Configuration reference
This document describes all the parameters (set in config/config.json) that controls system behaviour.
Audience
System administrators.
Name | Description | Mandatory | Default |
---|---|---|---|
automationApiEnabled |
Enable the Automation API (boolean) | no | false |
automationApiInterface |
Listening interface for the Automation API (string) |
no | "0.0.0.0" |
automationApiPort |
Listening port for the Automation API (int) |
no | 8081 |
credentials.password |
Password for PKCS12 archive (string) |
yes, if password.privatePkcs12 is encrypted |
|
credentials.privatePkcs12 |
PKCS12 archive for server certificate and private key (string) |
yes | |
database.changelog |
Path to database changeset (string) |
yes | "db_migrations/changelog.master.xml" |
database.driver_class |
Database driver (string) |
yes | "com.microsoft.sqlserver.jdbc.SQLServerDriver" |
database.initial_pool_size |
Initial number of connections in connection pool (int) |
no | 3 |
database.max_idle_time |
Maximum idle time for a connection in connection pool (0 means forever) (int) |
no | 0 |
database.max_pool_size |
Maximal number of connections in connection pool (int) |
no | 15 |
database.migrations_enabled |
Enable database changeset. Only change if you know what you are doing. (boolean) |
yes | true |
database.min_pool_size |
Minimal number of connections in connection pool (int) |
no | 3 |
database.password |
Database password (string) |
yes | |
database.url | Database connection URL. E.g. "jdbc:sqlserver://localhost:1433;database=digo;encrypt=false" (string) | yes | |
database.user | Database user (string) |
yes | |
deleteOrdersJob.acceptedAgeLimit |
Max age for orders with status ACCEPTED. Value in ISO8601 (string) |
no | deleteOrdersJob.defaultAgeLimit |
deleteOrdersJob.batchSize |
Number of orders to process att the same time (int) |
no | 100 |
deleteOrdersJob.cancelledAgeLimit |
Max age for orders with status CANCELLED. Value in ISO8601 (string) |
no |
deleteOrdersJob.defaultAgeLimit |
deleteOrdersJob.defaultAgeLimit |
Default max age for an order before it is deleted. This value is overridden if a max age is set for a specific order status. E.g. acceptedAgeLimit. Value in ISO8601 (string) |
no | "P100Y" |
deleteOrdersJob.delay |
Delay in ISO-8601 before running first batch job or when to schedule with cron expression (string) |
no |
"PT0S" |
deleteOrdersJob.enabled |
Enable or disable the entire delete orders job. (boolean) |
no |
false |
deleteOrdersJob.expiredAgeLimit |
Max age for orders with status EXPIRED. Value in ISO8601 (string) |
no |
deleteOrdersJob.defaultAgeLimit |
deleteOrdersJob.failedAgeLimit |
Max age for orders with status FAILED. Value in ISO8601 (string) |
no |
deleteOrdersJob.defaultAgeLimit |
deleteOrdersJob.pendingAgeLimit |
Max age for orders with status PENDING. Value in ISO8601 (string) |
no |
deleteOrdersJob.defaultAgeLimit |
deleteOrdersJob.rejectedAgeLimit |
Max age for orders with status REJECTED. Value in ISO8601 (string) |
no |
deleteOrdersJob.defaultAgeLimit |
deleteOrdersJob.schedule |
Delay between batch jobs in ISO-8601 or Cron expression (string) |
no |
"0 0 0,1,2,3,4,5 * * ?" |
deleteOrdersJob.statusFilter |
Comma-separated order status values; ACCEPTED, CANCELLED, EXPIRED, FAILED, PENDING, REJECTED |
no |
"REJECTED, CANCELLED, EXPIRED, FAILED" |
documentRetention.batchSize |
Number of documents to process att the same time (int) | no | 100 |
documentRetention.completedDocumentAge |
Max age of a completed (ACCEPTED, REJECTED, CANCELED, EXPIRED) document until it is deleted. Value in ISO8601 (string) |
no | "P30D" |
documentRetention.delay |
Delay in ISO-8601 before running first batch job or when to schedule with cron expression (string) |
no | "PT0S" |
documentRetention.deleteFromDatabase | Also delete document data from the database (boolean) | no | false |
documentRetention.deleteFromDatabaseAgeLimit |
