Configuration reference
This document describes all the parameters (set in config/config.json) that controls system behaviour.
Audience
System administrators
Notes
Configuration keys are often nested. Nesting levels are signified by a period (.) between keys in the table below. Example: completionNextTarget.enabled = true looks like this in the config:
{
...
"completionNextTarget": {
"enabled": true,
...
},
...
}
Click to copy
Changes between version 2.5.11 and 3.0.0
Old configuration should work out of the box, with default values for newly added configuration keys. It is however strongly recommended to update the configuration to the current version, as legacy configuration will not be supported more than one version back. Fewer fields are now mandatory, and some have updated default values.
In version 3.0, all job configurations have been moved under a common root key called jobs, with nested categories and finally new nested job names underneath. The former names of job config keys are given below, to simplify translation into new config. Jobs are now turned off unless they are configured.
The former addUserViaEmail section has been renamed email and has moved in under the new tabs section.
Also new is the files section. The former top-level allowAppendixes key has moved in under files.
Another new section is metrics.
The former signingOrders has been renamed signingTasks.
Some other new top-level additions are resourcesRoot, webRoot, tenantId, and dumpConfig, all of which have default values.
| Name | Description | Mandatory | Datatype | Default |
|---|---|---|---|---|
| allowMultipleFiles | Whether SWF should accept multiple files per signing task | no | boolean | false |
| automationApiEnabled | Enable the Automation API | no | boolean | false |
| automationApiInterface | Listening interface for the Automation API | no | string | "0.0.0.0" |
| automationApiPort | Listening port for the Automation API | no | int | 8081 |
| completionNextTarget.enabled | Whether or not the completionNextTarget functionality should be enabled. | no | boolean | false |
| completionNextTarget.allowedLogoutTargetPrefix | completionNextTarget URL prefix regex. The specified nextTarget should match the URL target that errand creators sets. Read more about it in the PAS solution documentation. | no | string | "" |
| completionNextTarget.allowedLogoutTarget | completionNextTarget URL regex. The specified nextTarget should match the URL target that errand creators sets. Read more about it in the PAS solution documentation. | no | string | "/|/[\\w]+[\\w/.#-]*|/[\\w/.-]*\\?[\\w=&+-./]*|[\\.]+[\\w/.-]*|[\\.]+[\\w/.-]*\\?[\\w=&+-.]*" |
| completionNextTarget.allowedLogoutTargetSuffix | completionNextTarget URL suffix regex. The specified nextTarget should match the URL target that errand creators sets. Read more about it in the PAS solution documentation. | no | string | "" |
| completionNextTarget.configurations | Landing page configurations. Read more about it here. | no | JSON object given as string | none |
| credentials.password | Password for PKCS12 archive | yes, if password.privatePkcs12 is encrypted | string | none |
| credentials.privatePkcs12 | PKCS12 archive for server certificate and private key | yes | string | none |
| database.changelog | Path to database changeset | no | string | "db_migrations/changelog.master.xml" |
| database.driver_class | Database driver | no | string | "com.microsoft.sqlserver.jdbc.SQLServerDriver" |
| database.initial_pool_size | Initial number of connections in connection pool | no | int | 3 |
| database.max_idle_time | Maximum idle time for a connection in connection pool (0 means forever) | no | int | 0 |
| database.max_pool_size | Maximum number of connections in connection pool | no | int | 15 |
| database.migrations_enabled | Enable database changeset. Only change this if you know what you are doing. | yes | boolean | true |
| database.min_pool_size | Minimal number of connections in connection pool | no | int | 3 |
| database.password | Database password | yes | string | none |
| database.url | Database connection URL. For example "jdbc:sqlserver://localhost:1433;database=digo;encrypt=false" | yes | string | none |
