Configuration

...

Files

Excerpt

name	ConfigurationFiles

Configuration options can be specified in a number of different ways. These take precedence in the following order:

Java System properties – set using the -D propertyName=value on the java command line / tomcat launch configuration
webapps/<phixflow>/WEB-INF/classes/local.properties – optional java properties file
webapps/<phixflow>/WEB-INF/classes/phixflow.properties – optional java properties file
Environment variables – using the environment form of the property name as described below
webapps/<phixflow>/WEB-INF/classes/context/server.properties – this contains the default values and should not be modified.

Keystore Files

Optionally, secrets, such as database passwords, can be kept encrypted in external secret files. Refer to Configure a Keystore and Aliases for instructions on how to configure this before proceeding with the installation.

Environment

form

Form of

property names

Property Names

As operating systems have stricter rules around valid characters in environment variable names, and prefer them to be in upper case, when using environment variables the property name should be converted as follows:

Replace dots (.) with underscores (_).
Remove any dashes (-).
Convert to uppercase.

For instance example, “db.url” would be looked up as “DB_URL” when resolved from environment variables.

Guidelines and

advice

Advice for

configuration

Configuration

The context/server.properties file should never be changed. This is replaced on upgrade.
For a multi-instance environment (e.g. DEV, QA and Prod) it is recommended that a common phixflow.properties file is used on all the instances, containing configuration settings that are identical on all environments. The local.properties file is then used for local overrides, such as database url and passwords.
For single instance environments it is recommended to follow the same structure as with multi-instance environments, but alternatively just one of either the phixflow.properties or local.properties files can be used to have all the configuration in a single file.
Only properties that have differing values from the default settings in the server.properties should be configured. This makes it easier to review and manage the configuration and ensures that fixes and improvements to the default settings will be applied automatically.
In docker environments it may be beneficial to use environment variables rather than settings in the local.properties file. Theis This allows the same container image to be started as multiple instances with different configurations.

...

Note

Java properties files use the backslash \ as an escape character. When configuring paths on Windows either use forward slashes (e.g. c:/apps/phixflow) or double up the backslashes (e.g. c:\\apps\\phixflow).

Other properties can be referenced within a property value using the syntax ${property}

Excerpt

name	InstallTimeProperties

Installation Specific Properties

These properties are required for installation to succeed and are populated in the database. After installation is complete the values are not used any further.

Property	Requires Configuration	Default Value	Explanation
install.customer_name	Always	<none>	The customer name as provided with your licence licence.
install.licence_key	Always	<none>	Licence key as provided with your licence.
install.user.password	Often	<autogenerated>	Initial password of the default administrator user created during installation. If no value is configured a password is autogenerated and written to the security.log file. It is strongly recommended this is changed immediately after installation.
install.user.username	Often	admin	Username of the default administrator user created during installation.
install.user.email	Often	<none>	Email address of the default administrator user created during installation. Can be updated after install installation in the User Details screen.
install.user.firstname	Often	admin	First name of the default administrator user created during installation. Can be updated after install installation in the User Details screen.
install.user.lastname	Often	admin	Last name of the default administrator user created during installation. Can be updated after install installation in the User Details screen.
install.data.base	Often	${install.application_loc}/data	Base location for the default data directory paths. This will commonly be configured to be “/opt/phixflow/data”
install.data.temp	Occasionally	${install.data.base}/temp	Populates an initial value in the System Configuration Temporary File Location
install.data.upload	Occasionally	${install.data.base}/upload	Populates an initial value in the System Configuration File Upload Directory
install.data.import	Occasionally	${install.data.base}/import	Populates an initial value in the System Configuration Import File Location
install.data.export	Occasionally	${install.data.base}/export	Populates an initial value in the System Configuration Export File Location
install.data.template	Occasionally	${install.data.base}/template	Populates an initial value in the System Configuration Template Location
install.data.archive	Occasionally	${install.data.base}/archive	Populates an initial value in the System Configuration Archive Directory
install.data.restore	Occasionally	${install.data.base}/restore	Populates an initial value in the System Configuration Restore Directory
install.data.driver	Occasionally	${install.data.base}/driver	Populates an initial value in the System Configuration Data Driver Directory
install.data.download	Occasionally	${install.data.base}/download	Populates an initial value in the System Configuration Download Location
install.data.plugin	Occasionally	${install.data.base}/plugin	Populates an initial value in the System Configuration Plugin Location
install.data.file	Occasionally	${install.data.base}/file	Populates an initial value in the System Configuration File Table Upload Location
install.application_loc	Rarely	<autodetected>	Base application install location, e.g. ZB example missing here
install.pepperKey	Rarely	<none>	Externally defined value for the pepperKey. If not specified and a pepper key isn’t configured in the keystore then a value is autogenerated.
install.phixflow_api_key	Rarely	<none>	Externally defined value for the Phixflow PhixFlow API credential signing key. If not specified and the api API key isn’t configured in the keystore then a value is autogenerated.

