configuration.properties - Configuring Your Local Setup

The configuration.properties file primarily allows you to define how the communication between the Automation Engine, the AWI server, and AWI and its Clients runs. This topic covers the parameters that you might need to modify for your local setup. The changes take effect after restarting the web server.

Configuration required?

Only if you want to define custom property settings, otherwise the defaults are used. This file is delivered with default settings for optimum performance. You should not modify them unless expressly advised by support consultants.

File Location

After installing AWI, you find the configuration.properties file in the .../config folder.

This page includes the following:

General Properties

maxOpenBulkActions

If users want to open multiple objects/tasks at a time, they can select them in bulk, right-click and select Open. This opens as many tabs or windows as selected objects/tasks.

By default, the maximum number of tabs or windows that can be opened in one bulk selection is limited to 50, however you can change this limit using this parameter.

wfDisplaySettings

By default, tasks in a Workflow (whether on the editor in the Process Assembly perspective or on the monitor in the Process Monitoring perspective), display the name of the task first and its title (if available) beneath the name. In addition to the Name and the Title, users can also assign an Alias to a task in the Workflow. However, the task boxes provide only two rows display this piece of information.

With the wfDisplaySettings parameter you determine which of these properties are displayed in the task box, which one goes in the first row and which in the second. It also determines which property is displayed in the caption of expanded, embedded Workflows.

This is important to give more visibility to the property that users need to identify the tasks.

The tables below describe the behavior of the name, the title or the alias depending on how you set this parameter:

  • wfDisplaySettings=NAME,TITLE

    Properties set First row Second row Caption of expanded Workflow
    Name NAME
    • EMPTY (short names)
    • NAME (continued for long names)
    		 NAME
    Name and title NAME TITLE NAME
    Name and alias ALIAS
    • EMPTY (short names)
    • NAME (continued for long names)
    		 ALIAS
    Name, title and alias ALIAS TITLE ALIAS

  • wfDisplaySettings=TITLE,NAME

    Properties set First row Second row Caption of expanded Workflow
    Name NAME
    • EMPTY (short names)
    • NAME (continued for long names)
    		 NAME
    Name and title TITLE NAME TITLE
    Name and alias ALIAS NAME ALIAS
    Name, title and alias ALIAS NAME ALIAS

Connection Settings

automationEngineOpenConnectionTimeoutMilliseconds

If you have only one connection to the AE, this parameter specifies the timeout interval for the connection between the AWI and the CP.

If you have several connections to the AE, this parameter specifies the time interval for attempting to connect to the next CP in case the previous connection fails.

Default: 10000 (10 seconds)

Tip: Increase the timeout if you have a slow connection between Tomcat and the Automation Engine

Note: You define the connections to the AE in the uc4config.xml - Configuring the Connection Between AWI and AE configuration file.

Home Dashboards

defaultHomeDashboard

The name of the Dashboard (DASH) object for the default AWI Home Dashboard for your installation. Change this if you want to replace the delivered default with a company-defined standard dashboard.

Note: Regardless of which dashboard is defined here, users with editing rights to the DASH objects and Dashboards can choose to use another dashboard to be their own home dashboard.

Default: WELCOME.DASHBOARD

customHomeDashboardsFolder

The name of the folder path where the dashboard objects for user-customized home dashboards are stored. When entering the folder path, consider the following:

  • Do not use a leading slash (/).

  • Use forward slashes (/) only.

Default: DASHBOARDS

For more information, see Setting Up Dashboards.

