Configuration reference
This document describes all the parameters (set in config/config.json) that controls system behaviour.
Audience
System administrators.
| Name | Description | Mandatory | Default |
|---|---|---|---|
| automationApiEnabled |
Enable the Automation API (boolean) | no | false |
| automationApiInterface |
Listening interface for the Automation API (string) |
no | "0.0.0.0" |
| automationApiPort |
Listening port for the Automation API (int) |
no | 8081 |
| credentials.password |
Password for PKCS12 archive (string) |
yes, if password.privatePkcs12 is encrypted |
|
| credentials.privatePkcs12 |
PKCS12 archive for server certificate and private key (string) |
yes | |
| database.changelog |
Path to database changeset (string) |
yes | "db_migrations/changelog.master.xml" |
| database.driver_class |
Database driver (string) |
yes | "com.microsoft.sqlserver.jdbc.SQLServerDriver" |
| database.initial_pool_size |
Initial number of connections in connection pool (int) |
no | 3 |
| database.max_idle_time |
Maximum idle time for a connection in connection pool (0 means forever) (int) |
no | 0 |
| database.max_pool_size |
Maximal number of connections in connection pool (int) |
no | 15 |
| database.migrations_enabled |
Enable database changeset. Only change if you know what you are doing. (boolean) |
yes | true |
| database.min_pool_size |
Minimal number of connections in connection pool (int) |
no | 3 |
| database.password |
Database password (string) |
yes | |
| database.url | Database connection URL. E.g. "jdbc:sqlserver://localhost:1433;database=digo;encrypt=false" (string) | yes | |
| database.user | Database user (string) |
yes | |
| documentRetention.completedDocumentAge |
Max age of a completed (accepted) document until it is deleted. Value in ISO8601 (string) |
"P30D" | |
| documentRetention.enabled | Enable or disable the entire document retention function. (boolean) |
no | true |
| documentRetention.inactiveDocumentAge |
Max age of an inactive document until it is deleted. Value in ISO8601 (string) |
no | "PT12H" |
| fileService.password | File service user password (string) |
yes |
|
| fileService.url |
URL of File Service (string) |
yes | |
| fileService.username |
File service user (string) |
yes | |
| logNetworkActivity |
Enable TCP logging for incoming HTTP requests (boolean) |
no | false |
| logoutUrl |
Browser redirects to this URL on logout (string) |
yes | |
| notifications.downloadLink |
Direct download link for document in an email (boolean) |
no | true |
| orderOptions.enableNotifyAllSignersOption |
When enabled, all signers will be notified when the document is signed by everyone in the errand. All signers will also be able to download the document (boolean) |
no | false |
| orderReminder.batchSize |
Order reminder batch size (int) |
no | 25 |
| orderReminder.beforeExpiration |
Send reminder number of days before order expires. Value in ISO8601 (string) |
no | "P2D" |
| orderReminder.delay |
Time delay in milliseconds until first order notification and reminder batch jobs after server start (int milliseconds) |
no | 3000 |
| orderReminder.enabled |
Enable reminder notifications (boolean) |
no | true |
| orderReminder.frequency |
Target frequency (1/second) for order notification and reminder batch jobs (double) |
no | 0.14 |
| primaryServerInterface |
Listening interface for the web app API (string) |
no | "0.0.0.0" |
| primaryServerPort |
Listening port for the web app API (int) |
no | 8080 |
| publicUrl |
Public URL for the Signing Workflow service. E.g. https://swf.se:8080/ (string) |
yes | |
| saml.assertionConsumerServiceUrl | SAML Assertion consumer URL (string) |
yes | |
| saml.attributes.authority |
Authority attribute (string) |
yes | |
| saml.attributes.firstName |
First name attribute (string) |
yes | |
| saml.attributes.lastName |
Last name attribute (string) |
yes | |
| saml.attributes.mail |
Mail attribute (string) | yes | |
| saml.attributes.source |
Source attribute (string) |
yes | |
| saml.defaultLocale |
SAML locale. E.g. "sv" (string) |
yes | |
| saml.issuerId |
SAML issuer ID (string) |
yes | |
| saml.postSsoUrl |
SAML IdP Request consumer URL (string) |
yes | |
| saml.roles.solicitor |
This value for the digo_saml_authority attribute indicates Solicitor permissions (string) |
yes | |
| saml.skewTime |
