Frigg and braga use a configuration file (config.ini) with which is loaded at startup.
Table of Contents |
---|
Format
Braga and Frigg both use a versatile configuration file based on the windows ini format. The config file contains the following sections:
[default]
[dev]
[stage]
[live]
Properties are mapped as strings: key=value. All values are first searched in the vm security properties.
The values in the default section are used as base values when no values are found in dev, stage or live. The stage and live sections are used according to the ip mappings contained in the default section:
stage_ips=192.168.4.55|192.168.5.55|192.168.5.56|192.168.5.57
live_ips=172.31.0.0/16|172.30.0.0/16
Dev is used when the IP does not match any stage or live server.
Ips are separted by | and ranges can be defined with /
A section (stage or live) for a specific IP can be defined as:
[stage:192.168.4.55]
The values here override the values in the respective section.
Loading
The config file resides in com.stepover.frigg.util, filename is config.ini. If a file named myconfig.ini is present this is taken instead (this can be used during development). A root config file can be set by setting a Java system property: so_config_ini pointing to a file per absolute path or url. A root config can also be placed somewhere on the classpath. The values in this root config override any values set in a config at com.stepover.frigg.util.
Audittrail
Audittrail configuration is only necessary for braga except for audit_active.Frigg and braga use a configuration file (config.ini) with which is loaded at startup.
Table of Contents |
---|
Format
Braga and Frigg both use a versatile configuration file based on the windows ini format. The config file contains the following sections:
[default]
[dev]
[stage]
[live]
Properties are mapped as strings: key=value. All values are first searched in the vm security properties.
The values in the default section are used as base values when no values are found in dev, stage or live. The stage and live sections are used according to the ip mappings contained in the default section:
stage_ips=192.168.4.55|192.168.5.55|192.168.5.56|192.168.5.57
live_ips=172.31.0.0/16|172.30.0.0/16
Dev is used when the IP does not match any stage or live server.
Ips are separted by | and ranges can be defined with /
A section (stage or live) for a specific IP can be defined as:
[stage:192.168.4.55]
The values here override the values in the respective section.
Loading
The config file resides in com.stepover.frigg.util, filename is config.ini. If a file named myconfig.ini is present this is taken instead (this can be used during development). A root config file can be set by setting a Java system property: so_config_ini pointing to a file per absolute path or url. A root config can also be placed somewhere on the classpath. The values in this root config override any values set in a config at com.stepover.frigg.util.
Audittrail
Audittrail configuration is only necessary for braga except for audit_active.
key | example | description | frigg | braga |
---|---|---|---|---|
audit_active | true | activates the audittrail feature, default false | X | |
audit_report_documentPageNumberField | 9 | Number of the text field of the template where the page number will be written | X | |
audit_report_documentTotalFieldsForTrails | 8 | Number of fields in the document template to show audit trails | X | |
audit_report_envelopePageNumberField | 15 | Number of the text field of the envelope template where the page number will be written | X | |
audit_report_envelopeTotalFieldsForTrails | 14 | Number of fields in the envelope overview template to show the audit trails | X | |
audit_report_name_of_signer | the webSignatureOffice system | The name of the signer of the audit report | X | |
audit_report_servername_to_show | webso | To show the name of the server which generated the audit report | X | |
audit_report_signature_image_file_path | /var/data/audit/auditReportSignatureImage.bmp | In the Audit report, there is an image for the signature, give the path of the signature file here | X | |
audit_report_signature_image_x_location | 420 | The X location of the 1st page of the report where you want to show the signature image | X | |
audit_report_signature_image_y_location | 750 | The Y location of the 1st page of the report where you want to show the signature image | X | |
audit_report_template_envelop_overview_de | /var/data/audit/StepOverInternational_envelope_overview_template_de.pdf | This template will be used to for envelope audit report's overview page for DE locale | X | |
audit_report_template_envelop_overview_en | /var/data/audit/StepOverInternational_envelope_overview_template_en.pdf | This template will be used to for envelope audit report's overview page for EN locale | X | |
audit_report_template_page_de | /var/data/audit/StepOverInternational_document_de.pdf | This template will be used to generate audit report in DE locale | X | |
audit_report_template_page_en | /var/data/audit/StepOverInternational_document_en.pdf | This template will be used to generate audit report in EN locale | X |
Adhoc-Viewer / Capture Function
When selecting "smartphone/tablet" (signature type 4) the adhoc-viewer is used, when the qr-code is scanned or the link in the sms or pop-up window is opened. Capture function (QR code scan)
key | example | description | frigg | braga |
---|---|---|---|---|