| database.user | Database user | yes | string | none |
| descriptionLength | Maximum description length for an errand. Keep this the same as the database limit as this will not change the database limit. | no | int | 2048 |
| documentConversion.enabled | Whether document conversion is enabled | no | boolean | false |
| documentConversion.preferredFlavour | What global flavour the conversion service should convert to. Could be overridden by implementation specific preferredFlavour. | no | integer given as string | none |
| documentConversion.implementation | An array of the conversion implementations used. Will start with the first entry and use the rest as fallback | no | string array | none |
| documentConversion.implementationConfigurations | A JSON object containing implementation specific configurations where the key will be the name of the implementation. Configuration details depends on the implementation of choice. | no | JSON object given as string | none |
| dumpConfig | Makes the server log the effective configuration at startup, useful for troubleshooting | no | boolean | false |
| emailValidation.enabled | Whether to validate email addresses that are entered into SWF. | no | boolean | false |
| emailValidation.jmail.strictValidator | Enable strict validation when using Jmail More info: https://github.com/RohanNagar/jmail?tab=readme-ov-file#additional-validation-rules | no | boolean | false |
| emailValidation.regex.javaRegex | Java regex to use when emailValidation.type is "regex"Only used on backend. | yes | string | See config-sample.json in installation directory |
| emailValidation.regex.javaScriptRegex | Javascript regex to use when validating in frontend. The email will be validated again when it reaches the backend. | yes | string | See config-sample.json in installation directory |
| emailValidation.type | What type of validation to use in the backend. More about jmail: https://github.com/RohanNagar/jmail If you don't want to use jmail, you can instead use a regular expression, which is configured using emailValidation.regex.javaRegexFrontend always uses regex because jmail is a backend validator. | yes | string: JMAIL or REGEX | "JMAIL" |
| files.maxFileSize | Maximum size in bytes of a file to be signed | int | 10 000 000 | |
| files.maxNumberOfFiles | Maximum number of files allowed in one task, to be signed together | int | 5 | |
| files.allowAppendixes | Whether SWF should accept appendixes (files included for information, which aren't themselves signed) | boolean | false | |
| files.conversion.enabled | Whether file conversion is enabled | boolean | false | |
| files.conversion.statuses | What file validation statuses to try to convert | string array | [ ] | |
| fileService.password | File service user password | yes | string | none |
| fileService.url | URL of File Service | yes | string | none |
| fileService.username | File service user | yes | string | none |
jobs.retention.fileRetention.batchSize (jobs.retention.fileRetention was formerly called documentRetention) | Number of documents to process at the same time | no | int | 100 |
| jobs.retention.fileRetention.completedDocumentAge | Max age of a completed (ACCEPTED, REJECTED, CANCELLED, EXPIRED) document until it is deleted | no | ISO-8601 duration | "P50Y" |
| jobs.retention.fileRetention.delay | Delay before running first batch job or starting cron schedule, depending on jobs.retention.fileRetention.schedule setting | no | ISO-8601 duration | "PT0S" |
| jobs.retention.fileRetention.enabled | Enable or disable the entire document retention function. | no | boolean | false |
| jobs.retention.fileRetention.inactiveDocumentAge | Max age of an inactive or finalized (REJECTED, CANCELLED, EXPIRED) document until it is deleted | no | ISO-8601 duration | "P50Y" |
| jobs.retention.fileRetention.schedule | Delay between batch jobs, as ISO-8601 duration or cron expression | no | ISO-8601 duration or cron expression | "0 0 2 * * ?" |
| jobs.retention.fileRetention.unconsumedDocumentAge | Max age of an orphan document until it is deleted | no | ISO-8601 duration | "P50Y" |
