Configuration reference
This document describes all the parameters (set in config/config.json) that controls system behaviour.
Audience
System administrators.
Name | Description | Mandatory | Choices/Default |
---|---|---|---|
publicUrl | Public URL for the Signing Workflow service |
yes | |
primaryServerInterface | Listening interface for the web app API | 0.0.0.0 | |
primaryServerPort | Listening port for the web app API | 8080 | |
automationApiEnabled | false | ||
automationApiInterface |
Listening interface for the Automation API | 0.0.0.0 | |
automationApiPort | Listening port for the Automation API |
8081 | |
logoutUrl | Browser redirect to this URL on logout |
Same value as publicUrl | |
logNetworkActivity | Enable TCP logging for incoming HTTP requests |
false | |
sessionTimeout | Session timeout in milliseconds |
30000 | |
database.url | Database URL |
yes | |
database.user | Database user |
yes | |
database.password | Database password |
yes | |
database.max_pool_size | Maximal number of connections in connection pool |
15 | |
database.min_pool_size | Minimal number of connections in connection pool |
3 | |
database.initial_pool_size | Initial number of connections in connection pool |
3 | |
database.max_idle_time | Maximum idle time for a connection in connection pool (0 means forever) |
0 | |
database.changelog | Path to database changeset (do not edit) | yes | |
database.migrations_enabled | Enable database changeset (do not edit) | yes | true, false |
database.driver_class | Database driver (do not edit) | yes | |
signingOrders.fileDirectory | File storage | yes | |
signingOrders.documentLocationId | File storage ID. Change this to a unique value every time the File storage directory is changed. | yes | |
signingOrders.documentMimeType | Mime type header when downloading a signed document | application/octet-stream | |
documentRetention.enabled |
Enable or disable the entire document retention function. | false | |
documentRetention.inactiveDocumentAge |
Max age of an inactive document until it is deleted. Value in ISO8601 |
PT12H | |
documentRetention.completedDocumentAge |
Max age of a completed (accepted) document until it is deleted. Value in ISO8601 |
P30D | |
orderReminder.enabled | Enable reminder notifications |
false |
|
orderReminder.beforeExpiration | Send reminder number of days before order expires |
P2D |
|
jwt.privateKeyFile | A private key file | yes | |
jwt.publicCertFile | Public certificate corresponding to the private key | yes | |
signingService.url | URL of Signing Service | yes | |
fileService.url | URL of File Service. | yes | |
fileService.username | File service user | yes | |
fileService.password | File service user password | yes | |
saml.postSsoUrl | SAML IdP Request consumer URL |
yes | |
saml.assertionConsumerServiceUrl | SAML Assertion consumer URL | yes | |
saml.issuerId | SAML issuer ID | yes | |
saml.defaultLocale | SAML locale | yes | |
saml.attributes.authority | Authority attribute | yes | |
saml.attributes.source | Source attribute | yes |
|
saml.attributes.firstName | First name attribute | yes |
|
saml.attributes.lastName | Last name attribute | yes |
|
saml.attributes.mail | Mail attribute | yes |
|
saml.roles.solicitor | This value for the digo_saml_authority attribute indicates Solicitor permissions |
yes |
|
saml.trustedIssuers | List of iles containing trusted certificates for SAML ticket validation |
yes |
|
saml.skewTime | SAML skew time | yes |
|
smtp.host | SMTP service host | yes |
|
smtp.port | SMTP service port | yes |
|
smtp.trust | Used with SMTP TLS. Set to same as smtp.host when using TLS. | ||
smtp.username | SMTP service username | ||
smtp.password | SMTP service password | ||
smtp.fromAddress | Notification email from | yes |
|
smtp.enabled | SMTP notifications enabled. (Must be set to string, ie "true" or "false") | yes |
true, false |
smtp.enable |
Set to true if TLS is used. (Must be set to string, ie "true" or "false") |
true, false / false |
|
smtp.auth | Use authentication on the SMTP service | true, false / false |
|
users.useSsl | Use TLS towards User Query Service |
true, false | |
users.useSslClientCert | Use TLS Client Auth towards User Query Service |
true, false | |
users.useSslTrustAll | Trust all TLS server certificates |
true, false | |
users.sslKeyFile | Private key for TLS authentication |
||
users.sslKeyPassword | Password for the private TLS key |
||
users.externalUserLookup | URL for external user lookup |
yes |
|
users.internalUserLookup | URL for internal user lookup |
yes |
|
users.internalUserSearch | URL for internal user search |
yes |
|
users.internalUserAttributes.organization | Organization attribute in internal user query result |
yes |
|
users.internalUserAttributes.userId |
User ID attribute in internal user query result |
yes |
|
users.internalUserAttributes.mail |