adhoc_html_signer_only | true | true or false, determines if adhoc viewer (QR code scanned) can be signed exclusively with the HTML Signer (default true) | X | |
adhoc_length | 10 | the character length of the adhoc code (default ist 10) | X | |
adhoc_lifetime_minutes | 15 | defines the validity period of the adhoc code or a generated QR Code (default is 5 minutes) | X | |
atmosphere_fallback_transport | streaming | defines the fallback transport type for the message transfer (message broker). | X | |
atmosphere_idle_time | 2 | maximum time in minutes that an atmosphere connection can be idle before it is closed (default 5) | X | |
atmosphere_servlet | the url for the atmosphere servlet used by the adhoc functionality | X | ||
atmosphere_suspend_time | 30 | maximum time that an atmosphere connection is kept alive (default 10) | X | |
atmosphere_transport | long-polling | defines the transport type for the message transfer (message broker). | X | |
jms_jndi_factory | atmosphereFactory | the jms broadcaster factory jndi name | X | |
jms_jndi_namespace | java:comp/env/jms/ | the namespace used for the jndi lookup of the jms components | X | |
jms_jndi_topic | the name of the topic created on the jms broadcaster for the adhoc code messaging | |||
jms_topic | atmosphere | the name of the topic created on the jms broadcaster for the adhoc code messaging | X | |
qr_code_host | localhost:3000 | host and port of the qrcode url | X | |
qr_code_servlet_path | /process | Path to the servlet of the QR-Code | ||
qr_code_path | /qrcodepath/ | path of the qrcode url | X | |
rabibtmq_port | 5672 | the port of the rabbitmq server (default 5672) | ||
rabbitmq_server | 192.168.4.55 | the IP or hostname of the rabbittmq server used by the adhoc functionality (message broker) | X |
URLs
The configured URLs are used to construct the links for emails or browser redirects
key | example | description | frigg | braga |
---|---|---|---|---|
acceptContactUrl | the url for accepting contact requests (Contact page) | X | ||
invitationUrl | the url for user registration and invitation | X | ||
loginUrl | the login url (used for redirecting) | X | ||
passwordResetUrl | the url for the password reset page | X | ||
process_url | https://host/frigg/process | The url for the process servlet which redirects to the timelimited viewer: TimeLimitedDocumentViewer, TimeLimitedEnvelopeViewer, AdhocDocumentViewer, AdhocEnvelopeViewer, AdhocCodeHandler (redirects adhoc-codes to the adhoc viewer) | X | |
signatureRequestUrl | Deprecated! Replaced by viewer_url and process_url; (the url for signature requests) | (X) | ||
verificationUrl | the url for the verification page | X | ||
viewer_url | https://host/frigg/app/viewer | The url of the viewer (document and envelope) | X |
Database
key | example | description | frigg | braga |
---|
database_connection_ |
audit_report_documentPageNumberField
audit_report_documentTotalFieldsForTrails
audit_report_envelopePageNumberField
audit_report_envelopeTotalFieldsForTrails
audit_report_name_of_signer
the webSignatureOffice system
audit_report_servername_to_show
webso
audit_report_signature_image_file_path
/var/data/audit/auditReportSignatureImage.bmp
audit_report_signature_image_x_location
420
audit_report_signature_image_y_location
audit_report_template_envelop_overview_de
/var/data/audit/StepOverInternational_envelope_overview_template_de.pdf
audit_report_template_envelop_overview_en
/var/data/audit/StepOverInternational_envelope_overview_template_en.pdf
audit_report_template_page_de
/var/data/audit/StepOverInternational_document_de.pdf
audit_report_template_page_en
/var/data/audit/StepOverInternational_document_en.pdf
Adhoc-Viewer / Capture Function
When selecting "smartphone/tablet" (signature type 4) the adhoc-viewer is used, when the qr-code is scanned or the link in the sms or pop-up window is opened. Capture function (QR code scan)
...
URLs
The configured URLs are used to construct the links for emails or browser redirects
...
Database
...
true/false
...
...
...
...
Email, SMS, postal Mail
For additional Email configuration see i) Mailer
SMS provider is www.massenversand.de . The sms are used for sending adhoc-viewer links and user verification.
The postal mail provider is www.oekopost.de . It is used for user verification.
...
Semicolon seperated list of mailtypes. If a mailtype is present in the list, the email will be send to all registered users of the signature request. If it is not present, the email will only be send to the signature request creator.
Possible mailtypes:
- signature_field_signed
- signature_field_rejected
- user_finished
- envelope_user_finished
Default: Only creator receives email.
...
...
the characters used in a sms token. possible values:
- numerical: just numbers
- alphanumerical: capital letters and numbers
- alphanumercical_casesensetive: Uppercase, lowercase letters and numbers.
...
Credit and payment settings
...
defines the interval of accounting periods. One of
- false (no accounting periods)
- daily
- weekly
- monthly
- quarterly
- yearly
...
has_license
...
App settings
...
extra_password_prompt
...
activates an extra password prompt in the iSignatureOffice / aSignatureOffice app (authentication with fingerprint or face ID).
0 = deactivated, 1 = activated (default 0)
see also flag 'password_interval'
...
Viewer settings
The following settings customize the viewer.
...
obfuscated
...
true
...
true or false. When active it's necessary to click in the signature field after clicking "sign now".
