Configuration reference
This document describes all the parameters (set in config/config.json) that controls system behaviour.
Audience
System administrators.
| Name | Description | Mandatory | Default |
|---|---|---|---|
| addUserViaEmail.enabled | Enable Add user via email | no | false |
| addUserViaEmail.jwtExpireAfter | Expires JWT after given period. The JWT is used when sending an e-mail to the signer which contains an URL to autologin to SWF | no | "P7D" |
| addUserViaEmail.jwtSigningCertificatePassword | Password for addUserViaEmail.jwtSigningCertificatePath | no | "" |
| addUserViaEmail.jwtSigningCertificatePath | Path to a certificate to use for creating the JWT | yes, if addUserViaEmail.enabled = true | |
| automationApiEnabled | Enable the Automation API (boolean) | no | false |
| automationApiInterface | Listening interface for the Automation API (string) | no | "0.0.0.0" |
| automationApiPort | Listening port for the Automation API (int) | no | 8081 |
| credentials.password | Password for PKCS12 archive (string) | yes, if password.privatePkcs12 is encrypted | |
| credentials.privatePkcs12 | PKCS12 archive for server certificate and private key (string) | yes | |
| database.changelog | Path to database changeset (string) | yes | "db_migrations/changelog.master.xml" |
| database.driver_class | Database driver (string) | yes | "com.microsoft.sqlserver.jdbc.SQLServerDriver" |
| database.initial_pool_size | Initial number of connections in connection pool (int) | no | 3 |
| database.max_idle_time | Maximum idle time for a connection in connection pool (0 means forever) (int) | no | 0 |
| database.max_pool_size | Maximal number of connections in connection pool (int) | no | 15 |
| database.migrations_enabled | Enable database changeset. Only change if you know what you are doing. (boolean) | yes | true |
| database.min_pool_size | Minimal number of connections in connection pool (int) | no | 3 |
| database.password | Database password (string) | yes | |
| database.url | Database connection URL. E.g. "jdbc:sqlserver://localhost:1433;database=digo;encrypt=false" (string) | yes | |
| database.user | Database user (string) | yes | |
| deleteOrdersJob.acceptedAgeLimit | Max age for orders with status ACCEPTED. Value in ISO8601 (string) | no | deleteOrdersJob.defaultAgeLimit |
| deleteOrdersJob.batchSize | Number of orders to process att the same time (int) | no | 100 |
| deleteOrdersJob.cancelledAgeLimit | Max age for orders with status CANCELLED. Value in ISO8601 (string) | no | deleteOrdersJob.defaultAgeLimit |
| deleteOrdersJob.defaultAgeLimit | Default max age for an order before it is deleted. This value is overridden if a max age is set for a specific order status. E.g. acceptedAgeLimit. Value in ISO8601 (string). This value is also used for determining max age for errand due dates and. SWF will get the longest possible value for either defaulAgeLimit, pendingAgeLimit or totalAgeLimit (if set) and set to maximum due date time. | no | "P100Y" |
| deleteOrdersJob.delay | Delay in ISO-8601 before running first batch job or when to schedule with cron expression (string) | no | "PT0S" |
| deleteOrdersJob.enabled | Enable or disable the entire delete orders job. (boolean) | no | false |
| deleteOrdersJob.expiredAgeLimit | Max age for orders with status EXPIRED. Value in ISO8601 (string) | no | deleteOrdersJob.defaultAgeLimit |
| deleteOrdersJob.failedAgeLimit | Max age for orders with status FAILED. Value in ISO8601 (string) | no | deleteOrdersJob.defaultAgeLimit |
| deleteOrdersJob.pendingAgeLimit | Max age for orders with status PENDING. Value in ISO8601 (string) | no | deleteOrdersJob.defaultAgeLimit |
| deleteOrdersJob.rejectedAgeLimit | Max age for orders with status REJECTED. Value in ISO8601 (string) | no | deleteOrdersJob.defaultAgeLimit |
| deleteOrdersJob.schedule | Delay between batch jobs in ISO-8601 or Cron expression (string) | no | "0 0 0,1,2,3,4,5 * * ?" |
| deleteOrdersJob.statusFilter | Comma-separated order status values; ACCEPTED, CANCELLED, EXPIRED, FAILED, PENDING, REJECTED |
no | "REJECTED, CANCELLED, EXPIRED, FAILED" |
