Configuration reference

This document describes all the parameters (set in config/config.json) that controls system behaviour.

Audience

System administrators.

Name Description Mandatory Default
automationApiEnabled
Enable the Automation API (boolean) no false
automationApiInterface
Listening interface for the Automation API (string)
no "0.0.0.0"
automationApiPort
Listening port for the Automation API (int)
no 8081
credentials.password
Password for PKCS12 archive (string)
yes, if password.privatePkcs12 is encrypted

credentials.privatePkcs12
PKCS12 archive for server certificate and private key (string)
yes
database.changelog
Path to database changeset (string)
yes "db_migrations/changelog.master.xml"
database.driver_class
Database driver (string)
yes "com.microsoft.sqlserver.jdbc.SQLServerDriver"
database.initial_pool_size
Initial number of connections in connection pool (int)
no 3
database.max_idle_time
Maximum idle time for a connection in connection pool (0 means forever) (int)
no 0
database.max_pool_size
Maximal number of connections in connection pool (int)
no 15
database.migrations_enabled
Enable database changeset. Only change if you know what you are doing. (boolean)
yes true
database.min_pool_size
Minimal number of connections in connection pool (int)
no 3
database.password
Database  password (string)
yes
database.url Database connection URL. E.g. "jdbc:sqlserver://localhost:1433;database=digo;encrypt=false" (string) yes
database.user Database user (string)
yes
deleteOrdersJob.acceptedAgeLimit
Max age for orders with status ACCEPTED. Value in ISO8601 (string)
no deleteOrdersJob.defaultAgeLimit
deleteOrdersJob.batchSize
Number of orders to process att the same time (int)
no 100
deleteOrdersJob.cancelledAgeLimit
Max age for orders with status CANCELLED. Value in ISO8601 (string)
no
deleteOrdersJob.defaultAgeLimit
deleteOrdersJob.defaultAgeLimit
Default max age for an order before it is deleted. This value is overridden if a max age is set for a specific order status. E.g. acceptedAgeLimit. Value in ISO8601 (string)
no "P100Y"
deleteOrdersJob.delay
Delay in  ISO-8601 before running first batch job or when to schedule with cron expression (string)
no
"PT0S"
deleteOrdersJob.enabled
Enable or disable the entire delete orders job. (boolean)
no
false
deleteOrdersJob.expiredAgeLimit
Max age for orders with status EXPIRED. Value in ISO8601 (string)
no
deleteOrdersJob.defaultAgeLimit
deleteOrdersJob.failedAgeLimit
Max age for orders with status FAILED. Value in ISO8601 (string)
no
deleteOrdersJob.defaultAgeLimit
deleteOrdersJob.pendingAgeLimit
Max age for orders with status PENDING. Value in ISO8601 (string)
no
deleteOrdersJob.defaultAgeLimit
deleteOrdersJob.rejectedAgeLimit
Max age for orders with status REJECTED. Value in ISO8601 (string)
no
deleteOrdersJob.defaultAgeLimit
deleteOrdersJob.schedule
Delay between batch jobs in ISO-8601 or Cron expression (string)
no
"0 0 0,1,2,3,4,5 * * ?"
deleteOrdersJob.statusFilter
Comma-separated order status values;
ACCEPTED, CANCELLED, EXPIRED, FAILED, PENDING, REJECTED
no
"REJECTED, CANCELLED, EXPIRED, FAILED"
documentRetention.batchSize
Number of documents to process att the same time (int) no 100
documentRetention.completedDocumentAge
Max age of a completed (ACCEPTED, REJECTED, CANCELED, EXPIRED) document until it is deleted. Value in ISO8601 (string)
no "P30D"
documentRetention.delay
Delay in  ISO-8601 before running first batch job or when to schedule with cron expression (string)
no "PT0S"
documentRetention.deleteFromDatabase Also delete document data from the database (boolean) no false
documentRetention.deleteFromDatabaseAgeLimit
Max age of a document until its data is deleted from the database. Requires 'deleteFromDatabase' (string) no "P100Y"
documentRetention.enabled Enable or disable the entire document retention function. (boolean)
no true
documentRetention.inactiveDocumentAge
Max age of an inactive or finalized (REJECTED, CANCELED, EXPIRED) document until it is deleted.  Value in ISO8601 (string)
no "PT12H"
documentRetention.schedule
Delay between batch jobs in ISO-8601 or Cron expression (string)
no
"0 0 2 * * ?"
documentRetention.unconsumedDocumentAge
Max age of an orphan document until it is deleted. Value in ISO8601 (string)
no "PT12H"
expireOrdersJob.batchSize
Number of documents to process att the same time (int)
no 100
expireOrdersJob.delay
Delay in  ISO-8601 before running first batch job or when to schedule with cron expression (string)
no "PT0S"
expireOrdersJob.enabled
Enable or disable expiring orders job (boolean)
no true
expireOrdersJob.schedule
The delay between batch jobs in ISO-8601 or Cron expression (string)
no "0 0,30 * * * ?"
fileService.password File service user password (string)
yes

