Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Frigg and braga use a configuration file (config.ini) with which is loaded at startup.

Table of Contents

Format

Braga and Frigg both use a versatile configuration file based on the windows ini format. The config file contains the following sections:

[default]

[dev]

[stage]

[live]

Properties are mapped as strings: key=value. All values are first searched in the vm security properties.

The values in the default section are used as base values when no values are found in dev, stage or live. The stage and live sections are used according to the ip mappings contained in the default section:

stage_ips=192.168.4.55|192.168.5.55|192.168.5.56|192.168.5.57
live_ips=172.31.0.0/16|172.30.0.0/16

Dev is used when the IP does not match any stage or live server.

Ips are separted by | and ranges can be defined with /

A section (stage or live) for a specific IP can be defined as:

[stage:192.168.4.55]

The values here override the values in the respective section.

Loading

The config file resides in com.stepover.frigg.util, filename is config.ini. If a file named myconfig.ini is present this is taken instead (this can be used during development). A root config file can be set by setting a Java system property: so_config_ini pointing to a file per absolute path or url. A root config can also be placed somewhere on the classpath.  The values in this root config override any values set in a config at com.stepover.frigg.util.

Audittrail

Audittrail configuration is only necessary for braga except for audit_active.Frigg and braga use a configuration file (config.ini) with which is loaded at startup.

Table of Contents

Format

Braga and Frigg both use a versatile configuration file based on the windows ini format. The config file contains the following sections:

[default]

[dev]

[stage]

[live]

Properties are mapped as strings: key=value. All values are first searched in the vm security properties.

The values in the default section are used as base values when no values are found in dev, stage or live. The stage and live sections are used according to the ip mappings contained in the default section:

stage_ips=192.168.4.55|192.168.5.55|192.168.5.56|192.168.5.57
live_ips=172.31.0.0/16|172.30.0.0/16

Dev is used when the IP does not match any stage or live server.

Ips are separted by | and ranges can be defined with /

A section (stage or live) for a specific IP can be defined as:

[stage:192.168.4.55]

The values here override the values in the respective section.

Loading

The config file resides in com.stepover.frigg.util, filename is config.ini. If a file named myconfig.ini is present this is taken instead (this can be used during development). A root config file can be set by setting a Java system property: so_config_ini pointing to a file per absolute path or url. A root config can also be placed somewhere on the classpath.  The values in this root config override any values set in a config at com.stepover.frigg.util.

Audittrail

Audittrail configuration is only necessary for braga except for audit_active.

key

example

description

frigg

braga

audit_active

true

activates the audittrail feature, default false

X


audit_report_documentPageNumberField

9

Number of the text field of the template where the page number will be written


X

audit_report_documentTotalFieldsForTrails

8

Number of fields in the document template to show audit trails


X

audit_report_envelopePageNumberField

15

Number of the text field of the envelope template where the page number will be written


X

audit_report_envelopeTotalFieldsForTrails

14

Number of fields in the envelope overview template to show the audit trails


X

audit_report_name_of_signer

the webSignatureOffice system

The name of the signer of the audit report


X

audit_report_servername_to_show

webso

To show the name of the server which generated the audit report


X

audit_report_signature_image_file_path

/var/data/audit/auditReportSignatureImage.bmp

In the Audit report, there is an image for the signature, give the path of the signature file here


X

audit_report_signature_image_x_location

420

The X location of the 1st page of the report where you want to show the signature image


X

audit_report_signature_image_y_location

750

The Y location of the 1st page of the report where you want to show the signature image


X

audit_report_template_envelop_overview_de

/var/data/audit/StepOverInternational_envelope_overview_template_de.pdf

This template will be used to for envelope audit report's overview page for DE locale


X

audit_report_template_envelop_overview_en

/var/data/audit/StepOverInternational_envelope_overview_template_en.pdf

This template will be used to for envelope audit report's overview page for EN locale


X

audit_report_template_page_de

/var/data/audit/StepOverInternational_document_de.pdf

This template will be used to generate audit report in DE locale


X

audit_report_template_page_en

/var/data/audit/StepOverInternational_document_en.pdf

This template will be used to generate audit report in EN locale


X


Adhoc-Viewer / Capture Function

When selecting "smartphone/tablet" (signature type 4) the adhoc-viewer is used, when the qr-code is scanned or the link in the sms or pop-up window is opened. Capture function (QR code scan)

key

example

description

frigg

braga

adhoc_html_signer_only

true

true or false, determines if adhoc viewer (QR code scanned) can be signed exclusively with the HTML Signer (default true)

X


adhoc_length

10

the character length of the adhoc code (default ist 10)

X


adhoc_lifetime_minutes

15

defines the validity period of the adhoc code or a generated QR Code (default is 5 minutes)

X


atmosphere_fallback_transport

streaming

defines the fallback transport type for the message transfer (message broker).
Valid types are "polling", "long-polling", "streaming", "jsonp", "sse" and "websocket". Default type is long-polling, specification in config.ini without quotes

X


atmosphere_idle_time

2

maximum time in minutes that an atmosphere connection can be idle before it is closed (default 5)

X


atmosphere_servlet

https://127.0.0.1:8443/atmosphereServlet

the url for the atmosphere servlet used by the adhoc functionality

X


atmosphere_suspend_time

30

maximum time that an atmosphere connection is kept alive (default 10)

X


atmosphere_transport

long-polling

defines the transport type for the message transfer (message broker).
Valid types are "polling", "long-polling", "streaming", "jsonp", "sse" and "websocket". Default type is streaming, specification in config.ini without quotes