| deleteOrdersJob.totalAgeLimit | Maximum total age of an errand, regardless of status. When set to null, errands will not have a maximum total age. | no | null |
| descriptionLength | Maximum description length for an errand. Keep this the same as the database limit as this will not change the database limit. |
no | 2048 |
| documentRetention.batchSize | Number of documents to process att the same time (int) | no | 100 |
| documentRetention.completedDocumentAge | Max age of a completed (ACCEPTED, REJECTED, CANCELED, EXPIRED) document until it is deleted. Value in ISO8601 (string) | no | "P30D" |
| documentRetention.delay | Delay in ISO-8601 before running first batch job or when to schedule with cron expression (string) | no | "PT0S" |
| documentRetention.deleteFromDatabase | Also delete document data from the database (boolean) | no | false |
| documentRetention.deleteFromDatabaseAgeLimit | Max age of a document until its data is deleted from the database. Requires 'deleteFromDatabase' (string) | no | "P100Y" |
| documentRetention.enabled | Enable or disable the entire document retention function. (boolean) | no | true |
| documentRetention.inactiveDocumentAge | Max age of an inactive or finalized (REJECTED, CANCELED, EXPIRED) document until it is deleted. Value in ISO8601 (string) | no | "PT12H" |
| documentRetention.schedule | Delay between batch jobs in ISO-8601 or Cron expression (string) | no | "0 0 2 * * ?" |
| documentRetention.unconsumedDocumentAge | Max age of an orphan document until it is deleted. Value in ISO8601 (string) | no | "PT12H" |
| emailValidation.enabled | Validate email address that is entered into SWF. | no | true |
| emailValidation.jmail.strictValidator | Enable strict validation when using Jmail More info: https://github.com/RohanNagar/jmail?tab=readme-ov-file#additional-validation-rules |
no | false |
| emailValidation.regex.javaRegex | Java regex to use when emailValidation.type is "regex" Only used on backend. |
yes | See config-sample.json in installation directory |
| emailValidation.regex.javaScriptRegex | Javascript regex to use when validating in frontend. The email will be validated again when it reaches the backend. |
yes | See config-sample.json in installation directory |
| emailValidation.type | What type of validation to use in the backend. Possible values are "jmail" and "regex". More about jmail: https://github.com/RohanNagar/jmail If you don't want to use jmail you can change to using a regular expression which is configured with emailValidation.regex.javaRegex Frontend always uses regex because jmail is a backend validator. |
yes | "jmail" |
| expireOrdersJob.batchSize | Number of documents to process att the same time (int) | no | 100 |
| expireOrdersJob.delay | Delay in ISO-8601 before running first batch job or when to schedule with cron expression (string) | no | "PT0S" |
| expireOrdersJob.enabled | Enable or disable expiring orders job (boolean) | no | true |
| expireOrdersJob.schedule | The delay between batch jobs in ISO-8601 or Cron expression (string) | no | "0 0,30 * * * ?" |
| fileService.password | File service user password (string) | yes | |
| fileService.url | URL of File Service (string) | yes | |
| fileService.username | File service user (string) | yes | |
| logNetworkActivity | Enable TCP logging for incoming HTTP requests (boolean) | no | false |
| logoutUrl | Browser redirects to this URL on logout (string) | yes | |
| notifications.downloadLink | Direct download link for document in an email (boolean) | no | true |
| orderOptions.enableNotifyAllSignersOption | When enabled, all signers will be notified when everyone in the errand signs the document. All signers will also be able to download the document (boolean) | no | false |
| orderOptions.defaultSignerNotification | Set default value on whether or not all signers should be able to download the final document. | no | false |
| orderReminder.batchSize | Order reminder batch size (int) | no | 25 |
| orderReminder.beforeExpiration | Send a reminder number of days before the order expires. Value in ISO8601 (string) | no | "P2D" |
| orderReminder.delay | Delay in ISO-8601 before running first batch job or when to schedule with cron expression (string) | no | "PT15S" |