Max age of a document until its data is deleted from the database. Requires 'deleteFromDatabase' (string) | no | "P100Y" |
documentRetention.enabled | Enable or disable the entire document retention function. (boolean) |
no | true |
documentRetention.inactiveDocumentAge |
Max age of an inactive or finalized (REJECTED, CANCELED, EXPIRED) document until it is deleted. Value in ISO8601 (string) |
no | "PT12H" |
documentRetention.schedule |
Delay between batch jobs in ISO-8601 or Cron expression (string) |
no |
"0 0 2 * * ?" |
documentRetention.unconsumedDocumentAge |
Max age of an orphan document until it is deleted. Value in ISO8601 (string) |
no | "PT12H" |
expireOrdersJob.batchSize |
Number of documents to process att the same time (int) |
no | 100 |
expireOrdersJob.delay |
Delay in ISO-8601 before running first batch job or when to schedule with cron expression (string) |
no | "PT0S" |
expireOrdersJob.enabled |
Enable or disable expiring orders job (boolean) |
no | true |
expireOrdersJob.schedule |
The delay between batch jobs in ISO-8601 or Cron expression (string) |
no | "0 0,30 * * * ?" |
fileService.password | File service user password (string) |
yes |
|
fileService.url |
URL of File Service (string) |
yes | |
fileService.username |
File service user (string) |
yes | |
logNetworkActivity |
Enable TCP logging for incoming HTTP requests (boolean) |
no | false |
logoutUrl |
Browser redirects to this URL on logout (string) |
yes | |
notifications.downloadLink |
Direct download link for document in an email (boolean) |
no | true |
orderOptions.enableNotifyAllSignersOption |
When enabled, all signers will be notified when everyone in the errand signs the document. All signers will also be able to download the document (boolean) |
no | false |
orderReminder.batchSize |
Order reminder batch size (int) |
no | 25 |
orderReminder.beforeExpiration |
Send a reminder number of days before the order expires. Value in ISO8601 (string) |
no | "P2D" |
orderReminder.delay |
Delay in ISO-8601 before running first batch job or when to schedule with cron expression (string) |
no | "PT15S" |
orderReminder.enabled |
Enable reminder notifications (boolean) |
no | true |
orderReminder.schedule |
The delay between batch jobs in ISO-8601 or Cron expression (string) |
no | "PT35S" |
primaryServerInterface |
Listening interface for the web app API (string) |
no | "0.0.0.0" |
primaryServerPort |
Listening port for the web app API (int) |
no | 8080 |
publicUrl |
Public URL for the Signing Workflow service. E.g. https://swf.se:8080/ (string) |
yes | |
saml.assertionConsumerServiceUrl | SAML Assertion consumer URL (string) |
yes | |
saml.attributes.authority |
Authority attribute (string) |
yes | |
saml.attributes.firstName |
First name attribute (string) |
yes | |
saml.attributes.lastName |
Last name attribute (string) |
yes | |
saml.attributes.mail |
Mail attribute (string) | yes | |
saml.attributes.source |
Source attribute (string) |
yes | |
saml.defaultLocale |
SAML locale. E.g. "sv" (string) |
yes | |
saml.issuerId |
SAML issuer ID (string) |
yes | |
saml.postSsoUrl |
SAML IdP Request consumer URL (string) |
yes | |
saml.roles.solicitor |
This value for the digo_saml_authority attribute indicates Solicitor permissions (string) |
yes | |
saml.skewTime |
SAML skew time in milliseconds (int) |
no | 30000 |
saml.trustedCertificates.[] |
List of files containing trusted certificates for SAML ticket validation (array of strings) E.g. "saml": { "trustedCertificates": [ "/path/saml.pem" ] } |
yes | |
saml.trustedIssuers.[] |
List of trusted Issuers (Array of strings) E.g. "saml": { "trustedIssuers": [ "stockholm" ] } |
yes | |
sessionTimeout |
Session timeout in milliseconds (int) |
no | 14400000 (4 hours) |
signingOrders.bodyLimit |
Max upload file size in bytes (int) |
no | 2097152 (2 MiB) |
signingOrders.documentLocationId |
File storage ID. Change this to a unique value every time the File storage directory is changed (int) |