jobs.retention.taskRetention.acceptedAgeLimit (jobs.retention.taskRetention was formerly called deleteOrdersJob) | Max age for orders with status ACCEPTED | no | ISO-8601 duration | "0 0 2 * * ?" |
| jobs.retention.taskRetention.batchSize | Number of orders to process at the same time | no | int | 100 |
| jobs.retention.taskRetention.cancelledAgeLimit | Max age for orders with status CANCELLED | no | ISO-8601 duration | jobs.retention.taskRetention.defaultAgeLimit |
| jobs.retention.taskRetention.defaultAgeLimit | Default max age for an order before it is deleted. This value is overridden if a max age is set for a specific order status. E.g. acceptedAgeLimit. This value is also used for determining max age for errand due dates and. SWF will get the longest possible value for either defaultAgeLimit, pendingAgeLimit or totalAgeLimit (if set) and set to maximum due date time. | no | ISO-8601 duration | "P50Y" |
| jobs.retention.taskRetention.delay | Delay before running first batch job or when to schedule with cron expression | no | ISO-8601 duration | "PT0S" |
| jobs.retention.taskRetention.enabled | Enable or disable the entire delete orders job | no | boolean | false |
| jobs.retention.taskRetention.expiredAgeLimit | Max age for orders with status EXPIRED | no | ISO-8601 duration | jobs.retention.taskRetention.defaultAgeLimit |
| jobs.retention.taskRetention.failedAgeLimit | Max age for orders with status FAILED | no | ISO-8601 duration | jobs.retention.taskRetention.defaultAgeLimit |
| jobs.retention.taskRetention.pendingAgeLimit | Max age for orders with status PENDING | no | ISO-8601 duration | jobs.retention.taskRetention.defaultAgeLimit |
| jobs.retention.taskRetention.rejectedAgeLimit | Max age for orders with status REJECTED | no | ISO-8601 duration | jobs.retention.taskRetention.defaultAgeLimit |
| jobs.retention.taskRetention.schedule | Delay between batch jobs, as ISO-8601 duration or cron expression | no | ISO-8601 duration or cron expression | "0 0 0,1,2,3,4,5 * * ?" |
| jobs.retention.taskRetention.statusFilter | Comma-separated string of order status values; ACCEPTED, CANCELLED, EXPIRED, FAILED, PENDING, REJECTED | no | string | none |
| jobs.retention.taskRetention.totalAgeLimit | Maximum total age of an errand, regardless of status. When set to null, errands will not have a maximum total age. | no | ISO-8601 duration | jobs.retention.taskRetention.defaultAgeLimit |
jobs.reminders.taskExpirationReminder.batchSize (jobs.reminders.taskExpirationReminder was formerly called orderReminder) | Order reminder batch size | no | int | 25 |
| jobs.reminders.taskExpirationReminder.timeBeforeExpiration | Send a reminder number of days before the order expires. | no | ISO-8601 duration | "P2D" |
| jobs.reminders.taskExpirationReminder.delay | Delay before running first batch job or when to schedule with cron expression | no | string | "PT3S" |
| jobs.reminders.taskExpirationReminder.enabled | Enable reminder notifications | no | boolean | false |
| jobs.reminders.taskExpirationReminder.schedule | The delay between batch jobs | no | ISO-8601 duration or cron expression | "PT35S" |
jobs.reminders.fileRetentionReminder.enabled (jobs.reminders.fileRetentionReminder was formerly called orderDeletionReminderJob) | Whether or not the job is enabled. If the document retention job is disabled, the order deletion reminder job will be disabled as well | no | boolean | false |
| jobs.reminders.fileRetentionReminder.delay | The delay of the job startup | no | ISO-8601 duration | "PT1M" |
| jobs.reminders.fileRetentionReminder.schedule | The schedule of the job in ISO-8601 or cron expression | no | ISO-8601 duration or cron expression | "PT5M" |
| jobs.reminders.fileRetentionReminder.batchSize | The number of users that will receive an email for that job run. | no | int | 1000 |
| jobs.reminders.fileRetentionReminder.timeBeforeDeletion | How long before the document retention job schedules a document deletion. | no | ISO-8601 duration | "P2D" |
jobs.operations.taskExpirationOperations.batchSize (jobs.operations.taskExpirationOperations was formerly called expireOrdersJob) | Number of documents to process at the same time | no | int | 100 |