X


jms_jndi_factory

atmosphereFactory

the jms broadcaster factory jndi name

X


jms_jndi_namespace

java:comp/env/jms/

the namespace used for the jndi lookup of the jms components 

X


jms_jndi_topic


the name of the topic created on the jms broadcaster for the adhoc code messaging



jms_topic

atmosphere

the name of the topic created on the jms broadcaster for the adhoc code messaging

X


qr_code_host

localhost:3000

host and port of the qrcode url

X


qr_code_servlet_path

/process

Path to the servlet of the QR-Code



qr_code_path

/qrcodepath/

path of the qrcode url

X


rabibtmq_port

5672

the port of the rabbitmq server (default 5672)



rabbitmq_server

192.168.4.55

the IP or hostname of the rabbittmq server used by the adhoc functionality (message broker)

X


URLs

The configured URLs are used to construct the links for emails or browser redirects

key

example

description

frigg

braga

acceptContactUrl

https://host/frigg/login/#/contacts

the url for accepting contact requests (Contact page)

X


invitationUrl

https://host/frigg/Registration.html

the url for user registration and invitation

X


loginUrl

https://www.websignatureoffice.com/Login.html

the login url (used for redirecting)

X


passwordResetUrl

https://host/frigg/PasswordReset.html

the url for the password reset page

X


process_urlhttps://host/frigg/processThe url for the process servlet which redirects to the timelimited viewer: TimeLimitedDocumentViewer, TimeLimitedEnvelopeViewer, AdhocDocumentViewer, AdhocEnvelopeViewer, AdhocCodeHandler (redirects adhoc-codes to the adhoc viewer)X

signatureRequestUrl

https://host/frigg/login/#signature_request

Deprecated! Replaced by viewer_url and process_url; (the url for signature requests)

(X)


verificationUrl

https://host/frigg/Verification.html

the url for the verification page

X


viewer_urlhttps://host/frigg/app/viewerThe url of the viewer (document and envelope)X

Database

key

example

description

frigg

braga

audit
database_connection_
activetrueactivates the audittrail feature, default falseX

audit_report_documentPageNumberField

9Number of the text field of the template where the page number will be writtenX

audit_report_documentTotalFieldsForTrails

8Number of fields in the document template to show audit trailsX

audit_report_envelopePageNumberField

15Number of the text field of the envelope template where the page number will be writtenX

audit_report_envelopeTotalFieldsForTrails

14Number of fields in the envelope overview template to show the audit trailsX

audit_report_name_of_signer

the webSignatureOffice system

The name of the signer of the audit reportX

audit_report_servername_to_show

webso

To show the name of the server which generated the audit reportX

audit_report_signature_image_file_path

/var/data/audit/auditReportSignatureImage.bmp

In the Audit report, there is an image for the signature, give the path of the signature file hereX

audit_report_signature_image_x_location

420

The X location of the 1st page of the report where you want to show the signature imageX

audit_report_signature_image_y_location

750The Y location of the 1st page of the report where you want to show the signature imageX

audit_report_template_envelop_overview_de

/var/data/audit/StepOverInternational_envelope_overview_template_de.pdf

This template will be used to for envelope audit report's overview page for DE localeX

audit_report_template_envelop_overview_en

/var/data/audit/StepOverInternational_envelope_overview_template_en.pdf

This template will be used to for envelope audit report's overview page for EN localeX

audit_report_template_page_de

/var/data/audit/StepOverInternational_document_de.pdf

This template will be used to generate audit report in DE localeX

audit_report_template_page_en

/var/data/audit/StepOverInternational_document_en.pdf

This template will be used to generate audit report in EN localeX

Adhoc-Viewer / Capture Function

When selecting "smartphone/tablet" (signature type 4) the adhoc-viewer is used, when the qr-code is scanned or the link in the sms or pop-up window is opened. Capture function (QR code scan)

...

URLs

The configured URLs are used to construct the links for emails or browser redirects

...

Database

...

true/false

...

database_port

...

database_service_name 

...

database_sid

...

Email, SMS, postal Mail

For additional Email configuration see i) Mailer

SMS provider is www.massenversand.de . The sms are used for sending adhoc-viewer links and user verification.

The postal mail provider is www.oekopost.de . It is used for user verification.

...

Semicolon seperated list of mailtypes. If a mailtype is present in the list, the email will be send to all registered users of the signature request. If it is not present, the email will only be send to the signature request creator.

Possible mailtypes:

  • signature_field_signed
  • signature_field_rejected
  • user_finished
  • envelope_user_finished

Default: Only creator receives email.

...

guest_email

...

the characters used in a sms token. possible values:

  • numerical: just numbers
  • alphanumerical: capital letters and numbers
  • alphanumercical_casesensetive: Uppercase, lowercase letters and numbers.

...

Credit and payment settings

...

defines the interval of accounting periods. One of

  • false (no accounting periods)
  • daily
  • weekly
  • monthly
  • quarterly
  • yearly

...

has_license

...

App settings

...

extra_password_prompt

...

activates an extra password prompt in the iSignatureOffice / aSignatureOffice app (authentication with fingerprint or face ID).

0 = deactivated, 1 = activated (default 0)
see also flag 'password_interval'

...

Viewer settings

The following settings customize the viewer.

...

obfuscated

...

true

...

true or false. When active it's necessary to click in the signature field after clicking "sign now". 

Image Removed

Default true.

...

If the value is set, it will be displayed in the signature type popup (under the selection options)

(formerly show_custom_text)

please note: This text is the same for every viewer language. It's only advisable to use, if only one language is used.

Image Removed

...

true or false, deactivates the final status popup shown after all fields have been signed (default true)

Image Removed

...

true or false, deactivates the appearance of the popup after skipping the last optional field of a signature request which asks for ignoring the field (sign later) or finishing the request (only if there are no mandatory fields!) (default false)

if true also the "finish signature process" button (shown after signing all mandatory fields) is deactivated.