yes | 1 |
signingOrders.documentMimeType |
Mime type header when downloading a signed document (string) |
no | "application/octet-stream" |
signingOrders.usePdfAFlavours |
Allow these PDF/A flavours (Array of strings) |
no | [ "PDFA_1_A" ] |
signingOrders.rejectInvalidPdfA |
Reject invalid PDF/A file selections (boolean) |
no | false |
signingOrders.fileDirectory |
Path to where to store signed documents (string) | yes | |
signingService.url |
URL of Signing Service (string) |
yes | |
smtp.client.hostname | SMTP hostname (string) | yes (if smtp is enabled) | |
smtp.client.keyStore |
Key store file to trust server certificates (string) |
no | |
smtp.client.keyStorePassword |
Password for key store file (string) |
yes, if keyStore is encrypted |
|
smtp.client.login |
Use authentication on the SMTP service (String: DISABLED, NONE, REQUIRED) |
no | "REQUIRED" |
smtp.client.password |
SMTP Password (string) |
yes (if smtp is enabled) |
|
smtp.client.port |
SMTP port (int) | no | 587 |
smtp.client.ssl |
Use TLS when connecting to mail server (boolean) |
no | true |
smtp.client.starttls |
Use StartTLS (String: DISABLED, OPTIONAL, REQUIRED) |
no | "REQUIRED" |
smtp.client.trustAll |
Trust all certificates when connecting to mail server (boolean) |
no | false |
smtp.client.username |
SMTP Username (string) | yes (if smtp is enabled) |
|
smtp.enabled |
SMTP notifications enabled (boolean) |
no | false |
tags | Add custom tags that can be used to tag signing orders | no | |
smtp.fromAddress |
Notification email from (string) |
yes (if smtp is enabled) |
|
users.externalUserAttributes.firstName |
First name attribute in external user query result (string) |
yes | |
users.externalUserAttributes.info |
Info attribute in external user query result (string) |
yes | |
users.externalUserAttributes.lastName |
Last name attribute in external user query result (string) |
yes | |
users.externalUserAttributes.mail |
Mail attribute in external user query result (string) |
yes | |
users.externalUserAttributes.mobile |
Mobile attribute in external user query result (string) |
yes | |
users.externalUserLookup |
URL for external user lookup (string) |
yes | |
users.internalUserAttributes.department |
Department attribute in internal user query result (string) |
yes | |
users.internalUserAttributes.firstName |
First name attribute in internal user query result (string) |
yes | |
users.internalUserAttributes.lastName |
Last name attribute in internal user query result (string) |
yes |
|
users.internalUserAttributes.mail |
Mail attribute in internal user query result (string) |
yes |
|
users.internalUserAttributes.mobile |
Mobile attribute in internal user query result (string) |
yes |
|
users.internalUserAttributes.organization |
Organization attribute in internal user query result (string) |
yes |
|
users.internalUserAttributes.userId |
User ID attribute in internal user query result (string) |
yes | |
users.internalUserLookup |
URL for internal user lookup (string) | yes | |
users.internalUserSearch |
URL for internal user search (string) |
yes | |
users.sslKeyFile |
Path to private key for TLS authentication (string) |
no | |
users.sslKeyFileType | Key file type (string) |
no | "pkcs12" |
users.sslKeyPassword | Password for the private TLS key (string) |
yes, if sslKeyFile is encrypted |
|
users.sslTrustFile |
Custom trust store (string) |
no | |
users.useSsl |
Use TLS towards User Query Service (boolean) |
no | false |
users.useSslClientCert |
Use TLS Client Auth towards User Query Service (boolean) |
no | false |
users.useSslTrustAll |
Trust all TLS server certificates (boolean) |
no | false |
users.sslTrustFileType |
Trust store type (string) |
no | "pkcs12" |
webHook.connectionTimeout |
Timeout for the http POST. Duration in ISO-8601 (string) |
no | "PT30S" |
webHook.enabled |
Enable webhooks (boolean) |
no | false |
webHook.endpoint |
Endpoint for webhook (string) |
