Frigg and braga use a configuration file (config.ini) with which is loaded at startup.
...
key | example | description | frigg | braga |
---|---|---|---|---|
database_connection_properties | database_connection_properties=sslMode=trust database_connection_properties=sslMode=trust;someOtherProperty=false | These properties are used to enable SSL encryption for the connection. sslMode can be trust, verify-ca or verify-full. Several connection properties can be added as a semicolon seperated list. These properties are appended to the JDBC URL, as shown below:
https://mariadb.com/docs/server/connect/programming-languages/java/tls/ | X | X |
database_host | 192.168.5.57 | the database host (IP or hostname) | X | X |
database_jndi | java:comp/env/jdbc/FriggDb | the jndi database source | X | X |
database_master | frigg_master | Name of the master database, which manages sequences and tenants in multitenant mode. Default: frigg_master | X | X |
database_migrate | true/false | true or false. If true, flyway database management is activated | X | |
database_name | frigg | the database schema name | X | X |
database_password | kjssdduiwe832//6?! | the database password | X | X |
database_port | 1521 | the database port | X | X |
database_service_name | FRIGG | the database service name (for Oracle connection) | X | X |
database_sid | xe | the database SID (for Oracle connection) | X | X |
database_type | mysql | mysql or oracle, the database type (default mysql) | X | X |
database_user | dbuser | the database user | X | X |
db_pool_max_wait_millis | 5000 | specifies the maximum time in milliseconds that the connection pool should wait for a connection to be returned before throwing an exception. The default value is 5000. | X | X |
db_pool_max_total | 100 | specifies the maximum number of connections that the database pool can have simultaneously open. The default is 100. | X | X |
db_pool_max_idle | 20 | specifies the maximum number of idle database connections to be maintained in the pool at any given time. The default value is 20. | X | X |
db_pool_min_idle | 5 | specifies the minimum number of idle connections that should be maintained in the connection pool. This property is used to ensure that a sufficient number of connections are available in the pool at all times. Default is 5. | X | X |
db_pool_max_conn_lifetime_millis | 600000 | specifies the maximum lifetime of a database connection in the connection pool. Default is 60000. | X | X |
deactivate_db_ping | true | true or false, deactivates validation check for the db connection (default false) | X | X |
storage_db_init_directory |
...
key | example | description | frigg | braga |
---|---|---|---|---|
admin_email_notifier | somebody@host.com;someoneelse@host.com | a list of recipients who are informed when accounts are charged with help of the admin functions or when user bought credits | X | |
emailExcludedTypes | signature_request_finished | List of mailtypes which are excluded. See i) Email Configuration for details. | X | |
emailFrom | the from mail header added to emails sent by the system | X | ||
emailPort | 25 | the smtp port | X | |
emailHtmlOnly | true | Only send html mail (no text mail). Default is true. | X | |
emailRetries | 5 | how many times the mailer retries to sent an email | X | |
emailSendToRegisteredUsers | user_finised;signature_field_signed | Semicolon seperated list of mailtypes. If a mailtype is present in the list, the email will be send to all registered users of the signature request. If it is not present, the email will only be send to the signature request creator. Possible mailtypes:
Default: Only creator receives email. | X | |
emailSmtp | hostname.domain or "false" | the smtp server used to sent mails. If set to "false", sending mails will be deactivated entirely. | X | |
emailSmtpPassword | password | the smtp server password | X | |
emailSmtpUser | smtpuser | the login for the smtp server | X | |
emailTls | false | true or false, enable or disable TLS (encryption) | Xguest_ | |
email_upcoming_due_period | 90 | the timespan in days the mailtypes signature_request_upcoming_due and signature_request_envelop_upcoming_due are sent before the due date exceeds. | X | |
guest_email | the email pattern for guest email addresses (default guest@websignatureoffice.com) | X | ||
invoice_mail_recipients | somebody@host.com;someoneelse@host.com | a list of recipients who receive a copy of all invoices created by the system (for credit purchase) | X | |
mail_password | oekopostpassword | the password for the mail verification account (https://www.oekopost.de/developer/) | X | |