Default true.
...
If the value is set, it will be displayed in the signature type popup (under the selection options)
(formerly show_custom_text)
please note: This text is the same for every viewer language. It's only advisable to use, if only one language is used.
...
true or false, deactivates the final status popup shown after all fields have been signed (default true)
...
true or false, deactivates the appearance of the popup after skipping the last optional field of a signature request which asks for ignoring the field (sign later) or finishing the request (only if there are no mandatory fields!) (default false)
if true also the "finish signature process" button (shown after signing all mandatory fields) is deactivated.
If it is set to true, also the "skip" button of the last optional field isn't shown.
...
"true", "false", "optional", "mandatory", defines when the "reject" button is active during signing. (default false)
true: reject button is never active
false: reject button is alsways active
mandatory: reject button is inactive for mandatory signature fields
optional: reject button is inactive for optionals signature fields
...
deactivates the overlay to enter a reason when declining a signature (default false):
true: reason popup is deactivated
false: reject button is alsways active
mandatory: reason popup is inactive for mandatory signature fields
optional: reason popup is inactive for optionals signature fields
X
...
deactivate_reject_reason_popup_reason
...
deactives the reason textfield in the reject reason popup. Only a warning will be shown. (see above)
true: reason textfield is deactivated
false: reason textfield is alsways active
mandatory: reason textfield is inactive for mandatory signature fields
optional: reason textfield is inactive for optionals signature fields
...
deactivate_remember_sign_type
...
formfields_writable_for_others
...
false
...
deprecated
If the value is "true", the adhoc URL (option "SHOW LINK") is displayed encrypted (default false)
...
If true, the mouse coursor is a pencil in html viewer signature fields.
...
deprecated
...
true or false, if set to "true", the "accept_signature"-button will be shown in the browser while signing with a signature-pad
Default true.
...
show_selection_capture
...
show_selection_display
...
show_selection_pad
...
Signature Pad
...
true or false, activates the hash dialog during signing with StepOver Pads. The hash must be confirmed after every signature.
viewer:
pad:
...
semicolon seperated list of allowed notary key names to use when signing with a pad.
The pad contains one or more keys for encrypting the bio data. The keys are identified by “crypto id names” and a “crypto id”, which are obtained from websignatureOffice via the pad connector (getDeviceDetails).
If the config pad_connector_crypto_id_names is not set, the signature will be encrypted with the standard key of the pad.
If the config pad_connector_crypto_id_names is set, webso retrieves the crypto id infos from the pad, which contain the name and crypto id and names of the keys. It then iterates over both lists and searches for a crypto id name which is in both lists.
If a matching crypto id name is found, the singing is started with the crypto id of the first matching key.
If no matching crypto id name is found and crypto_id_abort_message is defined, the process is aborted and the message shown.
If no matching crypto id name is found and crypto_id_abort_message is not set, the signing will be started without a crypto id and the default key of the pad is used.
for more information see Notary Key
...
the text to be shown if no suitable pad connector can be found
for more information see Notary Key
...
true or false, automatic connection to the signature pad is started when opening time limited viewers (no matter what signature type is defined). When you sign with pad, the document viewing mode will be used.
When true (and not signing with pad), the document is shown on the pad until there is another signature type used (For example: Document is shown on the pad, then you click on start signing and choose signature type HTML-Signer → the pad will go in standby mode).
Default is false.
...
Certificates, Seals and signing
Keys that contain "aws_kms" refer to Amazon Web Services (AWS) Key Management Service.
...
app_signature_certificate_private_key_filename
...
dshkskdhNSSKhjadsbndskKJHKHSAK \
DGHgdhjdsgJHDDSHJGdshdshdJDHDSJH \
...
the public key base64 encoded that is assigned new registered users. This key is used by the web signature office apps and HTML-Signer.
for more information see Notary Key
...
deprecated
a md5 hash of the public key
...
a sha1 hash of the certificate of the notary_public_key. It is configured in braga and used to check if the certificate configured in frigg coresponds to the hash.
for more information see Notary Key
...
deprecated
Public key for the RSA encryptor for encrypting biodata.
If not present, the notary_public_key is used.
for more information see Notary Key
...
deprecated
the url of the RSA encryptor used by the html signer, if no value is set the default RSA encryptor of the frigg module is taken
...
Multitenant
...
Additional server settings
If true, no X-SOSIGNATURE header is necessary.