Image Removed

Image Removed

If it is set to true, also the "skip" button of the last optional field isn't shown.

Image Removed

...

"true", "false", "optional", "mandatory", defines when the "reject" button is active during signing. (default false)

true: reject button is never active

false: reject button is alsways active

mandatory: reject button is inactive for mandatory signature fields

optional: reject button is inactive for optionals signature fields

...

deactivates the overlay to enter a reason when declining a signature (default false): 

Image Removed

true: reason popup is deactivated

false: reject button is alsways active

mandatory: reason popup is inactive for mandatory signature fields

optional: reason popup is inactive for optionals signature fields

X

...

deactivate_reject_reason_popup_reason

...

deactives the reason textfield in the reject reason popup. Only a warning will be shown. (see above)

true: reason textfield is deactivated

false: reason textfield is alsways active

mandatory: reason textfield is inactive for mandatory signature fields

optional: reason textfield is inactive for optionals signature fields

...

deactivate_remember_sign_type

...

formfields_writable_for_others

...

false

...

deprecated

If the value is "true", the adhoc URL (option "SHOW LINK") is displayed encrypted (default false)

...

If true, the mouse coursor is a pencil in html viewer signature fields.  Image Removed

...

deprecated

...

true or false, if set to "true", the "accept_signature"-button will be shown in the browser while signing with a signature-pad Image Removed

Default true.

...

show_selection_capture

...

show_selection_display

...

show_selection_pad

...

Signature Pad

...

true or false, activates the hash dialog during signing with StepOver Pads. The hash must be confirmed after every signature.

viewer:

Image Removed

pad:

Image Removed

...

semicolon seperated list of allowed notary key names to use when signing with a pad.

The pad contains one or more keys for encrypting the bio data. The keys are identified by “crypto id names” and a “crypto id”, which are obtained from websignatureOffice via the pad connector (getDeviceDetails).

If the config pad_connector_crypto_id_names is not set, the signature will be encrypted with the standard key of the pad.

If the config pad_connector_crypto_id_names is set, webso retrieves the crypto id infos from the pad, which contain the name and crypto id and names of the keys. It then iterates over both lists and searches for a crypto id name which is in both lists.

If a matching crypto id name is found, the singing is started with the crypto id of the first matching key.

If no matching crypto id name is found and crypto_id_abort_message is defined, the process is aborted and the message shown.

If no matching crypto id name is found and crypto_id_abort_message is not set, the signing will be started without a crypto id and the default key of the pad is used.

for more information see Notary Key

...

the text to be shown if no suitable pad connector can be found

for more information see Notary Key

...

true or false, automatic connection to the signature pad is started when opening time limited viewers (no matter what signature type is defined). When you sign with pad, the document viewing mode will be used.

When true (and not signing with pad), the document is shown on the pad until there is another signature type used (For example: Document is shown on the pad, then you click on start signing and choose signature type HTML-Signer → the pad will go in standby mode).

Default is false.

...

Certificates, Seals and signing

Keys that contain "aws_kms" refer to Amazon Web Services (AWS) Key Management Service.

...

app_signature_certificate_private_key_filename

...

dshkskdhNSSKhjadsbndskKJHKHSAK \
DGHgdhjdsgJHDDSHJGdshdshdJDHDSJH \

...

the public key base64 encoded that is assigned new registered users. This key is used by the web signature office apps and HTML-Signer.

for more information see Notary Key

...

deprecated

a md5 hash of the public key

...

a sha1 hash of the certificate of the notary_public_key. It is configured in braga and used to check if the certificate configured in frigg coresponds to the hash.

for more information see Notary Key

...

deprecated

Public key for the RSA encryptor for encrypting biodata.

If not present, the notary_public_key is used.

for more information see Notary Key

...

deprecated

the url of the RSA encryptor used by the html signer, if no value is set the default RSA encryptor of the frigg module is taken

...

Multitenant

...

Additional server settings

keyexampledescriptionfriggbragaapi_deactivate_request_signaturetrue/false

If true, no X-SOSIGNATURE header is necessary.

Only for testing!

api_id_cache_expire_minutes15the decrypted ids are kept in a cache to improve performance. This defines the time till the value expires, default is 10 minutesXapi_id_cache_max_size5000the decrypted ids are kept in a cache to improve performance. This defines the maximum capacity, if reached values are removed, default 1000axis_request_timeout

deprecated

the braga request timeout in milliseconds (default 240000)

Xaxis_server_context/bragaThe folder inside which the braga app is deployed (default empty)Xaxis_server_ip192.168.5.56the IP or hostname of the braga serverXaxis_server_port8080the braga server port (default 8080)Xaxis_server_protocolhttpshttps or https, the protocol used for the braga server (default http)Xbraga_create_copytruecreates a copy of the PDF without biodata (if flag is true); default falseXbraga_render_dpi200the dpi with which pages are rendered (default is 200)Xcookie_nameSOSESSIONIDthe cookie name for the session cookieXcookie_path/the cookie pathXfile_upload_max_file_size20480the maximum upload size in bytesXfile_upload_urlhttps://host/fileUpload/fileUploadthe url for the file upload (via tyrservice)Xguest_user_document_availability60The time a document / envelope is available for a guest user (email guest user link). The timespan is the config setting + the signature_request due date. logging_debugtrueenables extended logging for debugging (default false)Xmax_message_size20480the max tyrservice message size (optional value)Xmemcached_port11211the memcached portXXmemcached_server192.168.5.57the ip or hostname of the memcached server if memcahe is usedXXmemcached_sessionstruetrue or false, the switch if memcached should be used for session managemeantXXorg_quartz_propertiesquartz.propertiesthe name of the quartz scheduler configuration file in the classpath (for the automated jobs)Xpdf_render_max_render_threads4the max number of render threadsXprocess_pool_timeout120000timeout for a process from the process pool in milliseconds (default 120000)X