Configuring Timeout Settings

When working with potentially long-running operations in the Automation Engine, such as importing large XML files, displaying statistics, or opening very large workflows, it is important to configure the appropriate timeout values. The following parameters control the timeouts for these background operations:

Parameter Default Value Description

automationEngineOpenConnectionTimeoutMilliseconds

 10000

The maximum time in milliseconds to wait for opening a connection to the AE.

asyncLoadingTimeoutMilliseconds

 180000

The maximum time in milliseconds to wait for asynchronous loading of the AE objects.

automationEngineTimeoutMilliseconds

 180000

The maximum time in milliseconds to wait for the completion of an AE operation. If the timeout is reached, the connection to the AE will be closed.

xRequestExecutorTimeoutMilliseconds

 90000 The maximum time in milliseconds to wait for a single request to the AE. If the timeout is reached, that one request will be aborted, but the AE connection will remain open.

Important! The default values are not all the same. In particular, to prevent connection loss, the xRequestExecutorTimeoutMilliseconds parameter should be lower than the automationEngineTimeoutMilliseconds.

Login Settings

sso.kdc.enabled / sso.saml.enabled

Specifies whether single sign-on (SSO) can be used for AWI log in. This allows users to use the domain name and password they use to log into their computer also to log into AWI.

Possible values:

  • true

    SSO is enabled

  • false (default)

    SSO is not enabled

When users first log in, they have to provide their sign-on information and select either Kerberos or SAML sign-in. For more information, see Setting up Single Sign-On.

For information about the full setup and details about the login options this approach provides, see Configuring the Automic Web Interface.

parameter_login.enabled

Specifies whether the AWI login window opens, the parameters for Connection, Client, Name, Department, Logintype and Language are already filled in. Users need to enter only their password.

Possible values:

  • true

    Login parameters except password are filled in

  • false (default)

    No login parameters are filled in

If this is enabled, then the AWI startup will recognize login parameters that are added to the start URL in the following format:

https://<AWI>/?system=ConnectionName&client=9999&name=MyUserName&department=Dept&logintype=AE(default)|KERBEROS|SAML&language=MyLanguage&autologin=true

Notes:

  • If your browser is not accessing AWI over a TLS/SSL protocol, your URL will start with http://.
  • The logintype parameter is optional and it is only relevant when the related SSO parameter is enabled in the configuration.properties file.
  • The  autologin parameter is optional and can be used together with the KERBEROS or SAML login types. If the autologin parameter is provided, the login dialog is submitted automatically.

automationEngine.index

Also referred to as multi-connection support, this parameter controls whether users can choose an AE connection when logging into this AWI installation or they are restricted to the specified connection.

The connections are defined in <connection> elements in the uc4config.xml - Configuring the Connection Between AWI and AE and would appear in a drop-down on the login page.

Possible values:

  • -1 (default)

    Users can choose a connection at login

  • 0–n

    The number corresponding to the connection element in the uc4config.xml - Configuring the Connection Between AWI and AE for the system that all users must use. This is a 0-indexed parameter, so 0 means the first connection that is defined, 1 means the second connection, and so on.

Note: If only one connection is defined in the uc4config.xml - Configuring the Connection Between AWI and AE, then just use the default value here.

Network Settings Specific for the Bundled AWI Launcher

The network settings enable the secure connection between AWI and the client.

http.port

Port on which your local AWI runs.

Default value: 8080

If you get a port already in use error, do the following:

  • To make sure that no other instance is running, check the console tab in Eclipse
  • Close your browsers. Some lingering WebSocket connections might be blocking the port
  • Change the port if you have multiple repositories and multiple Eclipse instances running

If you use 0 as port number Jetty will take the next free port to start AWI. You find the URL that has been started in the console log on which port AWI runs.

http.enabled

Flag to enable/disable the secure connection.

Default value: true

Important!

To guarantee that AWI runs in secure mode, you must enable HTTPS and disable HTTP. This means that you need to configure the AWI properties as follows:

http.enabled=false

https.enabled=true

http.root

AWI responds at the root context. Change it if you want to simulate running AWI behind a proxy where the URL needs a context prefix.

Default value: /

https.port

TLS/SSL port on which your local AWI runs.

Default value: 7443

https.enabled

Flag to enable/disable the secure connection.

Default value: true

Important!

