Format
Braga and Frigg both use a versatile configuration file based on the windows ini format. The config file contains the following sections:
[default]
[dev]
[stage]
[live]
Properties are mapped as strings: key=value. All values are first searched in the vm security properties.
The values in the default section are used as base values when no values are found in dev, stage or live. The stage and live sections are used according to the ip mappings contained in the default section:
stage_ips=192.168.4.55|192.168.5.55|192.168.5.56|192.168.5.57
live_ips=172.31.0.0/16|172.30.0.0/16
Dev is used when the IP does not match any stage or live server.
Ips are separted by | and ranges can be defined with /
A section (stage or live) for a specific IP can be defined as:
[stage:192.168.4.55]
The values here override the values in the respective section.
Loading
The config file resides in com.stepover.frigg.util, filename is config.ini. If a file named myconfig.ini is present this is taken instead (this can be used during development). A root config file can be set by setting a Java system property: so_config_ini pointing to a file per absolute path or url. A root config can also be placed somewhere on the classpath. The values in this root config override any values set in a config at com.stepover.frigg.util.
Key/Values
| key | example | description | frigg | braga |
|---|---|---|---|---|
| acceptContactUrl | https://host/frigg/login/#/contacts | the url for accepting contact requests (Contact page) | X | |
| accept_terms_settings | true | true or false, if terms and conditions have to be accepted before signing as a guest / in standalone viewer | X | |
| activate_hash_dialog | true | true or false, activates the hash dialog during signing with StepOver Pads | X | |
| activate_stepover_footer | false | true or false, activates the footer in the standalone viewer with terms of use, imprint and data protection (StepOver information). Default is false | X | |
| adhoc_html_signer_only | true | true or false, determines if adhoc viewer (QR code scanned) can be signed exclusively with the HTML Signer (default true) | X | |
| adhoc_length | 10 | the character length of the adhoc code (default ist 10) | X | |
| adhoc_lifetime_minutes | 15 | defines the validity period of the adhoc code or a generated QR Code (default is 5 minutes) | X | |
| admin_email_notifier | somebody@host.com;someoneelse@host.com | a list of recipients who are informed when accounts are charged with help of the admin functions or when user bought credits | X | |
| always_mobile_viewer_on_mobile_device | true | true or false, determines whether on mobile devices can be signed exclusively with the HTML Signer (no matter if 'desktop browser' is set or not) | X | |
| api_id_mode | obfuscated | Defines how ID values like the document_id are displayed encrypted. Possible values are: "obfuscated" = IDs are displayed encrypted (this is the config default value, if no other value is set) "debug" = IDs are displayed encrypted and the corresponding (original) ID is appended at the beginning of the value | X | |
| app_signature_certificate_filename | d:\frigg\data\app_signature_public.der | the certificate path for the app signature with token authentication | X | |
| app_signature_certificate_password | dsf433dreE&% | the certificate password for the app signature with token authentication | X | |
app_signature_certificate_private_key_filename | d:\frigg\data\app_signature_certificate.pfx | the certificate private key path for the app signature with token authentication | X | |
| atmosphere_fallback_transport | streaming | defines the fallback transport type for the message transfer (message broker). Valid types are "polling", "long-polling", "streaming", "jsonp", "sse" and "websocket". Default type is streaming, specification in config.ini without quotes | X | |
| atmosphere_idle_time | 2 | maximum time in minutes that an atmosphere connection can be idle before it is closed (default 5) | X | |
| atmosphere_servlet | https://127.0.0.1:8443/atmosphereServlet | the url for the atmosphere servlet used by the adhoc functionality | X | |
| atmosphere_suspend_time | 30 | maximum time that an atmosphere connection is kept alive (default 10) | X | |
| atmosphere_transport | long-polling | defines the transport type for the message transfer (message broker). Valid types are "polling", "long-polling", "streaming", "jsonp", "sse" and "websocket". Default type is long-polling, specification in config.ini without quotes | X | |