Only for testing!
deprecated
the braga request timeout in milliseconds (default 240000)
render_strategy
storage mode of braga, possible values:
- db: files are stored in database
- dbWithFallback: files are stored in db. If entry is not present, filesystem will be used
- file: files are stored in filesystem
url_handler_key
WebSignatureOffice can be configured to call an URL on certain events. This functionality is activated by setting the URL to be called in the config.ini
Further configuration options are:
webso_events_filter: a semicolon separated list of events that should be fired, if this option is not set, all events are fired. (e.g. STATUS_CHANGE;USER_FINISH)
webso_events_keys: a semicolon seperated list of HTTP-request property keys for the webso_event execution (e.g. user;pass)
webso_events_values: a semicolon seperated list with corresponding values for the webso_event_keys (e.g. stepovercallback;strongPassword) event_keys and events_values must be in the same order
webso_events_retry: the time waited in milli seconds untill the event call is repeated. (e.g. 10)
For more information, please check: e) Callback-APIproperties | database_connection_properties=sslMode=trust database_connection_properties=sslMode=trust;someOtherProperty=false | These properties are used to enable SSL encryption for the connection. sslMode can be trust, verify-ca or verify-full. Several connection properties can be added as a semicolon seperated list. These properties are appended to the JDBC URL, as shown below:
https://mariadb.com/docs/server/connect/programming-languages/java/tls/ | X | X |
database_host | 192.168.5.57 | the database host (IP or hostname) | X | X |
database_jndi | java:comp/env/jdbc/FriggDb | the jndi database source | X | X |
database_master | frigg_master | Name of the master database, which manages sequences and tenants in multitenant mode. Default: frigg_master | X | X |
database_migrate | true/false | true or false. If true, flyway database management is activated | X | |
database_name | frigg | the database schema name | X | X |
database_password | kjssdduiwe832//6?! | the database password | X | X |
database_port | 1521 | the database port | X | X |
database_service_name | FRIGG | the database service name (for Oracle connection) | X | X |
database_sid | xe | the database SID (for Oracle connection) | X | X |
database_type | mysql | mysql or oracle, the database type (default mysql) | X | X |
database_user | dbuser | the database user | X | X |
db_pool_max_wait_millis | 5000 | specifies the maximum time in milliseconds that the connection pool should wait for a connection to be returned before throwing an exception. The default value is 5000. | X | X |
db_pool_max_total | 100 | specifies the maximum number of connections that the database pool can have simultaneously open. The default is 100. | X | X |
db_pool_max_idle | 20 | specifies the maximum number of idle database connections to be maintained in the pool at any given time. The default value is 20. | X | X |
db_pool_min_idle | 5 | specifies the minimum number of idle connections that should be maintained in the connection pool. This property is used to ensure that a sufficient number of connections are available in the pool at all times. Default is 5. | X | X |
db_pool_max_conn_lifetime_millis | 600000 | specifies the maximum lifetime of a database connection in the connection pool. Default is 60000. | X | X |
deactivate_db_ping | true | true or false, deactivates validation check for the db connection (default false) | X | X |
storage_db_init_directory |
Email, SMS, postal Mail
For additional Email configuration see i) Email Configuration
SMS provider is www.massenversand.de . The sms are used for sending adhoc-viewer links and user verification.
The postal mail provider is www.oekopost.de . It is used for user verification.
key | example | description | frigg | braga |
---|---|---|---|---|
admin_email_notifier | somebody@host.com;someoneelse@host.com | a list of recipients who are informed when accounts are charged with help of the admin functions or when user bought credits | X | |
emailExcludedTypes | signature_request_finished | List of mailtypes which are excluded. See i) Email Configuration for details. | X | |
emailFrom | the from mail header added to emails sent by the system | X | ||
emailPort | 25 | the smtp port | X | |
emailHtmlOnly | true | Only send html mail (no text mail). Default is true. | X | |
emailRetries | 5 | how many times the mailer retries to sent an email | X | |
emailSendToRegisteredUsers | user_finised;signature_field_signed | Semicolon seperated list of mailtypes. If a mailtype is present in the list, the email will be send to all registered users of the signature request. If it is not present, the email will only be send to the signature request creator. Possible mailtypes:
Default: Only creator receives email. | X | |
emailSmtp | hostname.domain or "false" | the smtp server used to sent mails. If set to "false", sending mails will be deactivated entirely. | X | |
emailSmtpPassword | password | the smtp server password | X | |
emailSmtpUser | smtpuser | the login for the smtp server | X | |
emailTls | false | true or false, enable or disable TLS (encryption) | X | |
email_upcoming_due_period | 90 | the timespan in days the mailtypes signature_request_upcoming_due and signature_request_envelop_upcoming_due are sent before the due date exceeds. | X | |
guest_email | the email pattern for guest email addresses (default guest@websignatureoffice.com) | X | ||
invoice_mail_recipients | somebody@host.com;someoneelse@host.com | a list of recipients who receive a copy of all invoices created by the system (for credit purchase) | X | |
mail_password | oekopostpassword | the password for the mail verification account (https://www.oekopost.de/developer/) | X | |
mail_user | oekopostuser | the user for the mail verification account (https://www.oekopost.de/developer/) | X | |
obfuscate_sms_token_number | true/false | If true, the phone number is obfuscated in. e.g. +49170XXXXX111 | X | |