...

Excerpt

name	Keystore

Keystore Configuration

The keystore must be configured and populated during installation before Phixflow PhixFlow is first started. Using a keystore is optional.

Property	Requires Configuration	Default Value	Explanation
keystore.file	Optional	/opt/secure/keystore.jks	Location of the keystore file. Only used if the keystore password is provided, otherwise use of the keystore is disabled.
phixflow-keystore-password	Optional	<none>	Default key name containing the keystore password
keystore.passwordKey	Rarely	phixflow-keystore-password	Name of the key containing the keystore password.
pepper.key.name	Rarely	pepperKey	Name of the key containing the pepper key which is used for encrypting passwords.
api.key.name	Rarely	phixflow-api-key	Name of the key containing the api API key which is used for signing api API credentials.

Excerpt

name	Login

Login Configuration

Phixflow PhixFlow supports multiple modes of supporting authentication users. Users can be authenticated either with local credentials, native active directory based credentials, or using SAML to authenticate with active directory or other services, such as Okta.

Property	Requires Configuration	Default Value	Explanation
login.defaultForm=local	Often		Selects the form displayed when a user connects.

#local

local - only allows local authentication

,

.

full - allows selecting any of the enabled authentication methods

,

.

auto - if SAML SSO is enabled allows logging in without displaying the login form if the user is already authenticated

,

.

activedirectory - supports active directory login only.

login.default=local

Often

The default domain for login.

login.local.enabled=true

rarely

	Rarely	Allows disabling support of local login. This will prevent any local administrator accounts from being used.
login.saml.enabled=false	Often	Configures whether SAML login is enabled
login.saml.key= <none>	Often	Configures the identity provider's entity id .
login.saml.attribute.domain= <none>	Often

configures

		Configures the domain of the saml users.
login.saml.label=Single Sign In	Rarely		The label to display
login.saml.attributeMap=authenticationOnly	Often		Configures the integration method

,

.

authenticationOnly - SAML used for authentication but

Phixflow

PhixFlow manages user details and permissions. okta - configured to support Okta based authentication and details. userDetails - allows configuration of authentication and user details to be provided by saml.
login.saml.keystore.file=classpath:keystore/samlKeystore.jks	Often	Configures the location of the saml keystore
login.saml.keystore.password=<none>	Often	Configures the password to the saml keystore.
login.saml.keystore.key.password=<none>	Often	Configures the password to the secret in the saml keystore
login.saml.keystore.key.alias=samlKey	Rarely	Configures the alias of the secret stored in the saml keystore
login.saml.url.host=localhost	Often	Configures the externally resolvable hostname of the

Phixflow

PhixFlow server. If behind a reverse proxy this will be the

proxies

proxy’s hostname.
login.saml.url.port=443	Occasionally		Configures the port of the

Phixflow

PhixFlow server, or that of the reverse proxy if it is being used.
login.saml.url.includePort=false	Rarely	Whether the port should be included in the generated url.
login.saml.url.path=/phixflow	Occasionally	Path that the webapp is installed under. If behind a reverse proxy this should be the path that the proxy forwards.
login.saml.metadata.entityId=https://${login.saml.url.host}/${login.saml.url.path}	Rarely	The value that globally identifies the

Phixflow

PhixFlow instance.
login.saml.metadata.entityBaseUrl=https://${login.saml.url.host}/${login.saml.url.path}	Rarely		The public facing URL of the