mail_user | oekopostuser | the user for the mail verification account (https://www.oekopost.de/developer/) | X | |
obfuscate_sms_token_number | true/false | If true, the phone number is obfuscated in. e.g. +49170XXXXX111 | X | |
oekopost_test | true | If present, mail verification will be simulated by email. | ||
smsPassword | smspassword | the sms account password (for the sms delivery feature) (www.massenversand.de) | X | |
sms_protection_interval | ONCE | the interval a new sms token must be obtained to open a sms token protected document. Possible values:
| X | |
smsSender | stepover | the name displayed as sms sender (for the sms delivery feature) | X | |
smsUserId / authToken | 4327634 / 1ED33261VI0I6659347456B | the sms account user id or authToken (for the sms delivery feature) | X | |
sms_token_characters | the characters used in a sms token. possible values:
| X | ||
sms_token_length | The length of the sms token when opening a sms protected document / envelope. | X | ||
support_email | the email address for support notifications / inquiries. Contains a semicolon seperated list of email addresses. | X | ||
userBrandingSupportMail | de | "de" or "us". The language of the support mail, which will be sent to the email addresses defined in support_email. Additionally a copy of the support mail will be sent to the user. | X |
...
Certificates, Seals and signing
Keys that contain "aws_kms" refer to Amazon Web Services (AWS) Key Management Service.
key | example | description | frigg | braga |
---|---|---|---|---|
api_id_iv | ghksau981ghksau9 | a secure random iv is created and stored in the db on server startup (recommended). This value is used for url data encryption. This mechanism can be overridden by setting a static 16 character long string. When used api_id_key also has to be set. | X | |
api_id_key | zeuwipahsjd6389a | a secure random key is created and stored in the db on server startup (recommended). This value is used for url data encryption. This mechanism can be overridden by setting a static 16 character long string. When used api_id_iv also has to be set. | X | |
app_signature_certificate_filename | d:\frigg\data\app_signature_public.der | the certificate path for the app signature with token authentication | X | |
app_signature_certificate_password | dsf433dreE&% | the certificate password for the app signature with token authentication | X | |
app_signature_certificate_private_key_filename | d:\frigg\data\app_signature_certificate.pfx | the certificate private key path for the app signature with token authentication | X | |
enduser_certificate_duration | 36 | the lifetime of user certificates in months | X | |
enduser_certificate_key_length | 2048 | the length of the create user certificates | X | |
external_certificate_provider | nebula | semicolon seperated list of external certificate providers. currently supported: nebula (nebulaSUITE) | X | |
guest_certificate_password | kkwJk34$ldP% | the guest certificate password (for non-registered webSignatureOffice user certificates) | X | X |
intermediate_certificate_filename | /frigg/data/cert.pem | the full path to the intermediate certificate for user certificate creation | X | |
intermediate_certificate_password | sduiSUm7$%&hJ | the intermediate certificate password | X | |
intermediate_certificate_private_key_filename | /frigg/data/cert_private.pem | the full path to the internmediate certificate private key | X | |
nebula_exclude_authenticators | MAIL;SMS | semicolon seperated list of authentication methods. The listed methods won't be usable. Default: All methods allowed. | X | |
notaryInfo | \n======================( NotaryInfo )====================== \n \nSomebody | the notary info added to a biometric signature | X | |
notary_public_key | dshkskdhNSSKhjadsbndskKJHKHSAK \ | the public key base64 encoded that is assigned new registered users. This key is used by the web signature office apps and HTML-Signer. for more information see Notary Key | X | |
|
| deprecated
| X | |
notary_sha1_fingerprint | dgdfgdfgffffffffffffffffffffffffffffffff | a sha1 hash of the certificate of the notary_public_key. It is configured in braga and used to check if the certificate configured in frigg coresponds to the hash. for more information see Notary Key | X | |
openssl_run_directory | c:/temp | the path to a folder in which openssl can run | X | |
rsa_encryptor_access_allow | if the rsa encryptor is accessed from a host that gets blocked because of cors, or access should be restricted, the | |||
| deprecated
for more information see Notary Key | X | ||
| deprecated
| X | ||
tsaServer | The Timestamp Authority Server used to set the signing time, braga. If not set, no timestamp |
...