| jobs.operations.taskExpirationOperations.delay | Delay in ISO-8601 before running first batch job or when to schedule with cron expression | no | string | "PT0S" |
| jobs.operations.taskExpirationOperations.enabled | Enable or disable expiring orders job | no | boolean | false |
| jobs.operations.taskExpirationOperations.schedule | The delay between batch jobs | no | ISO-8601 duration or cron expression | "0 0,30 * * * ?" |
| logNetworkActivity | Enable TCP logging for incoming HTTP requests | no | boolean | false |
| logoutUrl | Browser redirects to this URL on logout | yes | string | none |
| metrics.commonTags.application | What the SWF application is called in the exported metrics | no | string | determined by Vert.X |
| metrics.elasticSearch.autoCreateIndex | Create index automatically | no | boolean | determined by Vert.X |
| metrics.elasticSearch.enabled | Whether metrics are enabled | no | boolean | false |
| metrics.elasticSearch.host | Host to export metrics to | yes, if metrics is enabled | string | none |
| metrics.elasticSearch.password | Password for metrics export user | yes, if metrics is enabled | string | none |
| metrics.elasticSearch.step | How often to push metrics | no | ISO-8601 duration | determined by Vert.X |
| metrics.elasticSearch.username | Username for metrics export user | yes, if metrics is enabled | string | none |
| metrics.enableClassLoaderMetrics | Whether to export class loader metrics | no | boolean | false |
| metrics.enableJvmGcMetrics | Whether to export JVM garbage collection metrics | no | boolean | false |
| metrics.enableJvmMemoryMetrics | Whether to export JVM memory metrics | no | boolean | false |
| metrics.enableJvmThreadMetrics | Whether to export JVM thread metrics | no | boolean | false |
| metrics.enableProcessorMetrics | Whether to export processor metrics | no | boolean | false |
| metrics.enableVertxMetrics | Whether to export Vert.X metrics | no | boolean | false |
| notifications.downloadLink | Direct download link for document in an email | no | boolean | true |
| orderOptions.enableInviteUrlTargetOption | When enabled, solicitors get the option to set Invite URL target in the UI. Read more here. | no | boolean | false |
| orderOptions.enableNotifyAllSignersOption | When enabled, all signers will be notified when everyone in the errand signs the document. All signers will also be able to download the document | no | boolean | false |
| orderOptions.defaultInviteUrlTarget | Sets the default value of the Invite URL target in the UI. Available options are SWF or SIGN_SERVICE. Read more here. | no | string | "SWF" |
| orderOptions.defaultSignerNotification | Default value for whether all signers should be able to download the final document. | no | boolean | false |
| primaryServerInterface | Listening interface for the web app API | no | string | "0.0.0.0" |
| primaryServerPort | Listening port for the web app API | no | int | 8080 |
| publicUrl | Public URL for the Signing Workflow service. For example https://swf.se:8080/ | yes | string | none |
| resourcesRoot | Location of resource files | no | string | "resources" (relative to installation root) |
| saml.assertionConsumerServiceUrl | SAML Assertion consumer URL | yes | string | none |
| saml.attributes.authority | Authority attribute | no | string | "description" |
| saml.attributes.firstName | First name attribute | no | string | "cn" |
| saml.attributes.lastName | Last name attribute | no | string | "sn" |
| saml.attributes.mail | Mail attribute | no | string | "mail" |
| saml.attributes.source | Source attribute | no | string | "source" |
| saml.defaultLocale | SAML locale, for example "sv" for Swedish | no | string | "sv" |
| saml.issuerId | SAML issuer ID | yes | string | none |
| saml.postSsoUrl | SAML identity provider request consumer URL | yes | string | none |
| saml.roles.solicitor | This value for the authority attribute indicates Solicitor permissions | yes | string | "role:solicitor" |
| saml.skewTime | SAML skew time in milliseconds | no | int | 30000 |
| saml.trustedCertificates | List of files containing trusted certificates for SAML ticket validation, for example"saml": { "trustedCertificates": [ "/path/saml.pem" ] } | yes | string array | none |
