Frigg and braga use a configuration file (config.ini) with which is loaded at startup.
...
key | example | description | frigg | braga |
|---|---|---|---|---|
| database_connection_properties | database_connection_properties=sslMode=trust database_connection_properties=sslMode=trust;someOtherProperty=false | These properties are used to enable SSL encryption for the connection. sslMode can be trust, verify-ca or verify-full. Several connection properties can be added as a semicolon seperated list. These properties are appended to the JDBC URL, as shown below:
https://mariadb.com/docs/server/connect/programming-languages/java/tls/ | X | X |
database_host | 192.168.5.57 | the database host (IP or hostname) | X | X |
database_jndi | java:comp/env/jdbc/FriggDb | the jndi database source | X | X |
database_master | frigg_master | Name of the master database, which manages sequences and tenants in multitenant mode. Default: frigg_master | X | X |
database_migrate | true/false | true or false. If true, flyway database management is activated | X | |
database_name | frigg | the database schema name | X | X |
database_password | kjssdduiwe832//6?! | the database password | X | X |
database_port | 1521 | the database port | X | X |
database_service_name | FRIGG | the database service name (for Oracle connection) | X | X |
database_sid | xe | the database SID (for Oracle connection) | X | X |
database_type | mysql | mysql or oracle, the database type (default mysql) | X | X |
database_user | dbuser | the database user | X | X |
db_pool_max_wait_millis | 5000 | specifies the maximum time in milliseconds that the connection pool should wait for a connection to be returned before throwing an exception. The default value is 5000. | X | X |
db_pool_max_total | 100 | specifies the maximum number of connections that the database pool can have simultaneously open. The default is 100. | X | X |
db_pool_max_idle | 20 | specifies the maximum number of idle database connections to be maintained in the pool at any given time. The default value is 20. | X | X |
db_pool_min_idle | 5 | specifies the minimum number of idle connections that should be maintained in the connection pool. This property is used to ensure that a sufficient number of connections are available in the pool at all times. Default is 5. | X | X |
db_pool_max_conn_lifetime_millis | 600000 | specifies the maximum lifetime of a database connection in the connection pool. Default is 60000. | X | X |
deactivate_db_ping | true | true or false, deactivates validation check for the db connection (default false) | X | X |
storage_db_init_directory |
...
Certificates, Seals and signing
Keys that contain "aws_kms" refer to Amazon Web Services (AWS) Key Management Service.
key | example | description | frigg | braga |
|---|---|---|---|---|
api_id_iv | ghksau981ghksau9 | a secure random iv is created and stored in the db on server startup (recommended). This value is used for url data encryption. This mechanism can be overridden by setting a static 16 character long string. When used api_id_key also has to be set. | X | |
api_id_key | zeuwipahsjd6389a | a secure random key is created and stored in the db on server startup (recommended). This value is used for url data encryption. This mechanism can be overridden by setting a static 16 character long string. When used api_id_iv also has to be set. | X | |
app_signature_certificate_filename | d:\frigg\data\app_signature_public.der | the certificate path for the app signature with token authentication | X | |
app_signature_certificate_password | dsf433dreE&% | the certificate password for the app signature with token authentication | X | |
app_signature_certificate_private_key_filename | d:\frigg\data\app_signature_certificate.pfx | the certificate private key path for the app signature with token authentication | X | |
enduser_certificate_duration | 36 | the lifetime of user certificates in months | X | |
enduser_certificate_key_length | 2048 | the length of the create user certificates | X | |
external_certificate_provider | nebula | semicolon seperated list of external certificate providers. currently supported: nebula (nebulaSUITE) | X | |
guest_certificate_password | kkwJk34$ldP% | the guest certificate password (for non-registered webSignatureOffice user certificates) | X | X |
intermediate_certificate_filename | /frigg/data/cert.pem | the full path to the intermediate certificate for user certificate creation | X | |
intermediate_certificate_password | sduiSUm7$%&hJ | the intermediate certificate password | X | |
intermediate_certificate_private_key_filename | /frigg/data/cert_private.pem | the full path to the internmediate certificate private key | X | |
nebula_exclude_authenticators | MAIL;SMS | semicolon seperated list of authentication methods. The listed methods won't be usable. Default: All methods allowed. | X | |
notaryInfo | \n======================( NotaryInfo )====================== \n \nSomebody | the notary info added to a biometric signature | X | |
notary_public_key | dshkskdhNSSKhjadsbndskKJHKHSAK \ | the public key base64 encoded that is assigned new registered users. This key is used by the web signature office apps and HTML-Signer. for more information see Notary Key | X | |
|
| deprecated
| X | |
notary_sha1_fingerprint | dgdfgdfgffffffffffffffffffffffffffffffff | a sha1 hash of the certificate of the notary_public_key. It is configured in braga and used to check if the certificate configured in frigg coresponds to the hash. for more information see Notary Key | X | |
openssl_run_directory | c:/temp | the path to a folder in which openssl can run | X | |
rsa_encryptor_access_allow | if the rsa encryptor is accessed from a host that gets blocked because of cors, or access should be restricted, the | |||
| deprecated
for more information see Notary Key | X | ||
| deprecated
| X | ||
tsaServer | The Timestamp Authority Server used to set the signing time, braga. If not set, no timestamp |
...