| audit_active | true | activates the audittrail feature, default false | X | |
audit_report_documentPageNumberField | 9 | Number of the text field of the template where the page number will be written | X | |
audit_report_documentTotalFieldsForTrails | 8 | Number of fields in the document template to show audit trails | X | |
audit_report_envelopePageNumberField | 15 | Number of the text field of the envelope template where the page number will be written | X | |
audit_report_envelopeTotalFieldsForTrails | 14 | Number of fields in the envelope overview template to show the audit trails | X | |
audit_report_name_of_signer | the webSignatureOffice system | The name of the signer of the audit report | X | |
audit_report_servername_to_show | webso | To show the name of the server which generated the audit report | X | |
audit_report_signature_image_file_path | /var/data/audit/auditReportSignatureImage.bmp | In the Audit report, there is an image for the signature, give the path of the signature file here | X | |
audit_report_signature_image_x_location | 420 | The X location of the 1st page of the report where you want to show the signature image | X | |
audit_report_signature_image_y_location | 750 | The Y location of the 1st page of the report where you want to show the signature image | X | |
audit_report_template_envelop_overview_de | /var/data/audit/StepOverInternational_envelope_overview_template_de.pdf | This template will be used to for envelope audit report's overview page for DE locale | X | |
audit_report_template_envelop_overview_en | /var/data/audit/StepOverInternational_envelope_overview_template_en.pdf | This template will be used to for envelope audit report's overview page for EN locale | X | |
audit_report_template_page_de | /var/data/audit/StepOverInternational_document_de.pdf | This template will be used to generate audit report in DE locale | X | |
audit_report_template_page_en | /var/data/audit/StepOverInternational_document_en.pdf | This template will be used to generate audit report in EN locale | X | |
| automatic_role_stop | false | Indicates whether the automatic role stop is executed or not. Automatic role stop means that after signing all fields of a signature group (<SignatureGroup> definition), the signature selection window for the next signature group is displayed again (if automatic_role_stop is true) | X | |
| aws_kms_access_key | ||||
| aws_kms_secret_key | ||||
| aws_kms_region | ||||
| aws_kms_key_id | ||||
| axis_request_timeout | 240000 | the braga request timeout in milliseconds (default 240000) | X | |
| axis_server_context | /braga | The folder inside which the braga app is deployed (default empty) | X | |
| axis_server_ip | 192.168.5.56 | the IP or hostname of the braga server | X | |
| axis_server_port | 8080 | the braga server port (default 8080) | X | |
| axis_server_protocol | https | https or https, the protocol used for the braga server (default http) | X | |
| braga_create_copy | true | creates a copy of the PDF without biodata (if flag is true); default false | X | |
| braga_render_dpi | 200 | the dpi with which pages are rendered (default is 200) | X | X |
| ca_cert_filename | X | |||
| ca_aws_kms_access_key | X | |||
| ca_aws_kms_secret_key | X | |||
| ca_aws_kms_region | X | |||
| ca_aws_kms_key_id | X | |||
| cash_account_name | stepover_cash_account | the name of the cash account, matches db name column in accounting_account table (for credit handling) | X | |
| conditions_exception | selection_pad;selection_display | specifies if a download condition must be fullfilled for a given signature type. The download pop-up won't be shown, if the signature type matches the value. Possible values: selection_display, selection_pad, selection_capture | X | |
| context_sign_mode | true | true or false, shows an overview of the context in combination with signing with HTML-signer | X | |
| cookie_name | SOSESSIONID | the cookie name for the session cookie | X | |
| cookie_path | / | the cookie path | X | |
| credit_eur_value | 0.85 | the vlaue of one credit in EUR | X | |
| credit_usd_value | 0.95 | the value of one credit in USD | X | |
| credit_free | 3 | how many free credits are given initially (after registration) | X | |
| credit_free_monthly | 3 | the amount of free credits per month | X | |
| credit_signature_request | 1 | value how many credits one signature request costs ('0' for no credit charge) | X | |
| credit_mail_identification | 10 | value how many credits a mail identification costs | X | |
