Configuration reference

This document describes all the parameters (set in config/config.json) that controls system behaviour.

Audience

System administrators.

Name Description Mandatory Default
automationApiEnabled
Enable the Automation API (boolean) no false
automationApiInterface
Listening interface for the Automation API (string)
no "0.0.0.0"
automationApiPort
Listening port for the Automation API (int)
no 8081
credentials.password
Password for PKCS12 archive (string)
yes, if password.privatePkcs12 is encrypted

credentials.privatePkcs12
PKCS12 archive for server certificate and private key (string)
yes
database.changelog
Path to database changeset (string)
yes "db_migrations/changelog.master.xml"
database.driver_class
Database driver (string)
yes "com.microsoft.sqlserver.jdbc.SQLServerDriver"
database.initial_pool_size
Initial number of connections in connection pool (int)
no 3
database.max_idle_time
Maximum idle time for a connection in connection pool (0 means forever) (int)
no 0
database.max_pool_size
Maximal number of connections in connection pool (int)
no 15
database.migrations_enabled
Enable database changeset. Only change if you know what you are doing. (boolean)
yes true
database.min_pool_size
Minimal number of connections in connection pool (int)
no 3
database.password
Database  password (string)
yes
database.url Database connection URL. E.g. "jdbc:sqlserver://localhost:1433;database=digo;encrypt=false" (string) yes
database.user Database user (string)
yes
documentRetention.completedDocumentAge
Max age of a completed (accepted) document until it is deleted. Value in ISO8601 (string)
"P30D"
documentRetention.enabled Enable or disable the entire document retention function. (boolean)
no true
documentRetention.inactiveDocumentAge
Max age of an inactive document until it is deleted. Value in ISO8601 (string)
no "PT12H"
fileService.password File service user password (string)
yes

fileService.url
URL of File Service (string)
yes
fileService.username
File service user (string)
yes
logNetworkActivity
Enable TCP logging for incoming HTTP requests (boolean)
no false
logoutUrl
Browser redirects to this URL on logout (string)
yes
notifications.downloadLink
Direct download link for document in an email (boolean)
no true
orderOptions.enableNotifyAllSignersOption
When enabled, all signers will be notified when the document is signed by everyone in the errand. All signers will also be able to download the document (boolean)
no false
orderReminder.batchSize
Order reminder batch size (int)
no 25
orderReminder.beforeExpiration
Send reminder number of days before order expires. Value in ISO8601 (string)
no "P2D"
orderReminder.delay
Time delay in milliseconds until first order notification and reminder batch jobs after server start (int milliseconds)
no 3000
orderReminder.enabled
Enable reminder notifications (boolean)
no true
orderReminder.frequency
Target frequency (1/second) for order notification and reminder batch jobs (double)
no 0.14
primaryServerInterface
Listening interface for the web app API (string)
no "0.0.0.0"
primaryServerPort
Listening port for the web app API (int)
no 8080
publicUrl
Public URL for the Signing Workflow service. E.g. https://swf.se:8080/ (string)
yes
saml.assertionConsumerServiceUrl SAML Assertion consumer URL (string)
yes
saml.attributes.authority
Authority attribute (string)
yes
saml.attributes.firstName
First name attribute (string)
yes
saml.attributes.lastName
Last name attribute (string)
yes
saml.attributes.mail
Mail attribute (string) yes
saml.attributes.source
Source attribute (string)
yes
saml.defaultLocale
SAML locale. E.g. "sv" (string)
yes
saml.issuerId
SAML issuer ID (string)
yes
saml.postSsoUrl
SAML IdP Request consumer URL (string)
yes
saml.roles.solicitor
This value for the digo_saml_authority attribute indicates Solicitor permissions (string)
yes
saml.skewTime
SAML skew time in milliseconds (int)
no 30000
saml.trustedCertificates.[]
List of files containing trusted certificates for SAML ticket validation (array of strings)
E.g. "saml": { "trustedCertificates": [     "/path/saml.pem"    ] }
yes
saml.trustedIssuers.[]
List of trusted Issuers (Array of strings)
E.g. "saml": { "trustedIssuers": [     "stockholm"    ] }
yes
sessionTimeout
Session timeout in milliseconds (int)
no 14400000 (4 hours)
signingOrders.bodyLimit
Max upload file size in bytes (int)
no 2097152 (2 MiB)
signingOrders.documentLocationId
File storage ID. Change this to a unique value every time the File storage directory is changed (int)
yes 1
signingOrders.documentMimeType
Mime type header when downloading a signed document (string)
no "application/octet-stream"
signingOrders.usePdfAFlavours
Allow these PDF/A flavours (Array of strings)
no [ "PDFA_1_A" ]
signingOrders.rejectInvalidPdfA
Reject invalid PDF/A file selections (boolean)
no false
signingOrders.fileDirectory
Path to where to store signed documents (string) yes
signingService.url
URL of Signing Service (string)
yes
smtp.client.hostname SMTP hostname (string) yes (if smtp is enabled)
smtp.client.keyStore
Key store file to trust server certificates (string)
no
smtp.client.keyStorePassword
Password for key store file (string)
yes, if keyStore is encrypted