| orderReminder.enabled | Enable reminder notifications (boolean) | no | true |
| orderReminder.schedule | The delay between batch jobs in ISO-8601 or Cron expression (string) | no | "PT35S" |
| primaryServerInterface | Listening interface for the web app API (string) | no | "0.0.0.0" |
| primaryServerPort | Listening port for the web app API (int) | no | 8080 |
| publicUrl | Public URL for the Signing Workflow service. E.g. https://swf.se:8080/ (string) | yes | |
| saml.assertionConsumerServiceUrl | SAML Assertion consumer URL (string) | yes | |
| saml.attributes.authority | Authority attribute (string) | yes | |
| saml.attributes.firstName | First name attribute (string) | yes | |
| saml.attributes.lastName | Last name attribute (string) | yes | |
| saml.attributes.mail | Mail attribute (string) | yes | |
| saml.attributes.source | Source attribute (string) | yes | |
| saml.defaultLocale | SAML locale. E.g. "sv" (string) | yes | |
| saml.issuerId | SAML issuer ID (string) | yes | |
| saml.postSsoUrl | SAML IdP Request consumer URL (string) | yes | |
| saml.roles.solicitor | This value for the digo_saml_authority attribute indicates Solicitor permissions (string) | yes | |
| saml.skewTime | SAML skew time in milliseconds (int) | no | 30000 |
| saml.trustedCertificates.[] | List of files containing trusted certificates for SAML ticket validation (array of strings) E.g. "saml": { "trustedCertificates": [ "/path/saml.pem" ] } |
yes | |
| saml.trustedIssuers.[] | List of trusted Issuers (Array of strings) E.g. "saml": { "trustedIssuers": [ "stockholm" ] } |
yes | |
| sessionTimeout | Session timeout in milliseconds (int) | no | 14400000 (4 hours) |
| signingOrders.bodyLimit | Max upload file size in bytes (int) | no | 2097152 (2 MiB) |
| signingOrders.documentLocationId | File storage ID. Change this to a unique value every time the File storage directory is changed (int) | yes | 1 |
| signingOrders.documentMimeType | Mime type header when downloading a signed document (string) | no | "application/octet-stream" |
| signingOrders.usePdfAFlavours | Allow these PDF/A flavours. See PDF/A validation (Array of strings) | no | [] |
| signingOrders.disableDocumentChecks | Disables all document validations except the PDF flavour validation. See PDF validation for more information. | no | false |
| signingOrders.rejectInvalidPdfA | Reject invalid PDF/A file selections (boolean) | no | false |
| signingOrders.fileDirectory | Path to where to store signed documents (string) | yes | |
| signingService.url | URL of Signing Service (string) | yes | |
| smtp.client.hostname | SMTP hostname (string) | yes (if smtp is enabled) | |
| smtp.client.keyStore | Key store file to trust server certificates (string) | no | |
| smtp.client.keyStorePassword | Password for key store file (string) | yes, if keyStore is encrypted | |
| smtp.client.login | Use authentication on the SMTP service (String: DISABLED, NONE, REQUIRED) |
no | "REQUIRED" |
| smtp.client.password | SMTP Password (string) | yes (if smtp is enabled) | |
| smtp.client.port | SMTP port (int) | no | 587 |
| smtp.client.ssl | Use TLS when connecting to mail server (boolean) | no | true |
| smtp.client.starttls | Use StartTLS (String: DISABLED, OPTIONAL, REQUIRED) | no | "REQUIRED" |
| smtp.client.trustAll | Trust all certificates when connecting to mail server (boolean) | no | false |
| smtp.client.username | SMTP Username (string) | yes (if smtp is enabled) | |
| smtp.enabled | SMTP notifications enabled (boolean) | no | false |
| sourceCookie.cookieName | Cookie name | no | "swfSource" |
| sourceCookie.domain | Domain for the cookie. Set to null to use server domain | no | null |
| sourceCookie.enabled | Enable source cookie. It is a cookie that contains the source value for the user. The syntax for the value is; source=EXTERNAL |
no | false |
| sourceCookie.isHttpOnly | Set http only cookie | no | true |
| sourceCookie.isSecure | Set secure cookie Secure cookie can only be used with HTTPS |
no | true |
| sourceCookie.maxAge | Set cookie expiration Duration in ISO-8601 (string). Set null for creating a session cookie. |