| saml.trustedIssuers | List of trusted issuers, for example "saml": { "trustedIssuers": [ "stockholm" ] } | yes | string array | none |
| scanPeriod | How often to look for config changes, in milliseconds | no | int | 5000 |
| sessionTimeout | Session timeout in milliseconds | no | int | 14 400 000 (4 hours) |
| signingTasks.bodyLimit | Max upload file size in bytes | no | int | 2 097 152 (2 MiB) |
| signingTasks.documentLocationId | File storage ID. Change this to a unique value every time the File storage directory is changed | no | int | 1 |
| signingTasks.documentMimeType | Mime type header when downloading a signed document | no | string | "application/octet-stream" |
| signingTasks.usePdfAFlavours | Allow these PDF/A flavours. See PDF/A validation | no | string array | [] |
| signingTasks.disableDocumentChecks | Disables all document validations except the PDF flavour validation. See PDF validation for more information. | no | boolean | false |
| signingTasks.rejectInvalidPdfA | Reject invalid PDF/A file selections | no | boolean | false |
| signingTasks.fileDirectory | Path to where to store signed documents | no | string | "files" (relative to installation root) |
| signingService.url | URL of Signing Service | yes | string | none |
| smtp.client.hostname | SMTP hostname | yes (if smtp is enabled) | string | none |
| smtp.client.keyStore | Key store file to trust server certificates | no | string | none |
| smtp.client.keyStorePassword | Password for key store file | yes, if keyStore is encrypted | string | none |
| smtp.client.login | Use authentication on the SMTP service | no | string: DISABLED, NONE, REQUIRED | "REQUIRED" |
| smtp.client.password | SMTP Password | yes (if smtp is enabled) | string | none |
| smtp.client.port | SMTP port | no | int | 587 |
| smtp.client.ssl | Use TLS when connecting to mail server | no | boolean | true |
| smtp.client.starttls | Use StartTLS (DISABLED, OPTIONAL, or REQUIRED) | no | string | "REQUIRED" |
| smtp.client.trustAll | Trust all certificates when connecting to mail server | no | boolean | false |
| smtp.client.username | SMTP Username | yes (if smtp is enabled) | string | none |
| smtp.enabled | SMTP notifications enabled | no | boolean | false |
| smtp.fromAddress | Sender address to use for SMTP | yes (if smtp is enabled) | string | none |
| sourceCookie.cookieName | Cookie name | no | string | "swfSource" |
| sourceCookie.domain | Domain for the cookie. Set to null to use server domain | no | string | null |
| sourceCookie.enabled | Enable source cookie. It is a cookie that contains the source value for the user. The syntax for the value is; source=EXTERNAL | no | boolean | false |
| sourceCookie.isHttpOnly | HTTP-only cookie | no | boolean | true |
| sourceCookie.isSecure | Secure cookie. Can only be used with HTTPS. | no | boolean | true |
| sourceCookie.maxAge | Cookie expiration. Set to null to create a session cookie. | no | ISO-8601 duration | null |
| sourceCookie.path | Cookie path | no | string | "/" |
| sourceCookie.sameSite | Set same site. | no | string: NONE, LAX, STRICT | null |
| tabs.internal.enabled | Whether to enable the internal users tab | no | boolean | true |
| tabs.external.enabled | Whether to enable the external users tab | no | boolean | true |
| tabs.email.enabled | Whether to enable the email users tab | no | boolean | true |
| tabs.email.jwtExpireAfter | Expires JWT after given period. The JWT is used when sending an e-mail to the signer which contains an URL to autologin to SWF. | no | ISO-8601 duration | "P7D" |
| tabs.email.jwtSigningCertificatePassword | Password for tabs.email.jwtSigningCertificatePath | no | string | (empty value) |
| tabs.email.jwtSigningCertificatePath | Path to a certificate to use for creating the JWT | yes, if tabs.email.enabled = true | string | none |
| tags | Custom tags that can be used to tag signing orders | no | string array | [ ] |
| tenantId | Tenant id in a multi-tenant setup | no | string | "default" |
| users.externalUserAttributes.firstName | First name attribute in external user query result | no | string | "cn" |