QES Qualified electronic signature
key | example | description | frigg | braga |
---|
deactivate_qes | true/false |
X
X
multitenant_admin_key
Administrator authorization for adding new tenants. This string has to be sent with the POST request to create a new tenant.
X
multitenant_host_ip
ip of the multitenant host
X
Additional server settings
key
example
description
frigg
braga
api_deactivate_request_signature
true/false
If true, no X-SOSIGNATURE header is necessary.
Only for testing!
api_id_cache_expire_minutes
15
the decrypted ids are kept in a cache to improve performance. This defines the time till the value expires, default is 10 minutes
X
api_id_cache_max_size
5000
the decrypted ids are kept in a cache to improve performance. This defines the maximum capacity, if reached values are removed, default 1000
axis_request_timeout
deprecated
the braga request timeout in milliseconds (default 240000)
X
axis_server_context
/braga
The folder inside which the braga app is deployed (default empty)
X
axis_server_ip
192.168.5.56
the IP or hostname of the braga server
X
axis_server_port
8080
the braga server port (default 8080)
X
axis_server_protocol
https
https or https, the protocol used for the braga server (default http)
X
braga_create_copy
true
creates a copy of the PDF without biodata (if flag is true); default false
X
braga_render_dpi
200
the dpi with which pages are rendered (default is 200)
X
cookie_name
SOSESSIONID
the cookie name for the session cookie
X
cookie_path
/
the cookie path
X
file_upload_max_file_size
20480
the maximum upload size in bytes
X
file_upload_url
the url for the file upload (via tyrservice)
X
guest_user_document_availability
60
The time a document / envelope is available for a guest user (email guest user link). The timespan is the config setting + the signature_request due date.
logging_debug
true
enables extended logging for debugging (default false)
X
max_message_size
20480
the max tyrservice message size (optional value)
X
memcached_port
11211
the memcached port
X
X
memcached_server
192.168.5.57
the ip or hostname of the memcached server if memcahe is used
X
X
memcached_sessions
true
true or false, the switch if memcached should be used for session managemeant
X
X
org_quartz_properties
quartz.properties
the name of the quartz scheduler configuration file in the classpath (for the automated jobs)
X
pdf_render_max_render_threads
4
the max number of render threads
X
process_pool_timeout
120000
timeout for a process from the process pool in milliseconds (default 120000)
X
render_strategy
AllPages
the strategy used to render the pdf pages, possible values are OnlyPagesWithSignatures, AllPages, FirstTwoAndPagesWithSignatures. Default is FirstTwoAndPagesWithSignatures
X
request_lifetime
7200
the request lifetime in seconds.
X
rest_api_allowed_hosts
localhost,192.168.5.2,192.168.5.5
the allowed hosts for the communication with the REST API (Cross-Origin-Requests)
X
session_sync
60
session sync interval in seconds (memcached)
X
session_timeout
6000
session timout in milleseconds (browser and tyrservice session)
X
X
storage_home
X:/data/
the full path for storage of documents and certificates (BRAGA)
X
storage_mode
soll rein? description korrekt? --->
storage mode of braga, possible values:
db: files are stored in database
dbWithFallback: files are stored in db. If entry is not present, filesystem will be used
file: files are stored in filesystem
X
X
tracking-header
x-idheader
the name of the http header used for the additional tracking id logging. Default is x-tracking
X
tyrservice_debugging
true
true or false, enables an extended logging for tyrservice classes (if no value is set the default is false)
X
tyrservice_public
false
true or false, wether the public tyrservice services should be available, public services only use the adhoc code for authentication
X
url_handler_key
jdksleuwiojdksleuwio67
on server startup a secure key is created for url encryption and stored in the db (recommended). This mechanism can be overridden with this static 32 character long string.
