configuration.properties - Configuring Your Local Setup
The configuration.properties
file primarily allows you to define how the communication between the Automation Engine, the AWI server, and AWI and its Clients runs. This topic covers the parameters that you might need to modify for your local setup. The changes take effect after restarting the web server.
Configuration required?
Only if you want to define custom property settings, otherwise the defaults are used. This file is delivered with default settings for optimum performance. You should not modify them unless expressly advised by support consultants.
File Location
After installing AWI, you find the configuration.properties
file in the .../config folder.
This page includes the following:
General Properties
maxOpenBulkActions
If users want to open multiple objects/tasks at a time, they can select them in bulk, right-click and select Open. This opens as many tabs or windows as selected objects/tasks.
By default, the maximum number of tabs or windows that can be opened in one bulk selection is limited to 50, however you can change this limit using this parameter.
wfDisplaySettings
By default, tasks in a Workflow (whether on the editor in the Process Assembly perspective or on the monitor in the Process Monitoring perspective), display the name of the task first and its title (if available) beneath the name. In addition to the Name and the Title, users can also assign an Alias to a task in the Workflow. However, the task boxes provide only two rows display this piece of information.
With the wfDisplaySettings
parameter you determine which of these properties are displayed in the task box, which one goes in the first row and which in the second. It also determines which property is displayed in the caption of expanded, embedded Workflows.
This is important to give more visibility to the property that users need to identify the tasks.
The tables below describe the behavior of the name, the title or the alias depending on how you set this parameter:
-
wfDisplaySettings=NAME,TITLE
Properties set First row Second row Caption of expanded Workflow Name NAME - EMPTY (short names)
- NAME (continued for long names)
NAME Name and title NAME TITLE NAME Name and alias ALIAS - EMPTY (short names)
- NAME (continued for long names)
ALIAS Name, title and alias ALIAS TITLE ALIAS -
wfDisplaySettings=TITLE,NAME
Properties set First row Second row Caption of expanded Workflow Name NAME - EMPTY (short names)
- NAME (continued for long names)
NAME Name and title TITLE NAME TITLE Name and alias ALIAS NAME ALIAS Name, title and alias ALIAS NAME ALIAS
Connection Settings
automationEngineOpenConnectionTimeoutMilliseconds
If you have only one connection to the AE, this parameter specifies the timeout interval for the connection between the AWI and the CP.
If you have several connections to the AE, this parameter specifies the time interval for attempting to connect to the next CP in case the previous connection fails.
Default: 10000 (10 seconds)
Tip: Increase the timeout if you have a slow connection between Tomcat and the Automation Engine
Note: You define the connections to the AE in the uc4config.xml - Configuring the Connection Between AWI and AE configuration file.
Home Dashboards
defaultHomeDashboard
The name of the Dashboard (DASH) object for the default AWI Home Dashboard for your installation. Change this if you want to replace the delivered default with a company-defined standard dashboard.
Note: Regardless of which dashboard is defined here, users with editing rights to the DASH objects and Dashboards can choose to use another dashboard to be their own home dashboard.
Default: WELCOME.DASHBOARD
customHomeDashboardsFolder
The name of the folder path where the dashboard objects for user-customized home dashboards are stored. When entering the folder path, consider the following:
-
Do not use a leading slash (/).
-
Use forward slashes (/) only.
Default: DASHBOARDS
For more information, see Setting Up Dashboards.