| credit_sms_identification | 1 | value how many credits a sms identification costs | X | |
| database_host | 192.168.5.57 | the database host (IP or hostname) | X | X |
| database_jndi | java:comp/env/jdbc/FriggDb | the jndi database source | X | X |
| database_name | frigg | the database schema name | X | X |
| database_password | kjssdduiwe832//6?! | the database password | X | X |
database_port | 1521 | the database port | X | X |
database_service_name | FRIGG | the database service name (for Oracle connection) | X | X |
database_sid | xe | the database SID (for Oracle connection) | X | X |
| database_type | mysql | mysql or oracle, the database type (default mysql) | X | X |
| database_user | dbuser | the database user | X | X |
| deactivate_db_ping | true | true or false, deactivates validation check for the db connection (default false) | X | X |
| deactivate_document_download | false | true or false, deactivates the download button on the viewer (for finished or failed requests) (default false) | X | |
| deactivate_final_status_popup | true | true or false, deactivates the final status popup shown after all fields have been signed (default true)
| X | |
| deactivate_geolocation | false | true or false, deactivates the geolocation query in the browser (default false) | X | |
| deactivate_optional_fields_popup | false | true or false, deactivates the appearance of the popup after skipping the last optional field of a signature request which asks for ignoring the field (sign later) or finishing the request (only if there are no mandatory fields!) (default false) if true also the "finish signature process" button (shown after signing all mandatory fields) is deactivated.
If it is set to true, also the "skip" button of the last optional field isn't shown.
| X | |
| deactivate_reject_button | mandatory | "true", "false", "optional", "mandatory", defines when the "reject" button is active during signing. (default false) true: reject button is never active false: reject button is alsways active mandatory: reject button is inactive for mandatory signature fields optional: reject button is inactive for optionals signature fields | X | |
| deactivate_reject_reason_popup | true | true or false, deactivates the overlay to enter a reason when declining a signature (default false):
| X | |
deactivate_remember_sign_type | true | deactivates the "remember sign type" checkbox of the signature type selection popup (default false) | X | |
| deactivate_skip_button | true | true or false, if true, the "skip" button is not shown for (optional) signature fields (default false) | X | |
| emailFrom | system@webSignatureOffice.com | the from mail header added to emails sent by the system | X | |
| emailPort | 25 | the smtp port | X | |
| emailRetries | 5 | how many times the mailer retries to sent an email | X | |
| emailSmtp | hostname.domain or "false" | the smtp server used to sent mails. If set to "false", sending mails will be deactivated entirely. | X | |
| emailSmtpPassword | password | the smtp server password | X | |
| emailSmtpUser | smtpuser | the login for the smtp server | X | |
| emailTls | false | true or false, enable or disable TLS (encryption) | X | |
| enduser_certificate_duration | 36 | the lifetime of user certificates in months | X | |
| enduser_certificate_key_length | 2048 | the length of the create user certificates | X | |
| external_certificate_provider | nebula | comma seperated list of external certificate providers. currently supported: nebula (nebulaSUITE) | X | |
extra_password_prompt | true | true or false, activates an extra password prompt in the iSignatureOffice / aSignatureOffice app (authentication with fingerprint or face ID). (default false) see also flag 'password_interval' | X | |
| file_upload_max_file_size | 20480 | the maximum upload size in bytes | X | |
| file_upload_url | https://host/fileUpload/fileUpload | the url for the file upload (via tyrservice) | X | |
formfields_writable_for_others | false | true or false, allows other signers to edit formfields | X | |
| guest_certificate_password | kkwJk34$ldP% | the guest certificate password (for non-registered webSignatureOffice user certificates) | X | X |
guest_email | guest@websignatureoffice.com | the email pattern for guest email addresses (default guest@websignatureoffice.com) | X | |
has_license | false | true or false, usage for licence model (valid license file required) | X | |
| html_signer_signature_field_width | 10 | defines the signature field width for signing with html-signer in cm, default is 14cm. | X | |
| intermediate_certificate_filename | /frigg/data/cert.pem | the full path to the intermediate certificate for user certificate creation | X | |
| intermediate_certificate_password | sduiSUm7$%&hJ | the intermediate certificate password | X | |
| intermediate_certificate_private_key_filename | /frigg/data/cert_private.pem | the full path to the internmediate certificate private key | X | |
| invitationUrl | https://host/frigg/Registration.html | the url for user registration and invitation | X | |
| invoice_mail_recipients | somebody@host.com;someoneelse@host.com | a list of recipients who receive a copy of all invoices created by the system (for credit purchase) | X | |
| jms_jndi_factory | atmosphereFactory | the jms broadcaster factory jndi name | X | |
| jms_jndi_namespace | java:comp/env/jms/ | the namespace used for the jndi lookup of the jms components | X | |
| jms_topic | atmosphere | the name of the topic created on the jms broadcaster for the adhoc code messaging | X | |
| logging_debug | true | enables extended logging for debugging (default false) | X | |
| loginUrl | "https://www.websignatureoffice.com/Login.html" | the login url (used for redirecting) | X | |
| mail_password | oekopostpassword | the password for the mail verification account (seperate provider) | X | |
| mail_user | oekopostuser | the user for the mail verification account (seperate provider) | X | |
| max_message_size | 20480 | the max tyrservice message size (optional value) | X | |
| memcached_port | 11211 | the memcached port | X | X |
| memcached_server | 192.168.5.57 | the ip or hostname of the memcached server if memcahe is used | X | X |
| memcached_sessions | true | true or false, the switch if memcached should be used for session managemeant | X | X |
| nebula_exclude_authenticators | MAIL;SMS | semicolon seperated list of authentication methods. The listed methods won't be usable. Default: All methods allowed. | X | |
| notaryInfo | \n======================( NotaryInfo )====================== \n \nSomebody | the notary info added to a biometric signature | X | |
| notary_public_key | dshkskdhNSSKhjadsbndskKJHKHSAK \ | the public key base64 encoded that is assigned new registered users. This key is used by the web signature office apps. | X | |
| notary_public_key_hash | dskhdksjhds89s8djdshkjhsd7987987dsdssd | a md5 hash of the public key | X | |
| org_quartz_properties | quartz.properties | the name of the quartz scheduler configuration file in the classpath (for the automated jobs) | X | |
| openssl_run_directory | c:/temp | the path to a folder in which openssl can run | X | |
| otp_viewer_file | X | |||
| otp_app_file | X | |||
url_handler_key | X | |||
otp_lifetime_seconds | 30 | the validity for the One-time password (OTP) for an auto-login via webservice-API | X | |
| pad_connecor_crypto_id_names | StepOver Bio 2048/4096;StepOver 2048/4096;StepOver cryptoIdv2 | semicolon seperated list of allowed pad connector crypto ids | X | |
| pad_connector_crypto_id_abort_message | no suitable key found on the pad, sorry | the text to be shown if no suitable pad connector can be found | X | |
| pad_document_viewing | true | true or false, automatic connection to the signature pad is started before clicking "Start signing" when opening time limited viewers. The document is shown on the pad. Default is false. | X | |
| password_interval | ALWAYS | If extra_password_prompt is activated, you can use password_interval to specify how often the query should appear. Possible values: ALWAYS, DAILY | X | |
| passwordResetUrl | https://host/frigg/PasswordReset.html | the url for the password reset page | X | |
| pdf_render_max_render_threads | 4 | the max number of render threads | X | |
| process_encrypted_urls | false | If the value is "true", the adhoc URL (option "SHOW LINK") is displayed encrypted (default false) | X | |
| process_pool_timeout | 120000 | timeout for a process from the process pool in milliseconds (default 120000) | X | |
| qr_code_host | localhost:3000 | host and port of the qrcode url | X | |
| qr_code_path | /qrcodepath/ | path of the qrcode url | X | |
| rabbitmq_server | 192.168.4.55 | the IP or hostname of the rabbittmq server used by the adhoc functionality (message broker) | X | |
render_strategy | AllPages | the strategy used to render the pdf pages, possible values are OnlyPagesWithSignatures, AllPages, FirstTwoAndPagesWithSignatures. Default is FirstTwoAndPagesWithSignatures | X | |
| request_lifetime | 7200 | the request lifetime in seconds. | X | |
| rest_api_allowed_hosts | localhost,192.168.5.2,192.168.5.5 | the allowed hosts for the communication with the REST API (Cross-Origin-Requests) | X | |
| rsa_encryptor_url | https://host:8444/RsaEncryptor/encode | the url of the RSA encryptor used by the html signer, if no value is set the default RSA encryptor of the frigg module is taken | X | |
| session_sync | 60 | session sync interval in seconds (memcached) | X | |
| session_timeout | 6000 | session timout in milleseconds (browser and tyrservice session) | X | X |
| show_custom_text | Bitte vorab alle notwendigen Kundeninformationen übermitteln | If the value is set, it will be displayed in the signature type popup (under the selection options) | X | |
| show_finish_pad_signature_button_in_browser | true | true or false, if set to "true", the "accept_signature"-button will be shown in the browser while signing with a signature-pad | X | |
| show_pages_preview | 1 | handles the page preview display in the document viewer (in apps and browser) 0 = deactivated, 1 = activated | X | |
show_selection_capture | true | activates/deactivates the "SMARTPHONE/TABLET" option of the signature type selection popup (default = true) | X | |
show_selection_display | true | activates/deactivates the "ON THIS DISPLAY" option of the signature type selection popup (default = true) | X | |
show_selection_pad | true | activates/deactivates the "SIGNATURE PAD" option of the signature type selection popup (default = true) | X | |
| show_toc | 1 | handles the table of contents display in the document viewer (in apps and browser) 0 = deactivated, 1 = activated | X | |
| signatureRequestGuestUrl | ||||
| signatureRequestUrl | https://host/frigg/login/#signature_request | the url for signature requests | X | |
| signature_timeout_ms | 3000 | defines the timeout/pause in milliseconds before a pad signature is automatically completed (without pressing confirm button) | X | |
| smsPassword | smspassword | the sms account password (for the sms delivery feature) | X | |
| smsSender | stepover | the name displayed as sms sender (for the sms delivery feature) | X | |
| smsUserId / authToken | 4327634 / 1ED33261VI0I6659347456B | the sms account user id or authToken (for the sms delivery feature) | X | |
| storage_home | X:/data/ | the full path for storage of documents and certificates (BRAGA) | X | |
| support_email | support@websignatureoffice.com | the email address for support notifications / inquiries | X | |
| userBrandingSupportMail | de | "de" or "us" | X | |
| tracking-header | x-idheader | the name of the http header used for the additional tracking id logging. Default is x-tracking | X | |
| tyrservice_debugging | true | true or false, enables an extended logging for tyrservice classes (if no value is set the default is false) | X | |
| tyrservice_public | false | true or false, wether the public tyrservice services should be available, public services only use the adhoc code for authentication | X | |
| verificationUrl | https://host/frigg/Verification.html | the url for the verification page | X | |
| viewer_sidebar_position | "left" | "left" or "right", defines if the viewer-sidebar (document preview and toc) is on the left or right site of the document. default "left" | X | |
| webso_events_url | https://www.testserver.com/CallbackServlet | WebSignatureOffice can be configured to call an URL on certain events. This functionality is activated by setting the URL to be called in the config.ini Further configuration options are: webso_events_filter: a semicolon separated list of events that should be fired, if this option is not set, all events are fired. (e.g. STATUS_CHANGE;USER_FINISH) webso_events_keys: a semicolon seperated list of HTTP-request property keys for the webso_event execution (e.g. user;pass) webso_events_values: a semicolon seperated list with corresponding values for the webso_event_keys (e.g. stepovercallback;strongPassword) event_keys and events_values must be in the same order webso_events_retry: the time waited in milli seconds untill the event call is repeated. (e.g. 10)
| X |
Config File with all keys and example values: config_dummy.ini
Config File with all keys and example values necessary for braga: config_dummy - braga.ini
Config File with all keys and example values necessary for frigg: config_dummy - frigg.ini
Config File with all keys and example values necessary for audit-trail: config_dummy - audittrail.ini
The unneeded keys are commented out.