fileService.url
URL of File Service (string)
yes
fileService.username
File service user (string)
yes
logNetworkActivity
Enable TCP logging for incoming HTTP requests (boolean)
no false
logoutUrl
Browser redirects to this URL on logout (string)
yes
notifications.downloadLink
Direct download link for document in an email (boolean)
no true
orderOptions.enableNotifyAllSignersOption
When enabled, all signers will be notified when everyone in the errand signs the document. All signers will also be able to download the document (boolean)
no false
orderReminder.batchSize
Order reminder batch size (int)
no 25
orderReminder.beforeExpiration
Send a reminder number of days before the order expires. Value in ISO8601 (string)
no "P2D"
orderReminder.delay
Delay in  ISO-8601 before running first batch job or when to schedule with cron expression (string)
no "PT15S"
orderReminder.enabled
Enable reminder notifications (boolean)
no true
orderReminder.schedule
The delay between batch jobs in ISO-8601 or Cron expression (string)
no "PT35S"
primaryServerInterface
Listening interface for the web app API (string)
no "0.0.0.0"
primaryServerPort
Listening port for the web app API (int)
no 8080
publicUrl
Public URL for the Signing Workflow service. E.g. https://swf.se:8080/ (string)
yes
saml.assertionConsumerServiceUrl SAML Assertion consumer URL (string)
yes
saml.attributes.authority
Authority attribute (string)
yes
saml.attributes.firstName
First name attribute (string)
yes
saml.attributes.lastName
Last name attribute (string)
yes
saml.attributes.mail
Mail attribute (string) yes
saml.attributes.source
Source attribute (string)
yes
saml.defaultLocale
SAML locale. E.g. "sv" (string)
yes
saml.issuerId
SAML issuer ID (string)
yes
saml.postSsoUrl
SAML IdP Request consumer URL (string)
yes
saml.roles.solicitor
This value for the digo_saml_authority attribute indicates Solicitor permissions (string)
yes
saml.skewTime
SAML skew time in milliseconds (int)
no 30000
saml.trustedCertificates.[]
List of files containing trusted certificates for SAML ticket validation (array of strings)
E.g. "saml": { "trustedCertificates": [     "/path/saml.pem"    ] }
yes
saml.trustedIssuers.[]
List of trusted Issuers (Array of strings)
E.g. "saml": { "trustedIssuers": [     "stockholm"    ] }
yes
sessionTimeout
Session timeout in milliseconds (int)
no 14400000 (4 hours)
signingOrders.bodyLimit
Max upload file size in bytes (int)
no 2097152 (2 MiB)
signingOrders.documentLocationId
File storage ID. Change this to a unique value every time the File storage directory is changed (int)
yes 1
signingOrders.documentMimeType
Mime type header when downloading a signed document (string)
no "application/octet-stream"
signingOrders.usePdfAFlavours
Allow these PDF/A flavours (Array of strings)
no [ "PDFA_1_A" ]
signingOrders.rejectInvalidPdfA
Reject invalid PDF/A file selections (boolean)
no false
signingOrders.fileDirectory
Path to where to store signed documents (string) yes
signingService.url
URL of Signing Service (string)
yes
smtp.client.hostname SMTP hostname (string) yes (if smtp is enabled)
smtp.client.keyStore
Key store file to trust server certificates (string)
no
smtp.client.keyStorePassword
Password for key store file (string)
yes, if keyStore is encrypted

smtp.client.login
Use authentication on the SMTP service
(String: DISABLED, NONE, REQUIRED)
no "REQUIRED"
smtp.client.password
SMTP Password (string)
yes (if smtp is enabled)

smtp.client.port
SMTP port (int) no 587
smtp.client.ssl
Use TLS when connecting to mail server (boolean)
no true
smtp.client.starttls
Use StartTLS (String: DISABLED, OPTIONAL, REQUIRED)
no "REQUIRED"
smtp.client.trustAll
Trust all certificates when connecting to mail server (boolean)
no false
smtp.client.username
SMTP Username (string) yes (if smtp is enabled)

smtp.enabled
SMTP notifications enabled (boolean)
no false
tags Add custom tags that can be used to tag signing orders no
smtp.fromAddress
Notification email from (string)
yes (if smtp is enabled)

users.externalUserAttributes.firstName
First name attribute in external user query result (string)
yes
users.externalUserAttributes.info
Info attribute in external user query result (string)
yes
users.externalUserAttributes.lastName
Last name attribute in external user query result (string)
yes
users.externalUserAttributes.mail
Mail attribute in external user query result (string)
yes
users.externalUserAttributes.mobile
Mobile attribute in external user query result (string)
yes
users.externalUserLookup
URL for external user lookup (string)
yes
users.internalUserAttributes.department
Department attribute in internal user query result (string)
yes
users.internalUserAttributes.firstName
First name attribute in internal user query result (string)
yes
users.internalUserAttributes.lastName
Last name attribute in internal user query result (string)
yes

users.internalUserAttributes.mail
Mail attribute in internal user query result (string)
yes

users.internalUserAttributes.mobile
Mobile attribute in internal user query result (string)
yes

users.internalUserAttributes.organization
Organization attribute in internal user query result (string)
yes

users.internalUserAttributes.userId
User ID attribute in internal user query result (string)
yes
users.internalUserLookup
URL for internal user lookup (string) yes
users.internalUserSearch
URL for internal user search  (string)
yes
users.sslKeyFile
Path to private key for TLS authentication  (string)
no
users.sslKeyFileType Key file type (string)
no "pkcs12"
users.sslKeyPassword Password for the private TLS key  (string)
yes, if sslKeyFile is encrypted

users.sslTrustFile
Custom trust store  (string)
no
users.useSsl
Use TLS towards User Query Service (boolean)
no false
users.useSslClientCert
Use TLS Client Auth towards User Query Service (boolean)
no false
users.useSslTrustAll
Trust all TLS server certificates (boolean)
no false
users.sslTrustFileType
Trust store type  (string)
no "pkcs12"
webHook.connectionTimeout
Timeout for the http POST. Duration in ISO-8601 (string)
no "PT30S"
webHook.enabled
Enable webhooks (boolean)
no false
webHook.endpoint
Endpoint for webhook (string)
no
webHook.key
Extra query parameter in endpoint URL (string)
no
webHook.secret
Secret to create header signature  (string)
no
webHook.sslKeyFile
Private key for TLS authentication, mandatory if using SSL (string)
no
webHook.sslKeyFileType
Content type (string)
no "pkcs12"
webHook.sslKeyPassword
Password for the private TLS key (string)
yes, if sslKeyFile is encrypted
webHook.sslTrustFile
Certificate file, mandatory (string)
yes, if using client authentication 
webHook.sslTrustFileType
Content type (string)
no "pkcs12"
webHook.useSslClientCert
Use TLS Client authentication toward webhook service (boolean)
no false
webHook.useSslTrustAll
Trust all TLS server certificates (boolean)
no true