render_strategy

AllPagesthe strategy used to render the pdf pages, possible values are OnlyPagesWithSignatures, AllPages, FirstTwoAndPagesWithSignatures. Default is FirstTwoAndPagesWithSignaturesXrequest_lifetime7200the request lifetime in seconds.Xrest_api_allowed_hostslocalhost,192.168.5.2,192.168.5.5the allowed hosts for the communication with the REST API (Cross-Origin-Requests)Xsession_sync60session sync interval in seconds (memcached)Xsession_timeout6000session timout in milleseconds (browser and tyrservice session)XXstorage_homeX:/data/the full path for storage of documents and certificates (BRAGA)Xstorage_modesoll rein? description korrekt? --->

storage mode of braga, possible values:

  • db: files are stored in database
  • dbWithFallback: files are stored in db. If entry is not present, filesystem will be used
  • file: files are stored in filesystem
XXtracking-headerx-idheaderthe name of the http header used for the additional tracking id logging. Default is x-trackingXtyrservice_debuggingtruetrue or false, enables an extended logging for tyrservice classes (if no value is set the default is false)Xtyrservice_publicfalsetrue or false, wether the public tyrservice services should be available, public services only use the adhoc code for authenticationX

url_handler_key

jdksleuwiojdksleuwio67on server startup a secure key is created for url encryption and stored in the db (recommended). This mechanism can be overridden with this static 32 character long string.Xwebso_events_urlhttps://www.testserver.com/CallbackServlet

WebSignatureOffice can be configured to call an URL on certain events. This functionality is activated by setting the URL to be called in the config.ini

Further configuration options are:

webso_events_filter:  a semicolon separated list of events that should be fired, if this option is not set, all events are fired. (e.g. STATUS_CHANGE;USER_FINISH)

webso_events_keys: a semicolon seperated list of HTTP-request property keys for the webso_event execution (e.g. user;pass) 

webso_events_values: a semicolon seperated list with corresponding values for the webso_event_keys (e.g. stepovercallback;strongPassword) event_keys and events_values must be in the same order

webso_events_retry: the time waited in milli seconds untill the event call is repeated. (e.g. 10)

For more information, please check: e) Callback-API
properties

database_connection_properties=sslMode=trust

database_connection_properties=sslMode=trust;someOtherProperty=false

These properties are used to enable SSL encryption for the connection. sslMode can be trust, verify-ca or verify-full.


Several connection properties can be added as a semicolon seperated list. These properties are appended to the JDBC URL, as shown below:

jdbc:mariadb://localhost:3306/frigg?sslMode=trust&someOtherProperty=false

https://mariadb.com/docs/server/connect/programming-languages/java/tls/

XX

database_host

192.168.5.57

the database host (IP or hostname)

X

X

database_jndi

java:comp/env/jdbc/FriggDb

the jndi database source

X

X

database_master

frigg_master

Name of the master database, which manages sequences and tenants in multitenant mode. Default: frigg_master

X

X

database_migrate

true/false

true or false. If true, flyway database management is activated

X


database_name

frigg

the database schema name

X

X

database_password

kjssdduiwe832//6?!

the database password

X

X

database_port

1521

the database port

X

X

database_service_name 

FRIGG

the database service name (for Oracle connection)

X

X

database_sid

xe

the database SID (for Oracle connection)

X

X

database_type

mysql

mysql or oracle, the database type (default mysql)

X

X

database_user

dbuser

the database user

X

X

db_pool_max_wait_millis

5000

specifies the maximum time in milliseconds that the connection pool should wait for a connection to be returned before throwing an exception. The default value is 5000.

X

X

db_pool_max_total

100

specifies the maximum number of connections that the database pool can have simultaneously open. The default is 100.

X

X

db_pool_max_idle

20

specifies the maximum number of idle database connections to be maintained in the pool at any given time. The default value is 20.

X

X

db_pool_min_idle

5

specifies the minimum number of idle connections that should be maintained in the connection pool. This property is used to ensure that a sufficient number of connections are available in the pool at all times. Default is 5.

X

X

db_pool_max_conn_lifetime_millis

600000

specifies the maximum lifetime of a database connection in the connection pool. Default is 60000.

X

X

deactivate_db_ping

true

true or false, deactivates validation check for the db connection (default false)

X

X

storage_db_init_directory





Email, SMS, postal Mail

For additional Email configuration see i) Email Configuration

SMS provider is www.massenversand.de . The sms are used for sending adhoc-viewer links and user verification.

The postal mail provider is www.oekopost.de . It is used for user verification.

key

example

description

frigg

braga

admin_email_notifier

somebody@host.com;someoneelse@host.com

a list of recipients who are informed when accounts are charged with help of the admin functions or when user bought credits

X


emailExcludedTypes

signature_request_finished

List of mailtypes which are excluded. See i) Email Configuration for details.

X


emailFrom

system@webSignatureOffice.com

the from mail header added to emails sent by the system

X


emailPort

25

the smtp port

X


emailHtmlOnly

true

Only send html mail (no text mail). Default is true.

X


emailRetries

5

how many times the mailer retries to sent an email

X


emailSendToRegisteredUsers

user_finised;signature_field_signed

Semicolon seperated list of mailtypes. If a mailtype is present in the list, the email will be send to all registered users of the signature request. If it is not present, the email will only be send to the signature request creator.

Possible mailtypes:

  • signature_field_signed

  • signature_field_rejected

  • user_finished

  • envelope_user_finished

Default: Only creator receives email.

X


emailSmtp

hostname.domain or "false"

the smtp server used to sent mails. If set to "false", sending mails will be deactivated entirely.

X


emailSmtpPassword

password

the smtp server password

X


emailSmtpUser

smtpuser

the login for the smtp server

X


emailTls

false

true or false, enable or disable TLS (encryption)

X


email_upcoming_due_period90the timespan in days the mailtypes signature_request_upcoming_due and signature_request_envelop_upcoming_due are sent before the due date exceeds.X

guest_email

guest@websignatureoffice.com

the email pattern for guest email addresses (default guest@websignatureoffice.com)

X


invoice_mail_recipients

somebody@host.com;someoneelse@host.com

a list of recipients who receive a copy of all invoices created by the system (for credit purchase)

X


mail_password

oekopostpassword

the password for the mail verification account (https://www.oekopost.de/developer/)

X


mail_user

oekopostuser

the user for the mail verification account (https://www.oekopost.de/developer/)

X


obfuscate_sms_token_numbertrue/false

If true, the phone number is obfuscated in. e.g. +49170XXXXX111

X

oekopost_test

true

If present, mail verification will be simulated by email.



smsPassword

smspassword

the sms account password (for the sms delivery feature) (www.massenversand.de)

X


sms_protection_intervalONCE

the interval a new sms token must be obtained to open a sms token protected document. Possible values:

  • ONCE: The sms token must only be obtained and entered one time to unlock the document
  • ALWAYS: A new sms token must be obtained and entered everytime the document is opened.
X

smsSender

stepover

the name displayed as sms sender (for the sms delivery feature)

X


smsUserId / authToken

4327634 / 1ED33261VI0I6659347456B

the sms account user id or authToken (for the sms delivery feature)

X


sms_token_characters


the characters used in a sms token. possible values:

  • numerical: just numbers

  • alphanumerical: capital letters and numbers

  • alphanumercical_casesensetive: Uppercase, lowercase letters and numbers.

X


sms_token_length


The length of the sms token when opening a sms protected document / envelope.

X


support_email

support@websignatureoffice.com

the email address for support notifications / inquiries. Contains a semicolon seperated list of email addresses.

X


userBrandingSupportMail

de

"de" or "us". The language of the support mail, which will be sent to the email addresses defined in support_email. Additionally a copy of the support mail will be sent to the user.

X


Credit and payment settings

key

example

description

frigg

braga

accounting_period

monthly

defines the interval of accounting periods. One of

  • false (no accounting periods)

  • daily

  • weekly

  • monthly

  • quarterly

  • yearly

X


cash_account_name

stepover_cash_account

the name of the cash account, matches db name column in accounting_account table (for credit handling)

X


credit_eur_value

0.85

the vlaue of one credit in EUR

X


credit_usd_value

0.95

the value of one credit in USD

X


credit_free

3

how many free credits are given initially (after registration)

X


credit_free_monthly

3

the amount of free credits per month

X


credit_signature_request

1

value how many credits one signature request costs ('0' for no credit charge)

X


credit_mail_identification

10

value how many credits a mail identification costs

X


credit_sms_identification

1

value how many credits a sms identification costs

X


has_license

false

true or false, usage for licence model (valid license file required)

X


paypal_client_id


paypal client id

X


paypal_url


The paypal api URL. Default "api-m.paypal.com/v1"

X


paypal_secret


paypal secret

X


App settings


key

example

description

frigg

braga

extra_password_prompt

0

activates an extra password prompt in the iSignatureOffice / aSignatureOffice app (authentication with fingerprint or face ID).

0 = deactivated, 1 = activated (default 0)
see also flag 'password_interval'

X


password_interval

ALWAYS

If extra_password_prompt is activated, you can use password_interval to specify how often the query should appear. Possible values: ALWAYS, DAILY

  • DAILY: Once a day

  • ALWAYS: Everytime when opening the app. If the user only switches to the already running app from, no prompt will be shown.

X


Viewer settings

The following settings customize the viewer.

key

example

description

frigg

braga

accept_terms_settings

true

true or false, if terms and conditions have to be accepted before signing as a guest / in standalone viewer

X


activate_stepover_footer

false

true or false, activates the footer in the standalone viewer with terms of use, imprint and data protection (StepOver information). Default is false

X


always_mobile_viewer_on_mobile_device

true

true or false, determines whether on mobile devices can be signed exclusively with the HTML Signer (no matter if 'desktop browser' is set or not)

X


api_id_mode

obfuscated

Defines how ID values like the document_id are displayed encrypted. 
Possible values are:
"obfuscated" = IDs are displayed encrypted (this is the config default value, if no other value is set)
"debug" = IDs are displayed encrypted and the corresponding (original) ID is appended at the beginning of the value



X


automatic_role_stop

false

Indicates whether the automatic role stop is executed or not. Automatic role stop means that after signing all fields of a signature group (<SignatureGroup> definition), the signature selection window for the next signature group is displayed again (if automatic_role_stop is true)

X


conditions_exception

selection_pad;selection_display

specifies if a download condition must be fullfilled for a given signature type. The download pop-up won't be shown, if the signature type matches the value. Possible values: selection_display, selection_pad, selection_capture

X


context_sign_mode

true

true or false. When active it's necessary to click in the signature field after clicking "sign now". 

Image Added

Default true.

X


custom_text_selection_window

Bitte vorab alle notwendigen Kundeninformationen übermitteln

If the value is set, it will be displayed in the signature type popup (under the selection options)

(formerly show_custom_text)

please note: This text is the same for every viewer language. It's only advisable to use, if only one language is used.

Image Added



deactivate_copy_error_info_buttontrue

deactivates the button to copy error information on the error page. Default "true" (deactivated). 

Image Added

Since the whole information is part of the error page URL, it's not necessary to show the button and the URL can be copied instead.

The button copies the error information from the error page url to the clipboard in json format. E.g.:

{
"errorCode": "404",
"fileType": "document",
"homeUrl": "https://www.example.com",
"failedApiUrl": "https://webso.stepover.de/api/v1/document/1",
"id": "1~54514dc90f947edac0f4898e3d8a6973191d4a7769a8ed63",
"timestamp": "1722333620058",
"errorPage": "https://webso.stepover.de/login/#/viewer/error/404...",
"handler": "",
"adhoc": "",
"userId": "1",
"referrerUrl": "https://webso.stepover.de/login/#/viewer?..."
}

X

deactivate_document_download

false

true or false, deactivates the download button on the viewer (for finished or failed requests) (default false)

X


deactivate_final_status_popup

true

true or false, deactivates the final status popup shown after all fields have been signed (default true)

Image Added

X


deactivate_geolocation

false

true or false, deactivates the geolocation query in the browser (default false)

X


deactivate_optional_fields_popup

false

true or false, deactivates the appearance of the optional fields popup after skipping the last optional field of a signature request which asks for ignoring the field (sign later) or finishing the request (only if there are no mandatory fields!) (default false)

if true also the "finish signature process" button (shown after signing all mandatory fields) is deactivated.

Image AddedImage Added

If it is set to true, also the "skip" button of the last optional field isn't shown.

Image Added

X


deactivate_reject_button

mandatory

"true", "false", "optional", "mandatory", defines when the "reject" button is active during signing. (default false)

true: reject button is never active

false: reject button is alsways active

mandatory: reject button is inactive for mandatory signature fields

optional: reject button is inactive for optionals signature fields

X


deactivate_reject_reason_popup

true

deactivates the overlay to enter a reason when declining a signature (default false): 

Image Added

true: reason popup is deactivated

false: reject button is alsways active

mandatory: reason popup is inactive for mandatory signature fields

optional: reason popup is inactive for optionals signature fields




X


deactivate_reject_reason_popup_reason

true

deactives the reason textfield in the reject reason popup. Only a warning will be shown. (see above)

true: reason textfield is deactivated

false: reason textfield is alsways active

mandatory: reason textfield is inactive for mandatory signature fields

optional: reason textfield is inactive for optionals signature fields

X


deactivate_remember_sign_type

true

deactivates the "remember sign type" checkbox of the signature type selection popup (default false)

X


deactivate_skip_button

true

true or false, if true, the "skip" button is not shown for (optional) signature fields (default false)

X


formfields_writable_for_others

false

true or false, allows other signers to edit formfields

X


html_signer_signature_field_width

10

defines the signature field width for signing with html-signer in cm, default is 14cm.

X


link_close_button

https://www.yourcompany.com/Close.html

URL redirect of the "close" button. If not present, the button redirects to the websignatureoffice Desktop page.

X


link_finished_button

https://www.yourcompany.com/ThankYou.html

URL redirect of the "finished" button. If not present, the button redirects to the websignatureoffice Desktop page.

X


link_error_page_home_button

https://www.yourcompany.com/Error.html

URL redirect of the "home" button on the error page. If not present, the button redirects to the websignatureoffice Desktop page.



process_encrypted_urls

false

deprecated

If the value is "true", the adhoc URL (option "SHOW LINK") is displayed encrypted (default false)

X


secondary_translations_url


URL pointing to a file to override the GUI and viewer translations. See Secondary Translations for details.

X


signature_field_pencil_cursor

true/false

If true, the mouse coursor is a pencil in html viewer signature fields.  Image Added

X


show_custom_text


deprecated

X


show_finish_pad_signature_button_in_browser

true

true or false, if set to "true", the "accept_signature"-button will be shown in the browser while signing with a signature-pad Image Added

Default true.


X


show_pages_preview

1

handles the page preview display in the document viewer (in apps and browser)
0 = deactivated, 1 = activated

X


show_selection_capture

true

activates/deactivates the "SMARTPHONE/TABLET" option of the signature type selection popup (default = true)

X


show_selection_display

true

activates/deactivates the "ON THIS DISPLAY" option of the signature type selection popup (default = true)

X


show_selection_link


deprecated



show_selection_pad

true

activates/deactivates the "SIGNATURE PAD" option of the signature type selection popup (default = true)

X


show_toc

1

handles the table of contents display in the document viewer (in apps and browser)
0 = deactivated, 1 = activated

X


viewer_sidebar_position

"left"

"left" or "right", defines if the viewer-sidebar (document preview and toc) is on the left or right site of the document. default "left"

X


Signature Pad

key

example

description

frigg

braga

activate_hash_dialog

true

true or false, activates the hash dialog during signing with StepOver Pads. The hash must be confirmed after every signature.

viewer:

Image Added

pad:

Image Added

X


padcon_multi_user

true/false

true or false: Activates the multi user support for citrix workstations. Default false

X


pad_connector_crypto_id_names

StepOver Bio 2048/4096;StepOver 2048/4096;StepOver cryptoIdv2

semicolon seperated list of allowed notary key names to use when signing with a pad.

The pad contains one or more keys for encrypting the bio data. The keys are identified by “crypto id names” and a “crypto id”, which are obtained from websignatureOffice via the pad connector (getDeviceDetails).

If the config pad_connector_crypto_id_names is not set, the signature will be encrypted with the standard key of the pad.