X
webso_events_url
WebSignatureOffice can be configured to call an URL on certain events. This functionality is activated by setting the URL to be called in the config.ini
Further configuration options are:
webso_events_filter: a semicolon separated list of events that should be fired, if this option is not set, all events are fired. (e.g. STATUS_CHANGE;USER_FINISH)
webso_events_keys: a semicolon seperated list of HTTP-request property keys for the webso_event execution (e.g. user;pass)
webso_events_values: a semicolon seperated list with corresponding values for the webso_event_keys (e.g. stepovercallback;strongPassword) event_keys and events_values must be in the same order
webso_events_retry: the time waited in milli seconds untill the event call is repeated. (e.g. 10)
For more information, please check: e) Callback-APIIf true, all qes functionality is deactivated | X | |||
qes_signius_api_pkcs12 | /path/to/file/cert.p12 | The file path of the signius pkcs12 used for api authentication | X | X |
qes_signius_api_pkcs12_passphrase | The signius pkcs12 passphrase | X | X | |
qes_signius_key_prefix | mdksdfpokdsf | A prefix used for qes authentication. | X | X |
qes_signius_verification_credits | 20 | The amount of credits that a verification costs. Default 20 | X | |
qes_signius_signature_credits | 5 | The amount of credits that a verification costs. Default 5 | X | |
qes_signius_rest_api_host | professional.signius.eu | the host of the signius rest api endpoint. Default professional.signius.eu | X | X |
qes_signius_debug | true / false | flag to display signius harmony rest api debug information. Default false. | X | X |
Multitenant
key | example | description | frigg | braga |
---|---|---|---|---|
multitenant | true / false: activates multitenant mode. | X | X | |
multitenant_admin_key | Administrator authorization for adding new tenants. This string has to be sent with the POST request to create a new tenant. | X | ||
multitenant_host_ip | ip of the multitenant host | X |
Additional server settings
key | example | description | frigg | braga |
---|---|---|---|---|
api_deactivate_request_signature | true/false | If true, no X-SOSIGNATURE header is necessary. Only for testing! | X | X |
api_id_cache_expire_minutes | 15 | the decrypted ids are kept in a cache to improve performance. This defines the time till the value expires, default is 10 minutes | X | |
api_id_cache_max_size | 5000 | the decrypted ids are kept in a cache to improve performance. This defines the maximum capacity, if reached values are removed, default 1000 | ||
| deprecated
| X | ||
axis_server_context | /braga | The folder inside which the braga app is deployed (default empty) | X | |
axis_server_ip | 192.168.5.56 | the IP or hostname of the braga server | X | |
axis_server_port | 8080 | the braga server port (default 8080) | X | |
axis_server_protocol | https | https or https, the protocol used for the braga server (default http) | X | |
braga_create_copy | true | creates a copy of the PDF without biodata (if flag is true); default false | X | |
braga_render_dpi | 200 | the dpi with which pages are rendered (default is 200) | X | |
cookie_name | SOSESSIONID | the cookie name for the session cookie | X | |
cookie_path | / | the cookie path | X | |
deactivate_registration | true/false | If true, frontend registration is not possible. Default false | X | |
deactivate_passkey | true/false | If true, passkey functionality is deactivated. Default false | X | |
file_upload_max_file_size | 20480 | the maximum upload size in bytes | X | |
guest_user_document_availability | 60 | The time a document / envelope is available for a guest user (email guest user link). The timespan is the config setting + the signature_request due date. | ||
logging_debug | true | enables extended logging for debugging (default false) | X | |
memcached_port | 11211 | the memcached port | X | X |
memcached_server | 192.168.5.57 | the ip or hostname of the memcached server if memcahe is used | X | X |
memcached_sessions | true | true or false, the switch if memcached should be used for session managemeant | X | X |