Configuring Timeout Settings
When working with potentially long-running operations in the Automation Engine, such as importing large XML files, displaying statistics, or opening very large workflows, it is important to configure the appropriate timeout values. The following parameters control the timeouts for these background operations:
Parameter | Default Value | Description |
---|---|---|
automationEngineOpenConnectionTimeoutMilliseconds |
10000 |
The maximum time in milliseconds to wait for opening a connection to the AE. |
asyncLoadingTimeoutMilliseconds |
180000 |
The maximum time in milliseconds to wait for asynchronous loading of the AE objects. |
automationEngineTimeoutMilliseconds |
180000 |
The maximum time in milliseconds to wait for the completion of an AE operation. If the timeout is reached, the connection to the AE will be closed. |
xRequestExecutorTimeoutMilliseconds |
90000 | The maximum time in milliseconds to wait for a single request to the AE. If the timeout is reached, that one request will be aborted, but the AE connection will remain open. |
Important! The default values are not all the same. In particular, to prevent connection loss, the xRequestExecutorTimeoutMilliseconds parameter should be lower than the automationEngineTimeoutMilliseconds.
Login Settings
sso.kdc.enabled / sso.saml.enabled
Specifies whether single sign-on (SSO) can be used for AWI log in. This allows users to use the domain name and password they use to log into their computer also to log into AWI.
Possible values:
-
true
SSO is enabled
-
false (default)
SSO is not enabled
When users first log in, they have to provide their sign-on information and select either Kerberos or SAML sign-in. For more information, see Setting up Single Sign-On.
For information about the full setup and details about the login options this approach provides, see Configuring the Automic Web Interface.
parameter_login.enabled
Specifies whether the AWI login window opens, the parameters for Connection, Client, Name, Department, Logintype and Language are already filled in. Users need to enter only their password.
Possible values:
-
true
Login parameters except password are filled in
-
false (default)
No login parameters are filled in
If this is enabled, then the AWI startup will recognize login parameters that are added to the start URL in the following format:
https://<AWI>/?system=ConnectionName&client=9999&name=MyUserName&department=Dept&logintype=AE(default)|KERBEROS|SAML&language=MyLanguage&autologin=true
Notes:
- If your browser is not accessing AWI over a TLS/SSL protocol, your URL will start with http://.
- The
logintype
parameter is optional and it is only relevant when the related SSO parameter is enabled in theconfiguration.properties
file. - The
autologin
parameter is optional and can be used together with the KERBEROS or SAML login types. If theautologin
parameter is provided, the login dialog is submitted automatically.
automationEngine.index
Also referred to as multi-connection support, this parameter controls whether users can choose an AE connection when logging into this AWI installation or they are restricted to the specified connection.
The connections are defined in <connection> elements in the uc4config.xml - Configuring the Connection Between AWI and AE and would appear in a drop-down on the login page.
Possible values:
-
-1 (default)
Users can choose a connection at login
-
0–n
The number corresponding to the connection element in the uc4config.xml - Configuring the Connection Between AWI and AE for the system that all users must use. This is a 0-indexed parameter, so 0 means the first connection that is defined, 1 means the second connection, and so on.
Note: If only one connection is defined in the uc4config.xml - Configuring the Connection Between AWI and AE, then just use the default value here.
Network Settings Specific for the Bundled AWI Launcher
The network settings enable the secure connection between AWI and the client.
http.port
Port on which your local AWI runs.
Default value: 8080
If you get a port already in use error, do the following:
- To make sure that no other instance is running, check the console tab in Eclipse
- Close your browsers. Some lingering WebSocket connections might be blocking the port
- Change the port if you have multiple repositories and multiple Eclipse instances running
If you use 0 as port number Jetty will take the next free port to start AWI. You find the URL that has been started in the console log on which port AWI runs.
http.enabled
Flag to enable/disable the secure connection.
Default value: true
Important!
To guarantee that AWI runs in secure mode, you must enable HTTPS and disable HTTP. This means that you need to configure the AWI properties as follows:
http.enabled=false
https.enabled=true
http.root
AWI responds at the root context. Change it if you want to simulate running AWI behind a proxy where the URL needs a context prefix.
Default value: /
https.port
TLS/SSL port on which your local AWI runs.
Default value: 7443
https.enabled
Flag to enable/disable the secure connection.
Default value: true
Important!
To guarantee that AWI runs in secure mode, you must enable HTTPS and disable HTTP. This means that you need to configure the AWI properties as follows:
http.enabled=false
https.enabled=true
https.keystore.filename
File name and path to the keystore file which holds the certificate.