To guarantee that AWI runs in secure mode, you must enable HTTPS and disable HTTP. This means that you need to configure the AWI properties as follows:

http.enabled=false

https.enabled=true

https.keystore.filename

File name and path to the keystore file which holds the certificate.

Default value: keystore.selfsigned

https.keystore.password

Keystore password.

Default value: secret. You can use the Jetty password obfuscation to hide the password in clear text. For more information, please refer to the official Eclipse documentation on secure password obfuscation.

https.manager.password

If there is no trustmanager set, the keystore is used as the trust store and the keystorepassword is used as the certificate/key password.

If this value is configured, it is used as the certificate/key password.

https.cert.alias

Alias of the certificate used for https for the AWI in the keystore.

Default value: jetty

http.max.header.size

If your setup requires to store more data in the header, you can configure it here. This parameter sets the maximum header size for both the request and the response.

You must specify the header size in bytes.

Default value: 8192 bytes

Security Settings Specific for the Bundled AWI Launcher

https.ocsp.enabled

When a HTTPS connection with a web server occurs, the browser performs an OCSP check (a request to validate the certificate) with the certificate authority (CA) that issued the SSL certificate. This process can lead to delays in the SSL handshake. OCSP stapling helps improve performance by positioning the certificates on the web server. It means that the SSL server (rather than client) makes the requests to CA servers for revoked certificates lists, making the check faster and more reliable for clients.

If set to true, this setting enables OCSP stapling when AWI runs on the bundled Jetty Launcher.

Default value: true

https.ocsp.responderUrl=

Endpoint of the OSCP server typically run by the certificate issuer that sends the response to the request to validate the certificate.

Security Settings

Additional security layer. The following parameters let you configure AWI headers to protect it from external attacks when sending responses to the Clients. For more information about the security headers, please refer to your browser's official documentation.

Important! The following configuration parameters are the same, the only difference being their names:

  • csp.enabled and http.security.csp.enabled

  • csp.whitelist and http.security.csp.whitelist

This is because the parameters that begin with the http.security prefix have been introduced in a later version. If you are already using the older parameters, there is no need for you to set the new ones.

csp.enabled / http.security.csp.enabled

This parameter adds a header to enable/disable a Content Security Policy (CSP). A strong CSP mitigates and reports Cross-Site Scripting (XSS) and clickjacking attacks. The policy is a string containing the policy directives describing your Content Security Policy.

Default value: false

csp.whitelist / http.security.csp.whitelist

This parameter adds a header to whitelist content on web pages. If you want to enable the HTML and YouTube widgets in your Dashboards, you must add them to the whitelist. For more information, see Working with Widgets and General Widgets.

If http.security.csp.enabled is set for CDA, you must add the CDA base URL (URL without page name) to whitelist, a.e. "https://my.cdawebserver.com"

Default value: empty

Examples:

  • (YouTube widget) To add a YouTube channel to your whitelist you set this parameter as follows:

    csp.whitelist=https://www.youtube.com

  • (HTML widget) To add Broadcom's docs.automic.com page to your whitelist you set this parameter as follows:

    csp.whitelist=https://docs.automic.com

  • (CDA)

    https://my.cdawebserver.com

http.security.sts.enabled

This parameter adds a header to enable Strict Transport Security. Setting this header ensures that browsers that have previously connected to the page will use HTTPS instead of HTTP within the time of validity that you can specify in the http.security.sts.maxage header (see next parameter).

Default value: false.

Important! If you do not set this parameter to true, users could be tricked to not use encryption even if the page redirects to HTTPS or if it only provides HTTPS.

http.security.sts.maxage

This parameter adds a header to set the maximum amount of time in seconds for Strict Transport Security.

Default value: 31536000

http.security.xframe.options

This parameter adds a header to allow/prevent pages from being included in iframes. Set it to DENY to prevent certain attacks.

If iframes are to be used within the page, the value SAMEORIGIN can be used instead. If framing for third party domains needs to be allowed, set this value to empty.