org_quartz_properties | quartz.properties | the name of the quartz scheduler configuration file in the classpath (for the automated jobs) | X | |
pdf_render_max_render_threads | 4 | the max number of render threads | X | |
process_pool_timeout | 120000 | timeout for a process from the process pool in milliseconds (default 120000) | X | |
render_strategy | AllPages | the strategy used to render the pdf pages, possible values are OnlyPagesWithSignatures, AllPages, FirstTwoAndPagesWithSignatures. Default is FirstTwoAndPagesWithSignatures | X | |
request_lifetime | 7200 | the request lifetime in seconds. | X | |
rest_api_allowed_hosts | localhost,192.168.5.2,192.168.5.5 | the allowed hosts for the communication with the REST API (Cross-Origin-Requests) | X | |
session_sync | 60 | session sync interval in seconds (memcached) | X | |
session_timeout | 6000 | session timout in milleseconds (browser and tyrservice session) | X | X |
storage_home | X:/data/ | the full path for storage of documents and certificates (BRAGA) | X | |
storage_mode | soll rein? description korrekt? ---> | storage mode of braga, possible values:
| X | X |
tracking-header | x-idheader | the name of the http header used for the additional tracking id logging. Default is x-tracking | X | |
url_handler_key | jdksleuwiojdksleuwio67 | on server startup a secure key is created for url encryption and stored in the db (recommended). This mechanism can be overridden with this static 32 character long string. | X | |
webso_events_url | WebSignatureOffice can be configured to call an URL on certain events. This functionality is activated by setting the URL to be called in the config.ini Further configuration options are: webso_events_filter: a semicolon separated list of events that should be fired, if this option is not set, all events are fired. (e.g. STATUS_CHANGE;USER_FINISH) webso_events_keys: a semicolon seperated list of HTTP-request property keys for the webso_event execution (e.g. user;pass) webso_events_values: a semicolon seperated list with corresponding values for the webso_event_keys (e.g. stepovercallback;strongPassword) event_keys and events_values must be in the same order webso_events_retry: the time waited in milli seconds untill the event call is repeated. (e.g. 10)
| X |
TyrService
key | example | description | frigg | braga |
---|---|---|---|---|
file_upload_url | the url for the file upload (via tyrservice) (deprecated) | (X) | ||
max_message_size | 20480 | the max tyrservice message size (optional value) | X | |
tyrservice_debugging | true | true or false, enables an extended logging for tyrservice classes (if no value is set the default is false) | X | |
tyrservice_public | false | true or false, wether the public tyrservice services should be available, public services only use the adhoc code for authentication | X | |
tyrservice_with_qes | true/false | If false, documents and envelopes with QES signatures for that user aren't returned using getSigningRequests. Default false. | X | |
tyrservice_with_sms_token | If false, documents and envelopes with SmsToken Protection for that user aren't returned using getSigningRequests | X | ||
tyrservice_envelopes_with_conditions | If false, envelopes with conditions won't be returned using getEnvelopeMetaList | X |
TyrService Cache
key | example | description | frigg | braga |
---|---|---|---|---|
tyrcache | true | activates the tyrservice cachee | X | |
tyrcache_port | default 1110 | the port the listener listens on | X | |
tyrcache_host | host | the host the listener listens on, if not set, all hostnames | X | |
tyrcache_servers | host1:1110,host2:1110 | a comma seperated list of servers to connect to | X | |
tyrcache_lifetime | default 300 | the lifetime of a cache object in seconds | X | |
tyrcache_max_objects | default 10000 | the maximum amount of objects stored in the cache before objects get evicted | X | |
tyrcache_encryption_key | default value hard coded, should be changed | the key used to encrypt the objects, 32 characters | X |
...