Phixflow

PhixFlow instance.
login.saml.metadata.file=file:/opt/phixflow/data/saml-metadata/idp-metadata.xml	Often	Path to the Identity Provider Metadata file.
login.saml.metadata.trustCheck=true	Rarely	Whether to validate incoming

siguatures

signatures.
login.saml.attribute.username=nameid	Occasionally	Used with the authenticationOnly and userDetails attribute map to define the appropriate mapping from the incoming metadata.
login.saml.attribute.fullname=displayname	Occasionally	Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.
login.saml.attribute.firstname=givenname	Occasionally	Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.
login.saml.attribute.lastname=surname	Occasionally	Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.
login.saml.attribute.phonenumber=phonenumber	Occasionally	Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.
login.saml.attribute.company=company	Occasionally	Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.
login.saml.attribute.department=department	Occasionally	Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.
login.saml.attribute.email=email	Occasionally	Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.
login.saml.attribute.groups=group	Occasionally	Used with the userDetails attribute map to define the appropriate mapping from the incoming metadata.
login.saml.attribute.globalLogout=false	Occasionally	Used with the authenticationOnly and userDetails attribute map to determine whether logging out of

Phixflow

PhixFlow should also trigger a logout of the identity provider.
login.activeDirectory.enabled=false	Often	Whether Active Directory integration is enabled.
login.activeDirectory.domain=example.com	Often	The domain being logged into.
login.activeDirectory.url=ldaps://ldap.example.com	Often	Space

seperated

separated list of domain LDAP servers.
login.activeDirectory.dn=ou=user accounts,dc=example,dc=com	Often	The root distinguished name to search under.
login.activeDirectory.timeout=5000	Rarely	Timeout for attempt to authenticate against each server.
login.activeDirectory.authenticationOnly=false	Occasionally	Whether only authentication is used from active directory, with user permissions and details being stored in

Phixflow

PhixFlow.

Excerpt

name	Logging

Logging Configuration

valid level values: OFF, ERROR, WARN, INFO, DEBUG, TRACE, ALL

Property	Requires Configuration	Default Value	Explanation
logging.file.directory=logs	Occasionally		The directory logs are written into, relative to the Tomcat root directory.
logging.file.phixflow.base=phixflow	Occasionally		Base name of the standard

phixflow

PhixFlow log file.
logging.file.security.base=security	Occasionally	Base name of the security log file.
logging.stdout.level=OFF	Occasionally	Used to control the minimum log message level permitted to be output to stdout. ZB is “stdout” a typo?
logging.root.level=INFO	Rarely

configures

		Configures the default minimum log level that can be generated.
logging.file.phixflow.main=${logging.file.directory}/${logging.file.phixflow.base}.log	Rarely		Defines the path and name of the standard

phixflow

PhixFlow log file

.


logging.file.phixflow.archive=${logging.file.directory}/${logging.file.phixflow.base}.%d{yyyy-MM-dd}.log	Rarely		Defines the path and name of archived standard

phixflow

PhixFlow log files.
logging.file.security.main=${logging.file.directory}/${logging.file.security.base}.log	Rarely	Defines the path and name of the security log file.
logging.file.security.archive=${logging.file.directory}/${logging.file.security.base}.%d{yyyy-MM-dd}.log	Rarely	Defines the path and name of archived security log files.
logging.file.phixflow.level=ALL	Rarely	Used to control the minimum log message level permitted to be output to standard log file.
logging.file.security.level=ALL	Rarely	Used to control the minimum log message level permitted to be output to security log file.

Versions Compared

Old Version 8

New Version 9

Key

Table of Contents

Configuration

Files

Keystore Files

Environment

Form of

Property Names

Guidelines and

Advice for

Configuration

Installation Specific Properties

Keystore Configuration

Login Configuration

Logging Configuration

Page Comparison

Versions Compared

Old Version 8

New Version 9

Key

Configuration

Files

Keystore Files

Environment

Form of

Property Names

Guidelines and

Advice for

Configuration

Installation Specific Properties

Keystore Configuration

Login Configuration

Logging Configuration