Default value: Empty

Possible values:

  • DENY

  • SAMEORIGIN

  • ALLOW-FROM origin

Recommended value: DENY

http.security.xss.protection

This parameter adds a X-XSS-Protection header to change the Cross-Site Scripting filters of some browsers.

Default value: 1

Possible values:

  • 0

  • 1

Recommended value: 0. Due to vulnerabilities that other modes introduce, it is recommended to set this value to 0 and use Content-Security-Policy instead. See csp.enabled / http.security.csp.enabled.

http.security.content.type.options

This parameter adds a X-Content-Type-Options header. Set it to "nosniff" to prevent Internet Explorer and Google Chrome from sniffing a response away from the declared content-type. This helps reduce the danger of drive-by downloads and helps treat the content the right way.

Default value: empty

Possible value: nosniff

Network Settings with All Application Servers

allowWebsockets

Activates WebSocket communication between the AWI Clients and the web server they run on. WebSockets is the default and recommended communication technology, because it enables faster interaction with the user interface.

Possible values:

  • true (default)

    WebSockets is active

  • false

    WebSockets is not used

Browsers can limit the number of connections that have the same domain name. This might lead to issues (the page does not load, no content is displayed) when users select multiple items in the AWI to open them.

Important!

  • See the compatibility matrix for the required versions of the application server and Java, and a list of compatible browsers.
  • Some anti-virus software interferes with WebSocket communication channels. If you find that people are not able to log in, you might have to modify the configuration of your virus scanners to allow WebSocket communications for the AWI.

push.websocket.idletime

Defines the keep-alive interval in milliseconds in the communication between AWI and the web server.

Default value: 3600000 milliseconds (one hour)

Online Help

helpUrl.pattern

Pattern for the context-sensitive help URL. The parameters are placeholders and are defined as follows:

{0} Language, for example german

{1} Version, for example 21.0

{2} Product, which is CDA%20Guides or Automic%20Automation%20Guides.

{3} CSHID

Default value: https://docs.automic.com/documentation/webhelp/{0}/ALL/components/DOCU/{1}/{2}/#CSHID={3}

If your company security policy does not allow Internet access to your users, you can provide the help on your company's secured intranet:

  1. Load the online help onto your intranet.

    1. Download the most recent documentation bundle from https://downloads.automic.com/.
    2. Go to Automation.Platform/Documentation/Guides/webhelp, where .zip files with the documentation in English (en), German (de) and French (fr) are available.
    3. Unzip the file content to a place on your local intranet that your AWI user clients have access to.

  2. Modify the URL manually to lead to the help.htm file at this location. For example:

    • For the English Automic Automation documentation:

      https://localhost:8080/documentation/english/AWA/help.htm#CSHID={3}

    • For the French Automic Automation documentation:

      https://localhost:8080/documentation/french/AWA/help.htm#CSHID={3}

    • For the German Automic Automation documentation:

      https://localhost:8080/documentation/german/AWA/help.htm#CSHID={3}

    • For the CDA documentation (which is available in English only):

      https://localhost:8080/documentation/english/CDA/help.htm#CSHID={3}

Note:

Download and update the documentation with each service pack

Object Validation

promptset.validation.mandatory

Controls whether users who define Workflows (JOBP objects) must provide values in all required fields in all prompt sets in the Workflow before saving the Workflow definition. This includes the prompt sets in the JOBP object as well as those in the properties of its Workflow tasks (child objects).

By default, all required prompt set fields must be defined. Turning this off would allow intermediate saves when building large Workflows. No matter how a Workflow is saved, when a workflow is executed, all required prompt set fields have to be filled before processing can start.

Possible values:

  • true

    All mandatory prompt set fields must have values before saving a Workflow definition. This is the default.

  • false

    Workflow definitions can be saved without values in all required prompt set fields.

Next

You have configured your local AWI setup. Now you can proceed with the following topics: