api_id_iv

ghksau981ghksau9

a secure random iv is created and stored in the db on server startup (recommended). This value is used for url data encryption. This mechanism can be overridden by setting a static 16 character long string. When used api_id_key also has to be set.

X

api_id_key

zeuwipahsjd6389a

a secure random key is created and stored in the db on server startup (recommended). This value is used for url data encryption. This mechanism can be overridden by setting a static 16 character long string. When used api_id_iv also has to be set.

X

app_signature_certificate_filename

d:\frigg\data\app_signature_public.der

the certificate path for the app signature with token authentication

X

app_signature_certificate_password

dsf433dreE&%

the certificate password for the app signature with token authentication

X

app_signature_certificate_private_key_filename

d:\frigg\data\app_signature_certificate.pfx

the certificate private key path for the app signature with token authentication

X

enduser_certificate_duration

36

the lifetime of user certificates in months

X

enduser_certificate_key_length

2048

the length of the create user certificates

X

external_certificate_provider

nebula

semicolon seperated list of external certificate providers. currently supported: nebula (nebulaSUITE)

X

guest_certificate_password

kkwJk34$ldP%

the guest certificate password (for non-registered webSignatureOffice user certificates)

X

X

intermediate_certificate_filename

/frigg/data/cert.pem

the full path to the intermediate certificate for user certificate creation

X

intermediate_certificate_password

sduiSUm7$%&hJ

the intermediate certificate password

X

intermediate_certificate_private_key_filename

/frigg/data/cert_private.pem

the full path to the internmediate certificate private key

X

nebula_exclude_authenticators

MAIL;SMS

semicolon seperated list of authentication methods. The listed methods won't be usable. Default: All methods allowed.

X

notaryInfo

\n======================( NotaryInfo )====================== \n \nSomebody 

the notary info added to a biometric signature

X

notary_public_key

dshkskdhNSSKhjadsbndskKJHKHSAK \
DGHgdhjdsgJHDDSHJGdshdshdJDHDSJH \

the public key base64 encoded that is assigned new registered users. This key is used by the web signature office apps and HTML-Signer.

for more information see Notary Key

X

notary_public_key_hash

dskhdksjhds89s8djdshkjhsd7987987dsdssd

deprecated

a md5 hash of the public key

X

notary_sha1_fingerprint

dgdfgdfgffffffffffffffffffffffffffffffff

a sha1 hash of the certificate of the notary_public_key. It is configured in braga and used to check if the certificate configured in frigg coresponds to the hash.

for more information see Notary Key

X

openssl_run_directory

c:/temp

the path to a folder in which openssl can run

X

rsa_encryptor_access_allow

https://somehost.stpover.de

if the rsa encryptor is accessed from a host that gets blocked because of cors, or access should be restricted, the Access-Control-Allow-Origin header can be set with this value, default is *.

rsa_encryptor_public_key

deprecated

Public key for the RSA encryptor for encrypting biodata.

If not present, the notary_public_key is used.

for more information see Notary Key

X

rsa_encryptor_url

https://host:8444/RsaEncryptor/encode

deprecated

the url of the RSA encryptor used by the html signer, if no value is set the default RSA encryptor of the frigg module is taken

X

tsaServer

http://somehost.de/tsa

The Timestamp Authority Server used to set the signing time, braga. If not set, no timestamp 

multitenant

true / false: activates multitenant mode.

X

X

multitenant_admin_key

Administrator authorization for adding new tenants. This string has to be sent with the POST request to create a new tenant.

X

multitenant_host_ip

ip of the multitenant host

X

api_deactivate_request_signature

true/false

If true, no X-SOSIGNATURE header is necessary.

Only for testing!