no | |
webHook.key |
Extra query parameter in endpoint URL (string) |
no | |
webHook.secret |
Secret to create header signature (string) |
no | |
webHook.sslKeyFile |
Private key for TLS authentication, mandatory if using SSL (string) |
no | |
webHook.sslKeyFileType |
Content type (string) |
no | "pkcs12" |
webHook.sslKeyPassword |
Password for the private TLS key (string) |
yes, if sslKeyFile is encrypted | |
webHook.sslTrustFile |
Certificate file, mandatory (string) |
yes, if using client authentication | |
webHook.sslTrustFileType |
Content type (string) |
no | "pkcs12" |
webHook.useSslClientCert |
Use TLS Client authentication toward webhook service (boolean) |
no | false |
webHook.useSslTrustAll |
Trust all TLS server certificates (boolean) |
no | true |
Example configuration file
{
"publicUrl": "https://signing-workflow.phenixid.net/",
"apiHost": "172.16.238.11",
"primaryServerPort": 8080,
"automationApiEnabled": true,
"automationApiHost": "172.16.239.11",
"apiPort": 8081,
"logoutUrl": "https://signing-workflow.phenixid.net/",
"logNetworkActivity": false,
"sessionTimeout": 30000,
"database": {
"url": "jdbc:sqlserver://10.128.22.34:61466;database=workflow",
"user": "workflow_owner",
"password": "Secret8899",
"max_pool_size": 15,
"min_pool_size": 3,
"initial_pool_size": 3,
"max_idle_time": 0,
"changelog": "db_migrations/changelog.master.xml",
"migrations_enabled": true,
"driver_class": "com.microsoft.sqlserver.jdbc.SQLServerDriver"
},
"signingOrders": {
"fileDirectory": "C:/PhenixID/FileStorage",
"documentLocationId": 1,
"usePdfAFlavours": ["PDFA_1_A", "PDFA_3_A"],
"rejectInvalidPdfA": true
},
"orderReminder": {
"enabled": true,
"beforeExpiration": "P2D"
},
"documentRetention": {
"enabled": true,
"inactiveDocumentAge": "PT12H",
"completedDocumentAge": "P30D"
},
"credentials": {
"privatePkcs12": "C:/PhenixID/Keys/token_signer.pkcs12",
"password": "zecret"
},
"signingService": {
"url": "https://signing.phenixid.net/pdf_sign//authenticate/logout/?nextTarget=https://signing.phenixid.net/pdf_sign//"
},
"fileService": {
"url": "https://signing-service.phenixid.net/files/session",
"username": "workflow",
"password": "secret7zce"
},
"documentRetention": {
"enabled": true,
"inactiveDocumentAge": "PT12H",
"completedDocumentAge": "P30D"
},
"saml": {
"postSsoUrl": "https://idp.phenixid.net/saml/authenticate/idp",
"assertionConsumerServiceUrl": "https://signing-workflow.phenixid.net/auth/saml",
"issuerId": "https://signing-workflow.phenixid.net/saml/sp",
"defaultLocale": "sv",
"attributes": {
"authority": "description",
"source": "source",
"firstName": "givenName",
"lastName": "sn",
"mail": "mail"
},
"roles": {
"solicitor": "role:solicitor"
},
"trustedIssuers": [
"https://idp.phenixid.net/saml/idp"
],
"trustedCertificates": [
"C:/PhenixID/Certs/samltrust.pem"
],
"skewTime": 30000
},
"smtp": {
"fromAddress": "[email protected]",
"enabled": "true",
"client": {
"host": "smtp.sendgrid.net",
"port": 25,
"username": "user",
"password": "zecret"
"login": "REQUIRED"
}
},
"webHook": {
"enabled": true,
"endpoint": "http://www.example.org/automation"
},
"users": {
"useSsl": false,
"useSslClientCert": false,
"useSslTrustAll": false,
"sslTrustFile": "C:/PhenixID/Trust/saml-trust.pkcs8",
"sslKeyFile": "C:/PhenixID/Keys/key.der",
"sslKeyPassword": "abc123",
"externalUserLookup": "https://signing-service.net/pipes/users/external",
"internalUserLookup": "https://signing-service.net/pipes/users/internal",
"internalUserSearch": "https://signing-service.net/pipes/users/search",
"internalUserAttributes": {
"organization": "o",
"userId": "sAMAccountName",
"mail": "mail",
"firstName": "givenName",
"lastName": "sn",
"mobile": "mobile",
"department": "ou"
},
"externalUserAttributes": {
"info": "o",
"mail": "mail",
"mobile": "mobile",
"firstName": "givenName",
"lastName": "sn"
}
},
"notifications": {
"downloadLink": false
},
"orderOptions": {
"enableNotifyAllSignersOption": false
}
}