If the config pad_connector_crypto_id_names is set, webso retrieves the crypto id infos from the pad, which contain the name and crypto id and names of the keys. It then iterates over both lists and searches for a crypto id name which is in both lists.

If a matching crypto id name is found, the singing is started with the crypto id of the first matching key.

If no matching crypto id name is found and crypto_id_abort_message is defined, the process is aborted and the message shown.

If no matching crypto id name is found and crypto_id_abort_message is not set, the signing will be started without a crypto id and the default key of the pad is used.

for more information see Notary Key

X


pad_connector_crypto_id_abort_message

no suitable key found on the pad, sorry

the text to be shown if no suitable pad connector can be found

for more information see Notary Key

X


pad_connector_device_key_hashes


deprecated



pad_document_viewing

true

true or false, automatic connection to the signature pad is started when opening time limited viewers (no matter what signature type is defined). When you sign with pad, the document viewing mode will be used.

When true (and not signing with pad), the document is shown on the pad until there is another signature type used (For example: Document is shown on the pad, then you click on start signing and choose signature type HTML-Signer → the pad will go in standby mode).

Default is false.

X


signature_timeout_ms

3000

defines the timeout/pause in milliseconds before a pad signature is automatically completed (without pressing confirm button). Default: 3000

X


Certificates, Seals and signing

Keys that contain "aws_kms" refer to Amazon Web Services (AWS) Key Management Service.

key

example

description

frigg

braga

api_id_iv

ghksau981ghksau9

a secure random iv is created and stored in the db on server startup (recommended). This value is used for url data encryption. This mechanism can be overridden by setting a static 16 character long string. When used api_id_key also has to be set.

X


api_id_key

zeuwipahsjd6389a

a secure random key is created and stored in the db on server startup (recommended). This value is used for url data encryption. This mechanism can be overridden by setting a static 16 character long string. When used api_id_iv also has to be set.

X


app_signature_certificate_filename

d:\frigg\data\app_signature_public.der

the certificate path for the app signature with token authentication


X

app_signature_certificate_password

dsf433dreE&%

the certificate password for the app signature with token authentication


X

app_signature_certificate_private_key_filename

d:\frigg\data\app_signature_certificate.pfx

the certificate private key path for the app signature with token authentication


X

enduser_certificate_duration

36

the lifetime of user certificates in months


X

enduser_certificate_key_length

2048

the length of the create user certificates


X

external_certificate_provider

nebula

semicolon seperated list of external certificate providers. currently supported: nebula (nebulaSUITE)

X


guest_certificate_password

kkwJk34$ldP%

the guest certificate password (for non-registered webSignatureOffice user certificates)

X

X

intermediate_certificate_filename

/frigg/data/cert.pem

the full path to the intermediate certificate for user certificate creation


X

intermediate_certificate_password

sduiSUm7$%&hJ

the intermediate certificate password


X

intermediate_certificate_private_key_filename

/frigg/data/cert_private.pem

the full path to the internmediate certificate private key


X

nebula_exclude_authenticators

MAIL;SMS

semicolon seperated list of authentication methods. The listed methods won't be usable. Default: All methods allowed.

X


notaryInfo

\n======================( NotaryInfo )====================== \n \nSomebody 

the notary info added to a biometric signature

X


notary_public_key

dshkskdhNSSKhjadsbndskKJHKHSAK \
DGHgdhjdsgJHDDSHJGdshdshdJDHDSJH \

the public key base64 encoded that is assigned new registered users. This key is used by the web signature office apps and HTML-Signer.

for more information see Notary Key

X


notary_public_key_hash

dskhdksjhds89s8djdshkjhsd7987987dsdssd

deprecated

a md5 hash of the public key

X


notary_sha1_fingerprint

dgdfgdfgffffffffffffffffffffffffffffffff

a sha1 hash of the certificate of the notary_public_key. It is configured in braga and used to check if the certificate configured in frigg coresponds to the hash.

for more information see Notary Key


X

openssl_run_directory

c:/temp

the path to a folder in which openssl can run


X

rsa_encryptor_access_allow

https://somehost.stpover.de

if the rsa encryptor is accessed from a host that gets blocked because of cors, or access should be restricted, the Access-Control-Allow-Origin header can be set with this value, default is *.



rsa_encryptor_public_key


deprecated

Public key for the RSA encryptor for encrypting biodata.

If not present, the notary_public_key is used.

for more information see Notary Key


X

rsa_encryptor_url

https://host:8444/RsaEncryptor/encode

deprecated

the url of the RSA encryptor used by the html signer, if no value is set the default RSA encryptor of the frigg module is taken

X


tsaServer

http://somehost.de/tsa

The Timestamp Authority Server used to set the signing time, braga. If not set, no timestamp 



QES Qualified electronic signature

key

example

description

frigg

braga

deactivate_qestrue/falseIf true, all qes functionality is deactivatedX
qes_signius_api_pkcs12/path/to/file/cert.p12The file path of the signius pkcs12 used for api authenticationXX
qes_signius_api_pkcs12_passphrase
The signius pkcs12 passphraseXX
qes_signius_key_prefixmdksdfpokdsfA prefix used for qes authentication.XX
qes_signius_verification_credits20The amount of credits that a verification costs. Default 20X
qes_signius_signature_credits5The amount of credits that a verification costs. Default 5X
qes_signius_rest_api_hostprofessional.signius.euthe host of the signius rest api endpoint. Default professional.signius.euXX
qes_signius_debugtrue / falseflag to display signius harmony rest api debug information. Default false.XX











Multitenant

key

example

description

frigg

braga

multitenant


true / false: activates multitenant mode.

X

X

multitenant_admin_key


Administrator authorization for adding new tenants. This string has to be sent with the POST request to create a new tenant.