oekopost_test | true | If present, mail verification will be simulated by email. | ||
smsPassword | smspassword | the sms account password (for the sms delivery feature) (www.massenversand.de) | X | |
sms_protection_interval | ONCE | the interval a new sms token must be obtained to open a sms token protected document. Possible values:
| X | |
smsSender | stepover | the name displayed as sms sender (for the sms delivery feature) | X | |
smsUserId / authToken | 4327634 / 1ED33261VI0I6659347456B | the sms account user id or authToken (for the sms delivery feature) | X | |
sms_token_characters | the characters used in a sms token. possible values:
| X | ||
sms_token_length | The length of the sms token when opening a sms protected document / envelope. | X | ||
support_email | the email address for support notifications / inquiries. Contains a semicolon seperated list of email addresses. | X | ||
userBrandingSupportMail | de | "de" or "us". The language of the support mail, which will be sent to the email addresses defined in support_email. Additionally a copy of the support mail will be sent to the user. | X |
Credit and payment settings
key | example | description | frigg | braga |
---|---|---|---|---|
accounting_period | monthly | defines the interval of accounting periods. One of
| X | |
cash_account_name | stepover_cash_account | the name of the cash account, matches db name column in accounting_account table (for credit handling) | X | |
credit_eur_value | 0.85 | the vlaue of one credit in EUR | X | |
credit_usd_value | 0.95 | the value of one credit in USD | X | |
credit_free | 3 | how many free credits are given initially (after registration) | X | |
credit_free_monthly | 3 | the amount of free credits per month | X | |
credit_signature_request | 1 | value how many credits one signature request costs ('0' for no credit charge) | X | |
credit_mail_identification | 10 | value how many credits a mail identification costs | X | |
credit_sms_identification | 1 | value how many credits a sms identification costs | X | |
has_license | false | true or false, usage for licence model (valid license file required) | X | |
paypal_client_id | paypal client id | X | ||
paypal_url | The paypal api URL. Default "api-m.paypal.com/v1" | X | ||
paypal_secret | paypal secret | X |
App settings
key | example | description | frigg | braga |
---|---|---|---|---|
extra_password_prompt | 0 | activates an extra password prompt in the iSignatureOffice / aSignatureOffice app (authentication with fingerprint or face ID). 0 = deactivated, 1 = activated (default 0) | X | |
password_interval | ALWAYS | If extra_password_prompt is activated, you can use password_interval to specify how often the query should appear. Possible values: ALWAYS, DAILY
| X |
Viewer settings
The following settings customize the viewer.
key | example | description | frigg | braga |
---|---|---|---|---|
accept_terms_settings | true | true or false, if terms and conditions have to be accepted before signing as a guest / in standalone viewer | X | |
activate_stepover_footer | false | true or false, activates the footer in the standalone viewer with terms of use, imprint and data protection (StepOver information). Default is false | X | |
always_mobile_viewer_on_mobile_device | true | true or false, determines whether on mobile devices can be signed exclusively with the HTML Signer (no matter if 'desktop browser' is set or not) | X | |
api_id_mode | obfuscated | Defines how ID values like the document_id are displayed encrypted. |
| |
automatic_role_stop | false | Indicates whether the automatic role stop is executed or not. Automatic role stop means that after signing all fields of a signature group (<SignatureGroup> definition), the signature selection window for the next signature group is displayed again (if automatic_role_stop is true) | X | |
conditions_exception | selection_pad;selection_display | specifies if a download condition must be fullfilled for a given signature type. The download pop-up won't be shown, if the signature type matches the value. Possible values: selection_display, selection_pad, selection_capture | X | |
context_sign_mode | true | true or false. When active it's necessary to click in the signature field after clicking "sign now". Default true. | X | |
custom_text_selection_window | Bitte vorab alle notwendigen Kundeninformationen übermitteln | If the value is set, it will be displayed in the signature type popup (under the selection options) (formerly show_custom_text) please note: This text is the same for every viewer language. It's only advisable to use, if only one language is used. | ||
deactivate_copy_error_info_button | true | deactivates the button to copy error information on the error page. Default "true" (deactivated). Since the whole information is part of the error page URL, it's not necessary to show the button and the URL can be copied instead. The button copies the error information from the error page url to the clipboard in json format. E.g.: { | X | |
deactivate_document_download | false | true or false, deactivates the download button on the viewer (for finished or failed requests) (default false) | X | |
deactivate_final_status_popup | true | true or false, deactivates the final status popup shown after all fields have been signed (default true) | X | |
deactivate_geolocation | false | true or false, deactivates the geolocation query in the browser (default false) | X | |
deactivate_optional_fields_popup | false | true or false, deactivates the appearance of the optional fields popup after skipping the last optional field of a signature request which asks for ignoring the field (sign later) or finishing the request (only if there are no mandatory fields!) (default false) if true also the "finish signature process" button (shown after signing all mandatory fields) is deactivated. If it is set to true, also the "skip" button of the last optional field isn't shown. | X | |
