.internalUserAttributes.organization Organization attribute in internal user query result
yes

users.internalUserAttributes.userId
User ID attribute in internal user query result
yes

users.internalUserAttributes.mail
Mail attribute in internal user query result
yes

users.internalUserAttributes.firstName
First name attribute in internal user query result
yes

users.internalUserAttributes.lastName
Last name attribute in internal user query result
yes

users.internalUserAttributes.mobile
Mobile attribute in internal user query result
yes

users.internalUserAttributes.department
Department attribute in internal user query result
yes

users.externalUserAttributes.info
Info attribute in external user query result
yes

users.externalUserAttributes.mail
Mail attribute in external user query result
yes

users.externalUserAttributes.mobile
Mobile attribute in external user query result
yes

users.externalUserAttributes.firstName
First name attribute in external user query result
yes

users.externalUserAttributes.lastName
Last name attribute in external user query result
yes

users.externalUserAttributes.info
Info attribute in external user query result
yes

webHook.enabled Enable webhooks
false
webHook.endpoint
Endpoint for webhook yes
webHook.key
Extra query parameter in endpoint URL.

webHook.connectionTimeout
Timeout for the http POST. Duration in ISO-8601.
PT30S
webHook.secret
Secret to create header signature.

webHook.useSslTrustAll
Trust all TLS server certificates

true
webHook.useSslClientCert
Use TLS Client authentication towards webhook service

false
webHook.sslTrustFile Certificate file, mandatory if using client authentication. (yes)
webHook.sslTrustFileType
Content type.
pkcs12
webHook.sslKeyFile
Private key for TLS authentication, mandatory if using SSL. (yes)
webHook.sslKeyFileType
Content type.

pkcs12
webHook.sslKeyPassword
Password for the private TLS key
(yes)

Example configuration file

<p>{
  "publicUrl": "https://signing-workflow.phenixid.net/",
  "apiHost": "172.16.238.11",
  "primaryServerPort": 8080,
  "automationApiEnabled": true,
  "automationApiHost": "172.16.239.11",
  "apiPort": 8081,
  "logoutUrl": "https://signing-workflow.phenixid.net/",
  "logNetworkActivity": false,
  "sessionTimeout": 30000,
  "database": {
    "url": "jdbc:sqlserver://10.128.22.34:61466;database=workflow",
    "user": "workflow_owner",
    "password": "Secret8899",
    "max_pool_size": 15,
    "min_pool_size": 3,
    "initial_pool_size": 3,
    "max_idle_time": 0,
    "changelog": "db_migrations/changelog.master.xml",
    "migrations_enabled": true,
    "driver_class": "com.microsoft.sqlserver.jdbc.SQLServerDriver"
  },
  "signingOrders": {
    "fileDirectory": "C:/PhenixID/FileStorage",
    "documentLocationId": 1
  },
  "orderReminder": {
    "enabled": true,
    "beforeExpiration": "P2D"
  },
  "documentRetention": {
    "enabled": true,
    "inactiveDocumentAge": "PT12H",
    "completedDocumentAge": "P30D"
  },
  "jwt": {
    "privateKeyFile": "C:/PhenixID/Keys/token_signer.pkcs8",
    "publicCertFile": "C:/PhenixID/Certs/token_signer.cer"
  },
  "signingService": {
    "url": "https://signing.phenixid.net/pdf_sign//authenticate/logout/?nextTarget=https://signing.phenixid.net/pdf_sign//"
  },
  "fileService": {
    "url": "https://signing-service.phenixid.net/files/session",
    "username": "workflow",
    "password": "secret7zce"
  },
  "documentRetention": {
     "enabled": true,
     "inactiveDocumentAge": "PT12H",
     "completedDocumentAge": "P30D"
  },
  "saml": {
    "postSsoUrl": "https://idp.phenixid.net/saml/authenticate/idp",
    "assertionConsumerServiceUrl": "https://signing-workflow.phenixid.net/auth/saml",
    "issuerId": "https://signing-workflow.phenixid.net/saml/sp",
    "defaultLocale": "sv",
    "attributes": {
      "authority": "description",
      "source": "source",
      "firstName": "givenName",
      "lastName": "sn",
      "mail": "mail"
    },
    "roles": {
      "solicitor": "role:solicitor"
    },
    "trustedIssuers": [
      "https://idp.phenixid.net/saml/idp"
    ],
    "trustedCertificates": [
      "C:/PhenixID/Certs/samltrust.pem"
    ],
    "skewTime": 30000
  },
  "smtp": {
    "host": "smtp.sendgrid.net\"",
    "port": "25",
    "trust": null,
    "username": null,
    "password": null,
    "fromAddress": "signing-workflow@phenixidentity.com",
    "enabled": "true",
    "auth": false
  },
  "webHook": {
    "enabled": true,
    "endpoint": "http://www.example.org/automation"
  }, 
  "users": {
    "useSsl": false,
    "useSslClientCert": false,
    "useSslTrustAll": false,
    "sslTrustFile": "C:/PhenixID/Trust/saml-trust.pkcs8",
    "sslKeyFile": "C:/PhenixID/Keys/key.der",
    "sslKeyPassword": "abc123",
    "externalUserLookup": "https://signing-service.net/pipes/users/external",
    "internalUserLookup": "https://signing-service.net/pipes/users/internal",
    "internalUserSearch": "https://signing-service.net/pipes/users/search",
    "internalUserAttributes": {
      "organization": "o",
      "userId": "sAMAccountName",
      "mail": "mail",
      "firstName": "givenName",
      "lastName": "sn",
      "mobile": "mobile",
      "department": "ou"
    },
    "externalUserAttributes": {
      "info": "o",
      "mail": "mail",
      "mobile": "mobile",
      "firstName": "givenName",
      "lastName": "sn"
    }
  }
}</p>