key | example | description | frigg | braga |
|---|---|---|---|---|
api_deactivate_request_signature | true/false | If true, no X-SOSIGNATURE header is necessary. Only for testing! | X | X |
api_id_cache_expire_minutes | 15 | the decrypted ids are kept in a cache to improve performance. This defines the time till the value expires, default is 10 minutes | X | |
api_id_cache_max_size | 5000 | the decrypted ids are kept in a cache to improve performance. This defines the maximum capacity, if reached values are removed, default 1000 | ||
| deprecated
| X | ||
axis_server_context | /braga | The folder inside which the braga app is deployed (default empty) | X | |
axis_server_ip | 192.168.5.56 | the IP or hostname of the braga server | X | |
axis_server_port | 8080 | the braga server port (default 8080) | X | |
axis_server_protocol | https | https or https, the protocol used for the braga server (default http) | X | |
braga_create_copy | true | creates a copy of the PDF without biodata (if flag is true); default false | X | |
braga_render_dpi | 200 | the dpi with which pages are rendered (default is 200) | X | |
cookie_name | SOSESSIONID | the cookie name for the session cookie | X | |
cookie_path | / | the cookie path | X | |
| deactivate_registration | true/false | If true, frontend registration is not possible. Default false | X | |
| deactivate_passkey | true/false | If true, passkey functionality is deactivated. Default false | X | |
file_upload_max_file_size | 20480 | the maximum upload size in bytes | X | |
guest_user_document_availability | 60 | The time a document / envelope is available for a guest user (email guest user link). The timespan is the config setting + the signature_request due date. | ||
logging_debug | true | enables extended logging for debugging (default false) | X | |
memcached_port | 11211 | the memcached port | X | X |
memcached_server | 192.168.5.57 | the ip or hostname of the memcached server if memcahe is used | X | X |
memcached_sessions | true | true or false, the switch if memcached should be used for session managemeant | X | X |
org_quartz_properties | quartz.properties | the name of the quartz scheduler configuration file in the classpath (for the automated jobs) | X | |
pdf_render_max_render_threads | 4 | the max number of render threads | X | |
process_pool_timeout | 120000 | timeout for a process from the process pool in milliseconds (default 120000) | X | |
render_strategy | AllPages | the strategy used to render the pdf pages, possible values are OnlyPagesWithSignatures, AllPages, FirstTwoAndPagesWithSignatures. Default is FirstTwoAndPagesWithSignatures | X | |
request_lifetime | 7200 | the request lifetime in seconds. | X | |
rest_api_allowed_hosts | localhost,192.168.5.2,192.168.5.5 | the allowed hosts for the communication with the REST API (Cross-Origin-Requests) | X | |
session_sync | 60 | session sync interval in seconds (memcached) | X | |
session_timeout | 6000 | session timout in milleseconds (browser and tyrservice session) | X | X |
storage_home | X:/data/ | the full path for storage of documents and certificates (BRAGA) | X | |
storage_mode | soll rein? description korrekt? ---> | storage mode of braga, possible values:
| X | X |
tracking-header | x-idheader | the name of the http header used for the additional tracking id logging. Default is x-tracking | X | |
url_handler_key | jdksleuwiojdksleuwio67 | on server startup a secure key is created for url encryption and stored in the db (recommended). This mechanism can be overridden with this static 32 character long string. | X | |
webso_events_url | WebSignatureOffice can be configured to call an URL on certain events. This functionality is activated by setting the URL to be called in the config.ini Further configuration options are: webso_events_filter: a semicolon separated list of events that should be fired, if this option is not set, all events are fired. (e.g. STATUS_CHANGE;USER_FINISH) webso_events_keys: a semicolon seperated list of HTTP-request property keys for the webso_event execution (e.g. user;pass) webso_events_values: a semicolon seperated list with corresponding values for the webso_event_keys (e.g. stepovercallback;strongPassword) event_keys and events_values must be in the same order webso_events_retry: the time waited in milli seconds untill the event call is repeated. (e.g. 10)
| X |
...