SAML skew time in milliseconds (int) |
no | 30000 |
| saml.trustedCertificates.[] |
List of files containing trusted certificates for SAML ticket validation (array of strings) E.g. "saml": { "trustedCertificates": [ "/path/saml.pem" ] } |
yes | |
| saml.trustedIssuers.[] |
List of trusted Issuers (Array of strings) E.g. "saml": { "trustedIssuers": [ "stockholm" ] } |
yes | |
| sessionTimeout |
Session timeout in milliseconds (int) |
no | 14400000 (4 hours) |
| signingOrders.bodyLimit |
Max upload file size in bytes (int) |
no | 2097152 (2 MiB) |
| signingOrders.documentLocationId |
File storage ID. Change this to a unique value every time the File storage directory is changed (int) |
yes | 1 |
| signingOrders.documentMimeType |
Mime type header when downloading a signed document (string) |
no | "application/octet-stream" |
| signingOrders.usePdfAFlavours |
Allow these PDF/A flavours (Array of strings) |
no | [ "PDFA_1_A" ] |
| signingOrders.rejectInvalidPdfA |
Reject invalid PDF/A file selections (boolean) |
no | false |
| signingOrders.fileDirectory |
Path to where to store signed documents (string) | yes | |
| signingService.url |
URL of Signing Service (string) |
yes | |
| smtp.client.hostname | SMTP hostname (string) | yes (if smtp is enabled) | |
| smtp.client.keyStore |
Key store file to trust server certificates (string) |
no | |
| smtp.client.keyStorePassword |
Password for key store file (string) |
yes, if keyStore is encrypted |
|
| smtp.client.login |
Use authentication on the SMTP service (String: DISABLED, NONE, REQUIRED) |
no | "REQUIRED" |
| smtp.client.password |
SMTP Password (string) |
yes (if smtp is enabled) |
|
| smtp.client.port |
SMTP port (int) | no | 587 |
| smtp.client.ssl |
Use TLS when connecting to mail server (boolean) |
no | true |
| smtp.client.starttls |
Use StartTLS (String: DISABLED, OPTIONAL, REQUIRED) |
no | "REQUIRED" |
| smtp.client.trustAll |
Trust all certificates when connecting to mail server (boolean) |
no | false |
| smtp.client.username |
SMTP Username (string) | yes (if smtp is enabled) |
|
| smtp.enabled |
SMTP notifications enabled (boolean) |
no | false |
| tags | Add custom tags that can be used to tag signing orders | no | |
| smtp.fromAddress |
Notification email from (string) |
yes (if smtp is enabled) |
|
| users.externalUserAttributes.firstName |
First name attribute in external user query result (string) |
yes | |
| users.externalUserAttributes.info |
Info attribute in external user query result (string) |
yes | |
| users.externalUserAttributes.lastName |
Last name attribute in external user query result (string) |
yes | |
| users.externalUserAttributes.mail |
Mail attribute in external user query result (string) |
yes | |
| users.externalUserAttributes.mobile |
Mobile attribute in external user query result (string) |
yes | |
| users.externalUserLookup |
URL for external user lookup (string) |
yes | |
| users.internalUserAttributes.department |
Department attribute in internal user query result (string) |
yes | |
| users.internalUserAttributes.firstName |
First name attribute in internal user query result (string) |
yes | |
| users.internalUserAttributes.lastName |
Last name attribute in internal user query result (string) |
yes |
|
| users.internalUserAttributes.mail |
Mail attribute in internal user query result (string) |
yes |
|
| users.internalUserAttributes.mobile |
Mobile attribute in internal user query result (string) |
yes |
|
| users.internalUserAttributes.organization |
Organization attribute in internal user query result (string) |
yes |
|
| users.internalUserAttributes.userId |
User ID attribute in internal user query result (string) |
yes | |
| users.internalUserLookup |
URL for internal user lookup (string) | yes | |
| users.internalUserSearch |
URL for internal user search (string) |
yes | |
| users.sslKeyFile |
Path to private key for TLS authentication (string) |
no | |
| users.sslKeyFileType | Key file type (string) |
no | "pkcs12" |
| users.sslKeyPassword | Password for the private TLS key (string) |
yes, if sslKeyFile is encrypted |
|
| users.sslTrustFile |
Custom trust store (string) |
no | |
| users.useSsl |
Use TLS towards User Query Service (boolean) |
no | false |
| users.useSslClientCert |
Use TLS Client Auth towards User Query Service (boolean) |