| users.externalUserAttributes.info | Info attribute in external user query result | no | string | "o" |
| users.externalUserAttributes.lastName | Last name attribute in external user query result | no | string | "sn" |
| users.externalUserAttributes.mail | Mail attribute in external user query result | no | string | "mail" |
| users.externalUserAttributes.mobile | Mobile attribute in external user query result | no | string | "mobile" |
| users.externalUserLookup | URL for external user lookup | yes | string | none |
| users.internalUserAttributes.department | Department attribute in internal user query result | no | string | "ou" |
| users.internalUserAttributes.firstName | First name attribute in internal user query result | no | string | "cn" |
| users.internalUserAttributes.lastName | Last name attribute in internal user query result | no | string | "sn" |
| users.internalUserAttributes.mail | Mail attribute in internal user query result | no | string | "mail" |
| users.internalUserAttributes.mobile | Mobile attribute in internal user query result | no | string | "mobile" |
| users.internalUserAttributes.organization | Organization attribute in internal user query result | no | string | "o" |
| users.internalUserAttributes.userId | User ID attribute in internal user query result | no | string | "uid" |
| users.internalUserLookup | URL for internal user lookup | yes | string | none |
| users.internalUserSearch | URL for internal user search | yes | string | none |
| users.sslKeyFile | Path to private key for TLS authentication | no | string | none |
| users.sslKeyFileType | Key file type | no | string | "pkcs12" |
| users.sslKeyPassword | Password for the private TLS key | yes, if sslKeyFile is encrypted | string | "dummy" |
| users.sslTrustFile | Custom trust store | no | string | "" |
| users.sslTrustFileType | Trust store type | string | "pkcs12" | |
| users.useSsl | Use TLS towards User Query Service | no | boolean | false |
| users.useSslClientCert | Use TLS Client Auth towards User Query Service | no | boolean | false |
| users.useSslTrustAll | Trust all TLS server certificates | no | boolean | false |
| validateSignaturesService.basicAuth.basicAuthPassword | BasicAuth password when accessing PAS for signature validation | yes, if basic auth is enabled | string | "" |
| validateSignaturesService.basicAuth.basicAuthUsername | BasicAuth username when accessing PAS for signature validation | yes, if basic auth is enabled | string | "" |
| validateSignaturesService.basicAuth.enabled | Enabled BasicAuth when accessing PAS for signature validation | no | boolean | false |
| validateSignaturesService.enabled | Enable signature validation | no | boolean | false |
| validateSignaturesService.url | URL for the validation endpoint in PAS. Note that this request is made from the application; not the user's browser. | yes, if signature validation is enabled | string | "" |
| webHook.connectionTimeout | Timeout for the http POST | no | ISO-8601 duration | "PT30S" |
| webHook.enabled | Enable webhooks | no | boolean | false |
| webHook.endpoint | Endpoint for webhook | yes, if webhooks are enabled | string | none |
| webHook.key | Extra query parameter in endpoint URL | no | string | none |
| webHook.secret | Secret to create header signature | no | string | none |
| webHook.sslKeyFile | Private key for TLS authentication | yes, if using SSL | string | "update-ssl-key-file-configuration" |
| webHook.sslKeyFileType | Key file type, for example pkcs12 | no | string | none |
| webHook.sslKeyPassword | Password for the private TLS key | yes, if sslKeyFile is encrypted | string | none |
| webHook.sslTrustFile | Certificate file | yes, if using client authentication | string | "update-ssl-trust-file-configuration" |
| webHook.sslTrustFileType | Trust file type, for example pkcs12 | no | string | none |
| webHook.useSslClientCert | Use TLS Client authentication toward webhook service | no | boolean | false |
| webHook.useSslTrustAll | Trust all TLS server certificates | no | boolean | true |
| webRoot | Root of web content | no | string | "public" (relative to installation root) |