deactivate_reject_button | mandatory | "true", "false", "optional", "mandatory", defines when the "reject" button is active during signing. (default false) true: reject button is never active false: reject button is alsways active mandatory: reject button is inactive for mandatory signature fields optional: reject button is inactive for optionals signature fields | X | |
deactivate_reject_reason_popup | true | deactivates the overlay to enter a reason when declining a signature (default false): true: reason popup is deactivated false: reject button is alsways active mandatory: reason popup is inactive for mandatory signature fields optional: reason popup is inactive for optionals signature fields | X | |
deactivate_reject_reason_popup_reason | true | deactives the reason textfield in the reject reason popup. Only a warning will be shown. (see above) true: reason textfield is deactivated false: reason textfield is alsways active mandatory: reason textfield is inactive for mandatory signature fields optional: reason textfield is inactive for optionals signature fields | X | |
deactivate_remember_sign_type | true | deactivates the "remember sign type" checkbox of the signature type selection popup (default false) | X | |
deactivate_skip_button | true | true or false, if true, the "skip" button is not shown for (optional) signature fields (default false) | X | |
formfields_writable_for_others | false | true or false, allows other signers to edit formfields | X | |
html_signer_signature_field_width | 10 | defines the signature field width for signing with html-signer in cm, default is 14cm. | X | |
link_close_button | https://www.yourcompany.com/Close.html | URL redirect of the "close" button. If not present, the button redirects to the websignatureoffice Desktop page. | X | |
link_finished_button | https://www.yourcompany.com/ThankYou.html | URL redirect of the "finished" button. If not present, the button redirects to the websignatureoffice Desktop page. | X | |
link_error_page_home_button | https://www.yourcompany.com/Error.html | URL redirect of the "home" button on the error page. If not present, the button redirects to the websignatureoffice Desktop page. | ||
|
| deprecated
| X | |
secondary_translations_url | URL pointing to a file to override the GUI and viewer translations. See Secondary Translations for details. | X | ||
signature_field_pencil_cursor | true/false | If true, the mouse coursor is a pencil in html viewer signature fields. | X | |
| deprecated | X | ||
show_finish_pad_signature_button_in_browser | true | true or false, if set to "true", the "accept_signature"-button will be shown in the browser while signing with a signature-pad Default true. |
| |
show_pages_preview | 1 | handles the page preview display in the document viewer (in apps and browser) | X | |
show_selection_capture | true | activates/deactivates the "SMARTPHONE/TABLET" option of the signature type selection popup (default = true) | X | |
show_selection_display | true | activates/deactivates the "ON THIS DISPLAY" option of the signature type selection popup (default = true) | X | |
show_selection_link | deprecated | |||
|
| activates/deactivates the "SIGNATURE PAD" option of the signature type selection popup (default = true) | X | |
show_toc | 1 | handles the table of contents display in the document viewer (in apps and browser) | X | |
viewer_sidebar_position | "left" | "left" or "right", defines if the viewer-sidebar (document preview and toc) is on the left or right site of the document. default "left" | X |
Signature Pad
key | example | description | frigg | braga |
---|---|---|---|---|
activate_hash_dialog | true | true or false, activates the hash dialog during signing with StepOver Pads. The hash must be confirmed after every signature. viewer: pad: | X | |
padcon_multi_user | true/false | true or false: Activates the multi user support for citrix workstations. Default false | X | |
pad_connector_crypto_id_names | StepOver Bio 2048/4096;StepOver 2048/4096;StepOver cryptoIdv2 | semicolon seperated list of allowed notary key names to use when signing with a pad. The pad contains one or more keys for encrypting the bio data. The keys are identified by “crypto id names” and a “crypto id”, which are obtained from websignatureOffice via the pad connector (getDeviceDetails). If the config pad_connector_crypto_id_names is not set, the signature will be encrypted with the standard key of the pad. If the config pad_connector_crypto_id_names is set, webso retrieves the crypto id infos from the pad, which contain the name and crypto id and names of the keys. It then iterates over both lists and searches for a crypto id name which is in both lists. If a matching crypto id name is found, the singing is started with the crypto id of the first matching key. If no matching crypto id name is found and crypto_id_abort_message is defined, the process is aborted and the message shown. If no matching crypto id name is found and crypto_id_abort_message is not set, the signing will be started without a crypto id and the default key of the pad is used. for more information see Notary Key | X | |
pad_connector_crypto_id_abort_message | no suitable key found on the pad, sorry | the text to be shown if no suitable pad connector can be found for more information see Notary Key | X | |
| deprecated | |||
pad_document_viewing | true | true or false, automatic connection to the signature pad is started when opening time limited viewers (no matter what signature type is defined). When you sign with pad, the document viewing mode will be used. When true (and not signing with pad), the document is shown on the pad until there is another signature type used (For example: Document is shown on the pad, then you click on start signing and choose signature type HTML-Signer → the pad will go in standby mode). Default is false. | X | |
signature_timeout_ms | 3000 | defines the timeout/pause in milliseconds before a pad signature is automatically completed (without pressing confirm button). Default: 3000 | X |
Certificates, Seals and signing
Keys that contain "aws_kms" refer to Amazon Web Services (AWS) Key Management Service.
key | example | description | frigg | braga |
---|---|---|---|---|
api_id_iv | ghksau981ghksau9 | a secure random iv is created and stored in the db on server startup (recommended). This value is used for url data encryption. This mechanism can be overridden by setting a static 16 character long string. When used api_id_key also has to be set. | X | |
api_id_key | zeuwipahsjd6389a | a secure random key is created and stored in the db on server startup (recommended). This value is used for url data encryption. This mechanism can be overridden by setting a static 16 character long string. When used api_id_iv also has to be set. | X | |
app_signature_certificate_filename | d:\frigg\data\app_signature_public.der | the certificate path for the app signature with token authentication | X | |
app_signature_certificate_password | dsf433dreE&% | the certificate password for the app signature with token authentication | X | |
app_signature_certificate_private_key_filename | d:\frigg\data\app_signature_certificate.pfx | the certificate private key path for the app signature with token authentication | X | |
enduser_certificate_duration | 36 | the lifetime of user certificates in months | X | |
enduser_certificate_key_length | 2048 | the length of the create user certificates | X | |
external_certificate_provider | nebula | semicolon seperated list of external certificate providers. currently supported: nebula (nebulaSUITE) | X | |
guest_certificate_password | kkwJk34$ldP% | the guest certificate password (for non-registered webSignatureOffice user certificates) | X | X |
intermediate_certificate_filename | /frigg/data/cert.pem | the full path to the intermediate certificate for user certificate creation | X | |
intermediate_certificate_password | sduiSUm7$%&hJ | the intermediate certificate password | X | |
intermediate_certificate_private_key_filename | /frigg/data/cert_private.pem | the full path to the internmediate certificate private key | X | |
nebula_exclude_authenticators | MAIL;SMS | semicolon seperated list of authentication methods. The listed methods won't be usable. Default: All methods allowed. | X | |
notaryInfo | \n======================( NotaryInfo )====================== \n \nSomebody | the notary info added to a biometric signature | X | |
notary_public_key | dshkskdhNSSKhjadsbndskKJHKHSAK \ | the public key base64 encoded that is assigned new registered users. This key is used by the web signature office apps and HTML-Signer. for more information see Notary Key | X | |
|
| deprecated
| X | |
notary_sha1_fingerprint | dgdfgdfgffffffffffffffffffffffffffffffff | a sha1 hash of the certificate of the notary_public_key. It is configured in braga and used to check if the certificate configured in frigg coresponds to the hash. for more information see Notary Key | X | |
openssl_run_directory | c:/temp | the path to a folder in which openssl can run | X | |
rsa_encryptor_access_allow | if the rsa encryptor is accessed from a host that gets blocked because of cors, or access should be restricted, the | |||
| deprecated
for more information see Notary Key | X | ||
| deprecated
| X | ||
tsaServer | The Timestamp Authority Server used to set the signing time, braga. If not set, no timestamp |
QES Qualified electronic signature
key | example | description | frigg | braga |
---|---|---|---|---|
deactivate_qes | true/false | If true, all qes functionality is deactivated | X | |
qes_signius_api_pkcs12 | /path/to/file/cert.p12 | The file path of the signius pkcs12 used for api authentication | X | X |
qes_signius_api_pkcs12_passphrase | The signius pkcs12 passphrase | X | X | |
qes_signius_key_prefix | mdksdfpokdsf | A prefix used for qes authentication. | X | X |
qes_signius_verification_credits | 20 | The amount of credits that a verification costs. Default 20 | X | |
qes_signius_signature_credits | 5 | The amount of credits that a verification costs. Default 5 | X | |
qes_signius_rest_api_host | professional.signius.eu | the host of the signius rest api endpoint. Default professional.signius.eu | X | X |
qes_signius_debug | true / false | flag to display signius harmony rest api debug information. Default false. | X | X |
Multitenant
key | example | description | frigg | braga |
---|---|---|---|---|
multitenant | true / false: activates multitenant mode. | X | X | |
multitenant_admin_key | Administrator authorization for adding new tenants. This string has to be sent with the POST request to create a new tenant. | X | ||
multitenant_host_ip | ip of the multitenant host | X |
Additional server settings
key | example | description | frigg | braga |
---|---|---|---|---|
api_deactivate_request_signature | true/false | If true, no X-SOSIGNATURE header is necessary. Only for testing! | X | X |
api_id_cache_expire_minutes | 15 | the decrypted ids are kept in a cache to improve performance. This defines the time till the value expires, default is 10 minutes | X | |
api_id_cache_max_size | 5000 | the decrypted ids are kept in a cache to improve performance. This defines the maximum capacity, if reached values are removed, default 1000 | ||
| deprecated
| X | ||
axis_server_context | /braga | The folder inside which the braga app is deployed (default empty) | X | |
axis_server_ip | 192.168.5.56 | the IP or hostname of the braga server | X | |
axis_server_port | 8080 | the braga server port (default 8080) | X | |