smtp.client.login
Use authentication on the SMTP service
(String: DISABLED, NONE, REQUIRED)
no "REQUIRED"
smtp.client.password
SMTP Password (string)
yes (if smtp is enabled)

smtp.client.port
SMTP port (int) no 587
smtp.client.ssl
Use TLS when connecting to mail server (boolean)
no true
smtp.client.starttls
Use StartTLS (String: DISABLED, OPTIONAL, REQUIRED)
no "REQUIRED"
smtp.client.trustAll
Trust all certificates when connecting to mail server (boolean)
no false
smtp.client.username
SMTP Username (string) yes (if smtp is enabled)

smtp.enabled
SMTP notifications enabled (boolean)
no false
tags Add custom tags that can be used to tag signing orders no
smtp.fromAddress
Notification email from (string)
yes (if smtp is enabled)

users.externalUserAttributes.firstName
First name attribute in external user query result (string)
yes
users.externalUserAttributes.info
Info attribute in external user query result (string)
yes
users.externalUserAttributes.lastName
Last name attribute in external user query result (string)
yes
users.externalUserAttributes.mail
Mail attribute in external user query result (string)
yes
users.externalUserAttributes.mobile
Mobile attribute in external user query result (string)
yes
users.externalUserLookup
URL for external user lookup (string)
yes
users.internalUserAttributes.department
Department attribute in internal user query result (string)
yes
users.internalUserAttributes.firstName
First name attribute in internal user query result (string)
yes
users.internalUserAttributes.lastName
Last name attribute in internal user query result (string)
yes

users.internalUserAttributes.mail
Mail attribute in internal user query result (string)
yes

users.internalUserAttributes.mobile
Mobile attribute in internal user query result (string)
yes

users.internalUserAttributes.organization
Organization attribute in internal user query result (string)
yes

users.internalUserAttributes.userId
User ID attribute in internal user query result (string)
yes
users.internalUserLookup
URL for internal user lookup (string) yes
users.internalUserSearch
URL for internal user search  (string)
yes
users.sslKeyFile
Path to private key for TLS authentication  (string)
no
users.sslKeyFileType Key file type (string)
no "pkcs12"
users.sslKeyPassword Password for the private TLS key  (string)
yes, if sslKeyFile is encrypted

users.sslTrustFile
Custom trust store  (string)
no
users.useSsl
Use TLS towards User Query Service (boolean)
no false
users.useSslClientCert
Use TLS Client Auth towards User Query Service (boolean)
no false
users.useSslTrustAll
Trust all TLS server certificates (boolean)
no false
users.sslTrustFileType
Trust store type  (string)
no "pkcs12"
webHook.connectionTimeout
Timeout for the http POST. Duration in ISO-8601 (string)
no "PT30S"
webHook.enabled
Enable webhooks (boolean)
no false
webHook.endpoint
Endpoint for webhook (string)
no
webHook.key
Extra query parameter in endpoint URL (string)
no
webHook.secret
Secret to create header signature  (string)
no
webHook.sslKeyFile
Private key for TLS authentication, mandatory if using SSL (string)
no
webHook.sslKeyFileType
Content type (string)
no "pkcs12"
webHook.sslKeyPassword
Password for the private TLS key (string)
yes, if sslKeyFile is encrypted
webHook.sslTrustFile
Certificate file, mandatory (string)
yes, if using client authentication 
webHook.sslTrustFileType
Content type (string)
no "pkcs12"
webHook.useSslClientCert
Use TLS Client authentication toward webhook service (boolean)
no false
webHook.useSslTrustAll
Trust all TLS server certificates (boolean)
no false



Example configuration file

{
  "publicUrl": "https://signing-workflow.phenixid.net/",
  "apiHost": "172.16.238.11",
  "primaryServerPort": 8080,
  "automationApiEnabled": true,
  "automationApiHost": "172.16.239.11",
  "apiPort": 8081,
  "logoutUrl": "https://signing-workflow.phenixid.net/",
  "logNetworkActivity": false,
  "sessionTimeout": 30000,
  "database": {
    "url": "jdbc:sqlserver://10.128.22.34:61466;database=workflow",
    "user": "workflow_owner",
    "password": "Secret8899",
    "max_pool_size": 15,
    "min_pool_size": 3,
    "initial_pool_size": 3,
    "max_idle_time": 0,
    "changelog": "db_migrations/changelog.master.xml",
    "migrations_enabled": true,
    "driver_class": "com.microsoft.sqlserver.jdbc.SQLServerDriver"
  },
  "signingOrders": {
    "fileDirectory": "C:/PhenixID/FileStorage",
    "documentLocationId": 1,
    "usePdfAFlavours": ["PDFA_1_A", "PDFA_3_A"],
    "rejectInvalidPdfA": true
  },
  "orderReminder": {
    "enabled": true,
    "beforeExpiration": "P2D"
  },
  "documentRetention": {
    "enabled": true,
    "inactiveDocumentAge": "PT12H",
    "completedDocumentAge": "P30D"
  },
  "credentials": {
    "privatePkcs12": "C:/PhenixID/Keys/token_signer.pkcs12",
    "password": "zecret"
  },
  "signingService": {
    "url": "https://signing.phenixid.net/pdf_sign//authenticate/logout/?nextTarget=https://signing.phenixid.net/pdf_sign//"
  },
  "fileService": {
    "url": "https://signing-service.phenixid.net/files/session",
    "username": "workflow",
    "password": "secret7zce"
  },
  "documentRetention": {
     "enabled": true,
     "inactiveDocumentAge": "PT12H",
     "completedDocumentAge": "P30D"
  },
  "saml": {
    "postSsoUrl": "https://idp.phenixid.net/saml/authenticate/idp",
    "assertionConsumerServiceUrl": "https://signing-workflow.phenixid.net/auth/saml",
    "issuerId": "https://signing-workflow.phenixid.net/saml/sp",
    "defaultLocale": "sv",
    "attributes": {
      "authority": "description",
      "source": "source",
      "firstName": "givenName",
      "lastName": "sn",
      "mail": "mail"
    },
    "roles": {
      "solicitor": "role:solicitor"
    },
    "trustedIssuers": [
      "https://idp.phenixid.net/saml/idp"
    ],
    "trustedCertificates": [
      "C:/PhenixID/Certs/samltrust.pem"
    ],
    "skewTime": 30000
  },
  "smtp": {
    "fromAddress": "[email protected]",
    "enabled": "true",
    "client": {
       "host": "smtp.sendgrid.net",
       "port": 25,
       "username": "user",
       "password": "zecret"
       "login": "REQUIRED"
    }
  },
  "webHook": {
    "enabled": true,
    "endpoint": "http://www.example.org/automation"
  }, 
  "users": {
    "useSsl": false,
    "useSslClientCert": false,
    "useSslTrustAll": false,
    "sslTrustFile": "C:/PhenixID/Trust/saml-trust.pkcs8",
    "sslKeyFile": "C:/PhenixID/Keys/key.der",
    "sslKeyPassword": "abc123",
    "externalUserLookup": "https://signing-service.net/pipes/users/external",
    "internalUserLookup": "https://signing-service.net/pipes/users/internal",
    "internalUserSearch": "https://signing-service.net/pipes/users/search",
    "internalUserAttributes": {
      "organization": "o",
      "userId": "sAMAccountName",
      "mail": "mail",
      "firstName": "givenName",
      "lastName": "sn",
      "mobile": "mobile",
      "department": "ou"
    },
    "externalUserAttributes": {
      "info": "o",
      "mail": "mail",
      "mobile": "mobile",
      "firstName": "givenName",
      "lastName": "sn"
    }
  },
  "notifications": {
    "downloadLink": false
  },
  "orderOptions": {
    "enableNotifyAllSignersOption": false
  }
}