Mail attribute in internal user query result |
yes |
|
users.internalUserAttributes.firstName |
First name attribute in internal user query result |
yes |
|
users.internalUserAttributes.lastName |
Last name attribute in internal user query result |
yes |
|
users.internalUserAttributes.mobile |
Mobile attribute in internal user query result |
yes |
|
users.internalUserAttributes.department |
Department attribute in internal user query result |
yes |
|
users.externalUserAttributes.info |
Info attribute in external user query result |
yes |
|
users.externalUserAttributes.mail |
Mail attribute in external user query result |
yes |
|
users.externalUserAttributes.mobile |
Mobile attribute in external user query result |
yes |
|
users.externalUserAttributes.firstName |
First name attribute in external user query result |
yes |
|
users.externalUserAttributes.lastName |
Last name attribute in external user query result |
yes |
|
users.externalUserAttributes.info |
Info attribute in external user query result |
yes |
|
webHook.enabled | Enable webhooks | false | |
webHook.endpoint |
Endpoint for webhook | yes | |
webHook.key |
Extra query parameter in endpoint URL. | ||
webHook.connectionTimeout |
Timeout for the http POST. Duration in ISO-8601. | PT30S | |
webHook.secret |
Secret to create header signature. | ||
webHook.useSslTrustAll |
Trust all TLS server certificates |
true | |
webHook.useSslClientCert |
Use TLS Client authentication towards webhook service |
false | |
webHook.sslTrustFile | Certificate file, mandatory if using client authentication. | (yes) | |
webHook.sslTrustFileType |
Content type. | pkcs12 | |
webHook.sslKeyFile |
Private key for TLS authentication, mandatory if using SSL. | (yes) | |
webHook.sslKeyFileType |
Content type. |
pkcs12 |
|
webHook.sslKeyPassword |
Password for the private TLS key |
(yes) |
Example configuration file
<p>{
"publicUrl": "https://signing-workflow.phenixid.net/",
"apiHost": "172.16.238.11",
"primaryServerPort": 8080,
"automationApiEnabled": true,
"automationApiHost": "172.16.239.11",
"apiPort": 8081,
"logoutUrl": "https://signing-workflow.phenixid.net/",
"logNetworkActivity": false,
"sessionTimeout": 30000,
"database": {
"url": "jdbc:sqlserver://10.128.22.34:61466;database=workflow",
"user": "workflow_owner",
"password": "Secret8899",
"max_pool_size": 15,
"min_pool_size": 3,
"initial_pool_size": 3,
"max_idle_time": 0,
"changelog": "db_migrations/changelog.master.xml",
"migrations_enabled": true,
"driver_class": "com.microsoft.sqlserver.jdbc.SQLServerDriver"
},
"signingOrders": {
"fileDirectory": "C:/PhenixID/FileStorage",
"documentLocationId": 1
},
"orderReminder": {
"enabled": true,
"beforeExpiration": "P2D"
},
"documentRetention": {
"enabled": true,
"inactiveDocumentAge": "PT12H",
"completedDocumentAge": "P30D"
},
"jwt": {
"privateKeyFile": "C:/PhenixID/Keys/token_signer.pkcs8",
"publicCertFile": "C:/PhenixID/Certs/token_signer.cer"
},
"signingService": {
"url": "https://signing.phenixid.net/pdf_sign//authenticate/logout/?nextTarget=https://signing.phenixid.net/pdf_sign//"
},
"fileService": {
"url": "https://signing-service.phenixid.net/files/session",
"username": "workflow",
"password": "secret7zce"
},
"documentRetention": {
"enabled": true,
"inactiveDocumentAge": "PT12H",
"completedDocumentAge": "P30D"
},
"saml": {
"postSsoUrl": "https://idp.phenixid.net/saml/authenticate/idp",
"assertionConsumerServiceUrl": "https://signing-workflow.phenixid.net/auth/saml",
"issuerId": "https://signing-workflow.phenixid.net/saml/sp",
"defaultLocale": "sv",
"attributes": {
"authority": "description",
"source": "source",
"firstName": "givenName",
"lastName": "sn",
"mail": "mail"
},
"roles": {
"solicitor": "role:solicitor"
},
"trustedIssuers": [
"https://idp.phenixid.net/saml/idp"
],
"trustedCertificates": [
"C:/PhenixID/Certs/samltrust.pem"
],
"skewTime": 30000
},
"smtp": {
"host": "smtp.sendgrid.net\"",
"port": "25",
"trust": null,
"username": null,
"password": null,
"fromAddress": "[email protected]",
"enabled": "true",
"auth": false
},
"webHook": {
"enabled": true,
"endpoint": "http://www.example.org/automation"
},
"users": {
"useSsl": false,
"useSslClientCert": false,
"useSslTrustAll": false,
"sslTrustFile": "C:/PhenixID/Trust/saml-trust.pkcs8",
"sslKeyFile": "C:/PhenixID/Keys/key.der",
"sslKeyPassword": "abc123",
"externalUserLookup": "https://signing-service.net/pipes/users/external",
"internalUserLookup": "https://signing-service.net/pipes/users/internal",
"internalUserSearch": "https://signing-service.net/pipes/users/search",
"internalUserAttributes": {
"organization": "o",
"userId": "sAMAccountName",
"mail": "mail",
"firstName": "givenName",
"lastName": "sn",
"mobile": "mobile",
"department": "ou"
},
"externalUserAttributes": {
"info": "o",
"mail": "mail",
"mobile": "mobile",
"firstName": "givenName",
"lastName": "sn"
}
}
}</p>
Click to copy