Example configuration file

{
  "publicUrl": "https://signing-workflow.phenixid.net/",
  "apiHost": "172.16.238.11",
  "primaryServerPort": 8080,
  "automationApiEnabled": true,
  "automationApiHost": "172.16.239.11",
  "apiPort": 8081,
  "logoutUrl": "https://signing-workflow.phenixid.net/",
  "logNetworkActivity": false,
  "sessionTimeout": 30000,
  "database": {
    "url": "jdbc:sqlserver://10.128.22.34:61466;database=workflow",
    "user": "workflow_owner",
    "password": "Secret8899",
    "max_pool_size": 15,
    "min_pool_size": 3,
    "initial_pool_size": 3,
    "max_idle_time": 0,
    "changelog": "db_migrations/changelog.master.xml",
    "migrations_enabled": true,
    "driver_class": "com.microsoft.sqlserver.jdbc.SQLServerDriver"
  },
  "signingOrders": {
    "fileDirectory": "C:/PhenixID/FileStorage",
    "documentLocationId": 1,
    "usePdfAFlavours": ["PDFA_1_A", "PDFA_3_A"],
    "rejectInvalidPdfA": true
  },
  "orderReminder": {
    "enabled": true,
    "beforeExpiration": "P2D"
  },
  "documentRetention": {
    "enabled": true,
    "inactiveDocumentAge": "PT12H",
    "completedDocumentAge": "P30D"
  },
  "credentials": {
    "privatePkcs12": "C:/PhenixID/Keys/token_signer.pkcs12",
    "password": "zecret"
  },
  "signingService": {
    "url": "https://signing.phenixid.net/pdf_sign//authenticate/logout/?nextTarget=https://signing.phenixid.net/pdf_sign//"
  },
  "fileService": {
    "url": "https://signing-service.phenixid.net/files/session",
    "username": "workflow",
    "password": "secret7zce"
  },
  "documentRetention": {
     "enabled": true,
     "inactiveDocumentAge": "PT12H",
     "completedDocumentAge": "P30D"
  },
  "saml": {
    "postSsoUrl": "https://idp.phenixid.net/saml/authenticate/idp",
    "assertionConsumerServiceUrl": "https://signing-workflow.phenixid.net/auth/saml",
    "issuerId": "https://signing-workflow.phenixid.net/saml/sp",
    "defaultLocale": "sv",
    "attributes": {
      "authority": "description",
      "source": "source",
      "firstName": "givenName",
      "lastName": "sn",
      "mail": "mail"
    },
    "roles": {
      "solicitor": "role:solicitor"
    },
    "trustedIssuers": [
      "https://idp.phenixid.net/saml/idp"
    ],
    "trustedCertificates": [
      "C:/PhenixID/Certs/samltrust.pem"
    ],
    "skewTime": 30000
  },
  "smtp": {
    "fromAddress": "[email protected]",
    "enabled": "true",
    "client": {
       "host": "smtp.sendgrid.net",
       "port": 25,
       "username": "user",
       "password": "zecret"
       "login": "REQUIRED"
    }
  },
  "webHook": {
    "enabled": true,
    "endpoint": "http://www.example.org/automation"
  }, 
  "users": {
    "useSsl": false,
    "useSslClientCert": false,
    "useSslTrustAll": false,
    "sslTrustFile": "C:/PhenixID/Trust/saml-trust.pkcs8",
    "sslKeyFile": "C:/PhenixID/Keys/key.der",
    "sslKeyPassword": "abc123",
    "externalUserLookup": "https://signing-service.net/pipes/users/external",
    "internalUserLookup": "https://signing-service.net/pipes/users/internal",
    "internalUserSearch": "https://signing-service.net/pipes/users/search",
    "internalUserAttributes": {
      "organization": "o",
      "userId": "sAMAccountName",
      "mail": "mail",
      "firstName": "givenName",
      "lastName": "sn",
      "mobile": "mobile",
      "department": "ou"
    },
    "externalUserAttributes": {
      "info": "o",
      "mail": "mail",
      "mobile": "mobile",
      "firstName": "givenName",
      "lastName": "sn"
    }
  },
  "notifications": {
    "downloadLink": false
  },
  "orderOptions": {
    "enableNotifyAllSignersOption": false
  }
}