no | null |
| sourceCookie.path | Set cookie path | no | "/" |
| sourceCookie.sameSite | Set same site. Possible values are; null, "none", "lax", "strict" | no | null |
| tags | Add custom tags that can be used to tag signing orders | no | |
| smtp.fromAddress | Notification email from (string) | yes (if smtp is enabled) | |
| users.externalUserAttributes.firstName | First name attribute in external user query result (string) | yes | |
| users.externalUserAttributes.info | Info attribute in external user query result (string) | yes | |
| users.externalUserAttributes.lastName | Last name attribute in external user query result (string) | yes | |
| users.externalUserAttributes.mail | Mail attribute in external user query result (string) | yes | |
| users.externalUserAttributes.mobile | Mobile attribute in external user query result (string) | yes | |
| users.externalUserLookup | URL for external user lookup (string) | yes | |
| users.internalUserAttributes.department | Department attribute in internal user query result (string) | yes | |
| users.internalUserAttributes.firstName | First name attribute in internal user query result (string) | yes | |
| users.internalUserAttributes.lastName | Last name attribute in internal user query result (string) | yes | |
| users.internalUserAttributes.mail | Mail attribute in internal user query result (string) | yes | |
| users.internalUserAttributes.mobile | Mobile attribute in internal user query result (string) | yes | |
| users.internalUserAttributes.organization | Organization attribute in internal user query result (string) | yes | |
| users.internalUserAttributes.userId | User ID attribute in internal user query result (string) | yes | |
| users.internalUserLookup | URL for internal user lookup (string) | yes | |
| users.internalUserSearch | URL for internal user search (string) | yes | |
| users.sslKeyFile | Path to private key for TLS authentication (string) | no | |
| users.sslKeyFileType | Key file type (string) | no | "pkcs12" |
| users.sslKeyPassword | Password for the private TLS key (string) | yes, if sslKeyFile is encrypted | |
| users.sslTrustFile | Custom trust store (string) | no | |
| users.useSsl | Use TLS towards User Query Service (boolean) | no | false |
| users.useSslClientCert | Use TLS Client Auth towards User Query Service (boolean) | no | false |
| users.useSslTrustAll | Trust all TLS server certificates (boolean) | no | false |
| users.sslTrustFileType | Trust store type (string) | no | "pkcs12" |
| validateSignaturesService.basicAuth.basicAuthPassword | BasicAuth password when accessing PAS for signature validation | no | |
| validateSignaturesService.basicAuth.basicAuthUsername | BasicAuth username when accessing PAS for signature validation | no | |
| validateSignaturesService.basicAuth.enabled | Enabled BasicAuth when accessing PAS for signature validation | no | false |
| validateSignaturesService.enabled | Enable signature validation button | no | false |
| validateSignaturesService.url | URL for the validation endpoint in PAS. Note that this request is made from the application. Not the users browser. | no | |
| webHook.connectionTimeout | Timeout for the http POST. Duration in ISO-8601 (string) | no | "PT30S" |
| webHook.enabled | Enable webhooks (boolean) | no | false |
| webHook.endpoint | Endpoint for webhook (string) | no | |
| webHook.key | Extra query parameter in endpoint URL (string) | no | |
| webHook.secret | Secret to create header signature (string) | no | |
| webHook.sslKeyFile | Private key for TLS authentication, mandatory if using SSL (string) | no | |
| webHook.sslKeyFileType | Content type (string) | no | "pkcs12" |
| webHook.sslKeyPassword | Password for the private TLS key (string) | yes, if sslKeyFile is encrypted | |
| webHook.sslTrustFile | Certificate file, mandatory (string) | yes, if using client authentication | |
| webHook.sslTrustFileType | Content type (string) | no | "pkcs12" |
| webHook.useSslClientCert | Use TLS Client authentication toward webhook service (boolean) | no | false |
| webHook.useSslTrustAll | Trust all TLS server certificates (boolean) | no | true |