axis_server_protocol | https | https or https, the protocol used for the braga server (default http) | X | |
braga_create_copy | true | creates a copy of the PDF without biodata (if flag is true); default false | X | |
braga_render_dpi | 200 | the dpi with which pages are rendered (default is 200) | X | |
cookie_name | SOSESSIONID | the cookie name for the session cookie | X | |
cookie_path | / | the cookie path | X | |
deactivate_registration | true/false | If true, frontend registration is not possible. Default false | X | |
deactivate_passkey | true/false | If true, passkey functionality is deactivated. Default false | X | |
file_upload_max_file_size | 20480 | the maximum upload size in bytes | X | |
guest_user_document_availability | 60 | The time a document / envelope is available for a guest user (email guest user link). The timespan is the config setting + the signature_request due date. | ||
logging_debug | true | enables extended logging for debugging (default false) | X | |
memcached_port | 11211 | the memcached port | X | X |
memcached_server | 192.168.5.57 | the ip or hostname of the memcached server if memcahe is used | X | X |
memcached_sessions | true | true or false, the switch if memcached should be used for session managemeant | X | X |
org_quartz_properties | quartz.properties | the name of the quartz scheduler configuration file in the classpath (for the automated jobs) | X | |
pdf_render_max_render_threads | 4 | the max number of render threads | X | |
process_pool_timeout | 120000 | timeout for a process from the process pool in milliseconds (default 120000) | X | |
render_strategy | AllPages | the strategy used to render the pdf pages, possible values are OnlyPagesWithSignatures, AllPages, FirstTwoAndPagesWithSignatures. Default is FirstTwoAndPagesWithSignatures | X | |
request_lifetime | 7200 | the request lifetime in seconds. | X | |
rest_api_allowed_hosts | localhost,192.168.5.2,192.168.5.5 | the allowed hosts for the communication with the REST API (Cross-Origin-Requests) | X | |
session_sync | 60 | session sync interval in seconds (memcached) | X | |
session_timeout | 6000 | session timout in milleseconds (browser and tyrservice session) | X | X |
storage_home | X:/data/ | the full path for storage of documents and certificates (BRAGA) | X | |
storage_mode | soll rein? description korrekt? ---> | storage mode of braga, possible values:
| X | X |
tracking-header | x-idheader | the name of the http header used for the additional tracking id logging. Default is x-tracking | X | |
url_handler_key | jdksleuwiojdksleuwio67 | on server startup a secure key is created for url encryption and stored in the db (recommended). This mechanism can be overridden with this static 32 character long string. | X | |
webso_events_url | WebSignatureOffice can be configured to call an URL on certain events. This functionality is activated by setting the URL to be called in the config.ini Further configuration options are: webso_events_filter: a semicolon separated list of events that should be fired, if this option is not set, all events are fired. (e.g. STATUS_CHANGE;USER_FINISH) webso_events_keys: a semicolon seperated list of HTTP-request property keys for the webso_event execution (e.g. user;pass) webso_events_values: a semicolon seperated list with corresponding values for the webso_event_keys (e.g. stepovercallback;strongPassword) event_keys and events_values must be in the same order webso_events_retry: the time waited in milli seconds untill the event call is repeated. (e.g. 10)
| X |
TyrService
key | example | description | frigg | braga |
---|---|---|---|---|
file_upload_url | the url for the file upload (via tyrservice) (deprecated) | (X) | ||
max_message_size | 20480 | the max tyrservice message size (optional value) | X | |
tyrservice_debugging | true | true or false, enables an extended logging for tyrservice classes (if no value is set the default is false) | X | |
tyrservice_public | false | true or false, wether the public tyrservice services should be available, public services only use the adhoc code for authentication | X | |
tyrservice_with_qes | true/false | If false, documents and envelopes with QES signatures for that user aren't returned using getSigningRequests. Default false. | X | |
tyrservice_with_sms_token | If false, documents and envelopes with SmsToken Protection for that user aren't returned using getSigningRequests | X | ||
tyrservice_envelopes_with_conditions | If false, envelopes with conditions won't be returned using getEnvelopeMetaList | X |
TyrService Cache
key | example | description | frigg | braga |
---|---|---|---|---|
tyrcache | true | activates the tyrservice cachee | X | |
tyrcache_port | default 1110 | the port the listener listens on | X | |
tyrcache_host | host | the host the listener listens on, if not set, all hostnames | X | |
tyrcache_servers | host1:1110,host2:1110 | a comma seperated list of servers to connect to | X | |
tyrcache_lifetime | default 300 | the lifetime of a cache object in seconds | X | |
tyrcache_max_objects | default 10000 | the maximum amount of objects stored in the cache before objects get evicted | X | |
tyrcache_encryption_key | default value hard coded, should be changed | the key used to encrypt the objects, 32 characters | X |
for more information see l) TyrService Cache
...