no | false |
| users.useSslTrustAll |
Trust all TLS server certificates (boolean) |
no | false |
| users.sslTrustFileType |
Trust store type (string) |
no | "pkcs12" |
| webHook.connectionTimeout |
Timeout for the http POST. Duration in ISO-8601 (string) |
no | "PT30S" |
| webHook.enabled |
Enable webhooks (boolean) |
no | false |
| webHook.endpoint |
Endpoint for webhook (string) |
no | |
| webHook.key |
Extra query parameter in endpoint URL (string) |
no | |
| webHook.secret |
Secret to create header signature (string) |
no | |
| webHook.sslKeyFile |
Private key for TLS authentication, mandatory if using SSL (string) |
no | |
| webHook.sslKeyFileType |
Content type (string) |
no | "pkcs12" |
| webHook.sslKeyPassword |
Password for the private TLS key (string) |
yes, if sslKeyFile is encrypted | |
| webHook.sslTrustFile |
Certificate file, mandatory (string) |
yes, if using client authentication | |
| webHook.sslTrustFileType |
Content type (string) |
no | "pkcs12" |
| webHook.useSslClientCert |
Use TLS Client authentication toward webhook service (boolean) |
no | false |
| webHook.useSslTrustAll |
Trust all TLS server certificates (boolean) |
no | false |
Example configuration file
{
"publicUrl": "https://signing-workflow.phenixid.net/",
"apiHost": "172.16.238.11",
"primaryServerPort": 8080,
"automationApiEnabled": true,
"automationApiHost": "172.16.239.11",
"apiPort": 8081,
"logoutUrl": "https://signing-workflow.phenixid.net/",
"logNetworkActivity": false,
"sessionTimeout": 30000,
"database": {
"url": "jdbc:sqlserver://10.128.22.34:61466;database=workflow",
"user": "workflow_owner",
"password": "Secret8899",
"max_pool_size": 15,
"min_pool_size": 3,
"initial_pool_size": 3,
"max_idle_time": 0,
"changelog": "db_migrations/changelog.master.xml",
"migrations_enabled": true,
"driver_class": "com.microsoft.sqlserver.jdbc.SQLServerDriver"
},
"signingOrders": {
"fileDirectory": "C:/PhenixID/FileStorage",
"documentLocationId": 1,
"usePdfAFlavours": ["PDFA_1_A", "PDFA_3_A"],
"rejectInvalidPdfA": true
},
"orderReminder": {
"enabled": true,
"beforeExpiration": "P2D"
},
"documentRetention": {
"enabled": true,
"inactiveDocumentAge": "PT12H",
"completedDocumentAge": "P30D"
},
"credentials": {
"privatePkcs12": "C:/PhenixID/Keys/token_signer.pkcs12",
"password": "zecret"
},
"signingService": {
"url": "https://signing.phenixid.net/pdf_sign//authenticate/logout/?nextTarget=https://signing.phenixid.net/pdf_sign//"
},
"fileService": {
"url": "https://signing-service.phenixid.net/files/session",
"username": "workflow",
"password": "secret7zce"
},
"documentRetention": {
"enabled": true,
"inactiveDocumentAge": "PT12H",
"completedDocumentAge": "P30D"
},
"saml": {
"postSsoUrl": "https://idp.phenixid.net/saml/authenticate/idp",
"assertionConsumerServiceUrl": "https://signing-workflow.phenixid.net/auth/saml",
"issuerId": "https://signing-workflow.phenixid.net/saml/sp",
"defaultLocale": "sv",
"attributes": {
"authority": "description",
"source": "source",
"firstName": "givenName",
"lastName": "sn",
"mail": "mail"
},
"roles": {
"solicitor": "role:solicitor"
},
"trustedIssuers": [
"https://idp.phenixid.net/saml/idp"
],
"trustedCertificates": [
"C:/PhenixID/Certs/samltrust.pem"
],
"skewTime": 30000
},
"smtp": {
"fromAddress": "[email protected]",
"enabled": "true",
"client": {
"host": "smtp.sendgrid.net",
"port": 25,
"username": "user",
"password": "zecret"
"login": "REQUIRED"
}
},
"webHook": {
"enabled": true,
"endpoint": "http://www.example.org/automation"
},
"users": {
"useSsl": false,
"useSslClientCert": false,
"useSslTrustAll": false,
"sslTrustFile": "C:/PhenixID/Trust/saml-trust.pkcs8",
"sslKeyFile": "C:/PhenixID/Keys/key.der",
"sslKeyPassword": "abc123",
"externalUserLookup": "https://signing-service.net/pipes/users/external",
"internalUserLookup": "https://signing-service.net/pipes/users/internal",
"internalUserSearch": "https://signing-service.net/pipes/users/search",
"internalUserAttributes": {
"organization": "o",
"userId": "sAMAccountName",
"mail": "mail",
"firstName": "givenName",
"lastName": "sn",
"mobile": "mobile",
"department": "ou"
},
"externalUserAttributes": {
"info": "o",
"mail": "mail",
"mobile": "mobile",
"firstName": "givenName",
"lastName": "sn"
}
},
"notifications": {
"downloadLink": false
},
"orderOptions": {
"enableNotifyAllSignersOption": false
}
}