X


multitenant_host_ip


ip of the multitenant host

X


Additional server settings


key

example

description

frigg

braga

api_deactivate_request_signature

true/false

If true, no X-SOSIGNATURE header is necessary.

Only for testing!

X

X

api_id_cache_expire_minutes

15

the decrypted ids are kept in a cache to improve performance. This defines the time till the value expires, default is 10 minutes

X


api_id_cache_max_size

5000

the decrypted ids are kept in a cache to improve performance. This defines the maximum capacity, if reached values are removed, default 1000



axis_request_timeout


deprecated

the braga request timeout in milliseconds (default 240000)

X


axis_server_context

/braga

The folder inside which the braga app is deployed (default empty)

X


axis_server_ip

192.168.5.56

the IP or hostname of the braga server

X


axis_server_port

8080

the braga server port (default 8080)

X


axis_server_protocol

https

https or https, the protocol used for the braga server (default http)

X


braga_create_copy

true

creates a copy of the PDF without biodata (if flag is true); default false

X


braga_render_dpi

200

the dpi with which pages are rendered (default is 200)

X


cookie_name

SOSESSIONID

the cookie name for the session cookie

X


cookie_path

/

the cookie path

X


deactivate_registrationtrue/falseIf true, frontend registration is not possible. Default falseX
deactivate_passkeytrue/falseIf true, passkey functionality is deactivated. Default falseX

file_upload_max_file_size

20480

the maximum upload size in bytes

X


guest_user_document_availability

60

The time a document / envelope is available for a guest user (email guest user link). The timespan is the config setting + the signature_request due date. 



logging_debug

true

enables extended logging for debugging (default false)

X


memcached_port

11211

the memcached port

X

X

memcached_server

192.168.5.57

the ip or hostname of the memcached server if memcahe is used

X

X

memcached_sessions

true

true or false, the switch if memcached should be used for session managemeant

X

X

org_quartz_properties

quartz.properties

the name of the quartz scheduler configuration file in the classpath (for the automated jobs)

X


pdf_render_max_render_threads

4

the max number of render threads


X

process_pool_timeout

120000

timeout for a process from the process pool in milliseconds (default 120000)


X

render_strategy

AllPages

the strategy used to render the pdf pages, possible values are OnlyPagesWithSignatures, AllPages, FirstTwoAndPagesWithSignatures. Default is FirstTwoAndPagesWithSignatures

X


request_lifetime

7200

the request lifetime in seconds.

X


rest_api_allowed_hosts

localhost,192.168.5.2,192.168.5.5

the allowed hosts for the communication with the REST API (Cross-Origin-Requests)

X


session_sync

60

session sync interval in seconds (memcached)

X


session_timeout

6000

session timout in milleseconds (browser and tyrservice session)

X

X

storage_home

X:/data/

the full path for storage of documents and certificates (BRAGA)


X

storage_mode

soll rein? description korrekt? --->

storage mode of braga, possible values:

  • db: files are stored in database

  • dbWithFallback: files are stored in db. If entry is not present, filesystem will be used

  • file: files are stored in filesystem

X

X

tracking-header

x-idheader

the name of the http header used for the additional tracking id logging. Default is x-tracking

X


url_handler_key

jdksleuwiojdksleuwio67

on server startup a secure key is created for url encryption and stored in the db (recommended). This mechanism can be overridden with this static 32 character long string.

X


webso_events_url

https://www.testserver.com/CallbackServlet

WebSignatureOffice can be configured to call an URL on certain events. This functionality is activated by setting the URL to be called in the config.ini

Further configuration options are:

webso_events_filter:  a semicolon separated list of events that should be fired, if this option is not set, all events are fired. (e.g. STATUS_CHANGE;USER_FINISH)

webso_events_keys: a semicolon seperated list of HTTP-request property keys for the webso_event execution (e.g. user;pass) 

webso_events_values: a semicolon seperated list with corresponding values for the webso_event_keys (e.g. stepovercallback;strongPassword) event_keys and events_values must be in the same order

webso_events_retry: the time waited in milli seconds untill the event call is repeated. (e.g. 10)


For more information, please check: e) Callback-API

X


TyrService

key

example

description

frigg

braga

file_upload_url

https://host/fileUpload/fileUpload

the url for the file upload (via tyrservice) (deprecated)

(X)


max_message_size

20480

the max tyrservice message size (optional value)

X


tyrservice_debugging

true

true or false, enables an extended logging for tyrservice classes (if no value is set the default is false)

X


tyrservice_public

false

true or false, wether the public tyrservice services should be available, public services only use the adhoc code for authentication

X


tyrservice_with_qestrue/falseIf false, documents and envelopes with QES signatures for that user aren't returned using getSigningRequests. Default false.X
tyrservice_with_sms_token
If false, documents and envelopes with SmsToken Protection for that user aren't returned using getSigningRequestsX
tyrservice_envelopes_with_conditions
If false, envelopes with conditions won't be returned using getEnvelopeMetaListX

TyrService Cache

key

example

description

frigg

braga

tyrcache

true

activates the tyrservice cachee

X


tyrcache_port

default 1110

the port the listener listens on

X


tyrcache_host

host

the host the listener listens on, if not set, all hostnames

X


tyrcache_servers

host1:1110,host2:1110

a comma seperated list of servers to connect to

X


tyrcache_lifetime

default 300

the lifetime of a cache object in seconds

X


tyrcache_max_objects

default 10000

the maximum amount of objects stored in the cache before objects get evicted

X


tyrcache_encryption_key

default value hard coded, should be changed

the key used to encrypt the objects, 32 characters

X


for more information see l) TyrService Cache

...