X

X

api_id_cache_expire_minutes

15

the decrypted ids are kept in a cache to improve performance. This defines the time till the value expires, default is 10 minutes

X

api_id_cache_max_size

5000

the decrypted ids are kept in a cache to improve performance. This defines the maximum capacity, if reached values are removed, default 1000

axis_request_timeout

deprecated

the braga request timeout in milliseconds (default 240000)

X

axis_server_context

/braga

The folder inside which the braga app is deployed (default empty)

X

axis_server_ip

192.168.5.56

the IP or hostname of the braga server

X

axis_server_port

8080

the braga server port (default 8080)

X

axis_server_protocol

https

https or https, the protocol used for the braga server (default http)

X

braga_create_copy

true

creates a copy of the PDF without biodata (if flag is true); default false

X

braga_render_dpi

200

the dpi with which pages are rendered (default is 200)

X

cookie_name

SOSESSIONID

the cookie name for the session cookie

X

cookie_path

/

the cookie path

X

file_upload_max_file_size

20480

the maximum upload size in bytes

X

guest_user_document_availability

60

The time a document / envelope is available for a guest user (email guest user link). The timespan is the config setting + the signature_request due date. 

logging_debug

true

enables extended logging for debugging (default false)

X

memcached_port

11211

the memcached port

X

X

memcached_server

192.168.5.57

the ip or hostname of the memcached server if memcahe is used

X

X

memcached_sessions

true

true or false, the switch if memcached should be used for session managemeant

X

X

org_quartz_properties

quartz.properties

the name of the quartz scheduler configuration file in the classpath (for the automated jobs)

X

pdf_render_max_render_threads

4

the max number of render threads

X

process_pool_timeout

120000

timeout for a process from the process pool in milliseconds (default 120000)

X

render_strategy

AllPages

the strategy used to render the pdf pages, possible values are OnlyPagesWithSignatures, AllPages, FirstTwoAndPagesWithSignatures. Default is FirstTwoAndPagesWithSignatures

X

request_lifetime

7200

the request lifetime in seconds.

X

rest_api_allowed_hosts

localhost,192.168.5.2,192.168.5.5

the allowed hosts for the communication with the REST API (Cross-Origin-Requests)

X

session_sync

60

session sync interval in seconds (memcached)

X

session_timeout

6000

session timout in milleseconds (browser and tyrservice session)

X

X

storage_home

X:/data/

the full path for storage of documents and certificates (BRAGA)

X

storage_mode

soll rein? description korrekt? --->

storage mode of braga, possible values:

• db: files are stored in database

• dbWithFallback: files are stored in db. If entry is not present, filesystem will be used

• file: files are stored in filesystem

X

X

tracking-header

x-idheader

the name of the http header used for the additional tracking id logging. Default is x-tracking

X

url_handler_key

jdksleuwiojdksleuwio67

on server startup a secure key is created for url encryption and stored in the db (recommended). This mechanism can be overridden with this static 32 character long string.

X

webso_events_url

https://www.testserver.com/CallbackServlet

WebSignatureOffice can be configured to call an URL on certain events. This functionality is activated by setting the URL to be called in the config.ini

Further configuration options are:

webso_events_filter:  a semicolon separated list of events that should be fired, if this option is not set, all events are fired. (e.g. STATUS_CHANGE;USER_FINISH)

webso_events_keys: a semicolon seperated list of HTTP-request property keys for the webso_event execution (e.g. user;pass) 

webso_events_values: a semicolon seperated list with corresponding values for the webso_event_keys (e.g. stepovercallback;strongPassword) event_keys and events_values must be in the same order

webso_events_retry: the time waited in milli seconds untill the event call is repeated. (e.g. 10)

For more information, please check: e) Callback-API

X

file_upload_url

https://host/fileUpload/fileUpload

the url for the file upload (via tyrservice) (deprecated)

(X)

max_message_size

20480

the max tyrservice message size (optional value)

X

tyrservice_debugging

true

true or false, enables an extended logging for tyrservice classes (if no value is set the default is false)

X

tyrservice_public

false

true or false, wether the public tyrservice services should be available, public services only use the adhoc code for authentication

X