Default value: keystore.selfsigned
https.keystore.password
Keystore password.
Default value: secret. You can use the Jetty password obfuscation to hide the password in clear text. For more information, please refer to the official Eclipse documentation on secure password obfuscation.
https.manager.password
If there is no trustmanager
set, the keystore is used as the trust store and the keystorepassword
is used as the certificate/key password.
If this value is configured, it is used as the certificate/key password.
https.cert.alias
Alias of the certificate used for https for the AWI in the keystore.
Default value: jetty
http.max.header.size
If your setup requires to store more data in the header, you can configure it here. This parameter sets the maximum header size for both the request and the response.
You must specify the header size in bytes.
Default value: 8192 bytes
Security Settings Specific for the Bundled AWI Launcher
https.ocsp.enabled
When a HTTPS connection with a web server occurs, the browser performs an OCSP check (a request to validate the certificate) with the certificate authority (CA) that issued the SSL certificate. This process can lead to delays in the SSL handshake. OCSP stapling helps improve performance by positioning the certificates on the web server. It means that the SSL server (rather than client) makes the requests to CA servers for revoked certificates lists, making the check faster and more reliable for clients.
If set to true, this setting enables OCSP stapling when AWI runs on the bundled Jetty Launcher.
Default value: true
https.ocsp.responderUrl=
Endpoint of the OSCP server typically run by the certificate issuer that sends the response to the request to validate the certificate.
Security Settings
Additional security layer. The following parameters let you configure AWI headers to protect it from external attacks when sending responses to the Clients. For more information about the security headers, please refer to your browser's official documentation.
Important! The following configuration parameters are the same, the only difference being their names:
-
csp.enabled and http.security.csp.enabled
-
csp.whitelist and http.security.csp.whitelist
This is because the parameters that begin with the http.security prefix have been introduced in a later version. If you are already using the older parameters, there is no need for you to set the new ones.
csp.enabled / http.security.csp.enabled
This parameter adds a header to enable/disable a Content Security Policy (CSP). A strong CSP mitigates and reports Cross-Site Scripting (XSS) and clickjacking attacks. The policy is a string containing the policy directives describing your Content Security Policy.
Default value: false
csp.whitelist / http.security.csp.whitelist
This parameter adds a header to whitelist content on web pages. If you want to enable the HTML and YouTube widgets in your Dashboards, you must add them to the whitelist. For more information, see Working with Widgets and General Widgets.
If http.security.csp.enabled is set for CDA, you must add the CDA base URL (URL without page name) to whitelist, a.e. "https://my.cdawebserver.com"
Default value: empty
Examples:
-
(YouTube widget) To add a YouTube channel to your whitelist you set this parameter as follows:
csp.whitelist=https://www.youtube.com
-
(HTML widget) To add Broadcom's docs.automic.com page to your whitelist you set this parameter as follows:
csp.whitelist=https://docs.automic.com
-
(CDA)
https://my.cdawebserver.com
http.security.sts.enabled
This parameter adds a header to enable Strict Transport Security. Setting this header ensures that browsers that have previously connected to the page will use HTTPS instead of HTTP within the time of validity that you can specify in the http.security.sts.maxage header (see next parameter).
Default value: false.
Important! If you do not set this parameter to true, users could be tricked to not use encryption even if the page redirects to HTTPS or if it only provides HTTPS.
http.security.sts.maxage
This parameter adds a header to set the maximum amount of time in seconds for Strict Transport Security.
Default value: 31536000
http.security.xframe.options
This parameter adds a header to allow/prevent pages from being included in iframes. Set it to DENY to prevent certain attacks.
If iframes are to be used within the page, the value SAMEORIGIN can be used instead. If framing for third party domains needs to be allowed, set this value to empty.
Default value: Empty
Possible values:
-
DENY
-
SAMEORIGIN
-
ALLOW-FROM origin
Recommended value: DENY
http.security.xss.protection
This parameter adds a X-XSS-Protection header to change the Cross-Site Scripting filters of some browsers.
Default value: 1
Possible values:
-
0
-
1
Recommended value: 0. Due to vulnerabilities that other modes introduce, it is recommended to set this value to 0 and use Content-Security-Policy instead. See csp.enabled / http.security.csp.enabled.
http.security.content.type.options
This parameter adds a X-Content-Type-Options header. Set it to "nosniff" to prevent Internet Explorer and Google Chrome from sniffing a response away from the declared content-type. This helps reduce the danger of drive-by downloads and helps treat the content the right way.
Default value: empty
Possible value: nosniff
Network Settings with All Application Servers
allowWebsockets
Activates WebSocket communication between the AWI Clients and the web server they run on. WebSockets is the default and recommended communication technology, because it enables faster interaction with the user interface.
Possible values:
-
true (default)
WebSockets is active
-
false
WebSockets is not used
Browsers can limit the number of connections that have the same domain name. This might lead to issues (the page does not load, no content is displayed) when users select multiple items in the AWI to open them.
Important!
- See the compatibility matrix for the required versions of the application server and Java, and a list of compatible browsers.
- Some anti-virus software interferes with WebSocket communication channels. If you find that people are not able to log in, you might have to modify the configuration of your virus scanners to allow WebSocket communications for the AWI.
push.websocket.idletime
Defines the keep-alive interval in milliseconds in the communication between AWI and the web server.
Default value: 3600000 milliseconds (one hour)
Online Help
helpUrl.pattern
Pattern for the context-sensitive help URL. The parameters are placeholders and are defined as follows:
{0} Language, for example german
{1} Version, for example 21.0
{2} Product, which is CDA%20Guides or Automic%20Automation%20Guides.
{3} CSHID
Default value: https://docs.automic.com/documentation/webhelp/{0}/ALL/components/DOCU/{1}/{2}/#CSHID={3}
If your company security policy does not allow Internet access to your users, you can provide the help on your company's secured intranet:
-
Load the online help onto your intranet.
- Download the most recent documentation bundle from https://downloads.automic.com/.
- Go to Automation.Platform/Documentation/Guides/webhelp, where .zip files with the documentation in English (en), German (de) and French (fr) are available.
- Unzip the file content to a place on your local intranet that your AWI user clients have access to.
-
Modify the URL manually to lead to the help.htm file at this location. For example:
-
For the English Automic Automation documentation:
https://localhost:8080/documentation/english/AWA/help.htm#CSHID={3}
-
For the French Automic Automation documentation:
https://localhost:8080/documentation/french/AWA/help.htm#CSHID={3}
-
For the German Automic Automation documentation:
https://localhost:8080/documentation/german/AWA/help.htm#CSHID={3}
-
For the CDA documentation (which is available in English only):
https://localhost:8080/documentation/english/CDA/help.htm#CSHID={3}
-
Note:
Download and update the documentation with each service pack
Object Validation
promptset.validation.mandatory
Controls whether users who define Workflows (JOBP objects) must provide values in all required fields in all prompt sets in the Workflow before saving the Workflow definition. This includes the prompt sets in the JOBP object as well as those in the properties of its Workflow tasks (child objects).
By default, all required prompt set fields must be defined. Turning this off would allow intermediate saves when building large Workflows. No matter how a Workflow is saved, when a workflow is executed, all required prompt set fields have to be filled before processing can start.
Possible values:
-
true
All mandatory prompt set fields must have values before saving a Workflow definition. This is the default.
-
false
Workflow definitions can be saved without values in all required prompt set fields.
Next
You have configured your local AWI setup. Now you can proceed with the following topics:
-
Configure log levels
For more information, see logback.xml - Configuring Log Levels
-
Configure AWI's color scheme
For more information, see colors.properties - Configuring the Color Scheme