Versions Compared

Old Version 81

changes.mady.by.user Former user

Saved on

compared with

New Version 82

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section
Column

configuration parameters are located in three places:

  1. frevvo-config.properties - This file contains properties that define global customizations that apply to the frevvo.war and the frevvo connector warfiles (Database  Connector, Box, Filesystem, SharePoint). For example, you can provide the client secret information for the Google Connector with a property in this file. You will have to create it if you are using the frevvo tomcat bundle. When used in a container that is not tomcat,  the System Admin can add properties to this file for a simpler way to override parameters in the container web.xml file. See below for more information.
  2. <frevvo-home>\tomcat\conf\Catalina\localhost\frevvo.xml - recommended file to override context-parameters in the web.xml file when using the tomcat container.
  3. WEB-INF\web.xml - this configuration file is included in the <frevvo-home>\tomcat\webapps\frevvo.war zipfile. Modifications to this file require unzipping/rezipping the frevvo.war file after the modifications have been made. See below for the instructions.

The parameters that are most commonly modified and discussed in the sections below can be added to <frevvo-home>\tomcat\conf\catalina\localhost\frevvo.xml or in the the frevvo-config.properties file that you create in the <frevvo-home>\tomcat conf directory. The less commonly modified parameters are in web.xml. Any parameter in web.xml can be duplicated in frevvo.xml and the value in frevvo.xml takes precedence over the value in web.xml. If you plan to override the web.xml context parameter values and you are using the frevvo Tomcat bundle, we suggest doing so in frevvo.xml. This keeps all your modified parameters in one place and makes it easy to upgrade frevvo to newer releases.

A frevvo-config.properties file in a deployment of the frevvo tomcat bundle can be used to define the configuration parameters discussed below as properties in this file. It can also define global properties to customize frevvo connector warfiles (Database Connector, Box, SharePoint, Google, Filesystem). The configuration properties in the frevvo-config.properties file will override the frevvo.xml and web.xml files.

Modifying the frevvo.xml file.

Follow these steps to add/modify context parameters in the frevvo.xml file. If you are using tomcat, making your configuration changes here, will make it easier when you upgrade :

  1. Stop if it is running.
  2. Navigate to <frevvo-home>\tomcat\conf\catalina\localhost\frevvo.xml.
  3. Open the file with a text editor.
  4. The installation tasks listed below will reference the frevvo.xml and web.xml files when appropriate. You can configure anything in frevvo.xml that you can configure in web.xml. When you add parameters to the file, use the same syntax as the ones already there. Here is an example of a parameter to control the Maximum Size of Attachments that users can upload.
Code Block
<Parameter name="frevvo.attachment.maxsize" value="10485760" override="false"/>

      5. Save the file after all your changes are made. Restart .

Modifying the web.xml file

The web.xml file is included in the <frevvo-home>\tomcat\webapps\frevvo.war. The frevvo.war must be unzipped/rezipped after modifications have been made as outlined in the steps below:

  1. Stop  if it is running. 
  2. Unpack the frevvo.war file to a temporary location of your choice: e.g. c:\tmp\frevvo-war. Change the file extension from .war to .zip if necessary.
  3. Edit c:\tmp\frevvo-war\WEB-INF\web.xml.
  4. Make the desired configuration changes - see appropriate sections of this page for information on specific parameters. Save the changes to the web.xml file. 

  5. Rezip all the files in the c:\tmp\frevvo-war directory, even the ones you did not edit — if you change directories or zip them differently, Live Forms may not load correctly:

    This is the correct structure for the frevvo.war zipfile.

  6. Make sure you create the zipfile with the directory structure as shown in the image above. It is an easy mistake to include the containing directory in the zipfile. If you do this, Live Forms may not load correctly. Zip will often give your zipfile a .zip extension. Make sure you change this to a .war extension. 

  7. Copy the updated frevvo.war file to <frevvo-home>tomcat\webapps.
  8. Restart your  server.
Column
width400px

On this page:

Table of Contents
maxLevel1

...

  1. If you enter an email address in the frevvo.xml parameter and leave the Email address fields on the Edit Tenant screen blank - Doc action emails will use the frevvo.xml from email value and task notification will use tenant admin's email address.
  2. If you enter a value into the Email address fields on the Edit tenant page - Doc action and task notification emails will use this value. The value in the frevvo.xml file is overridden. 

If you want to use the frevvo.xml value for Doc action emails, leave the tenant from email address blank. This would mean flow task notifications will use tenant admin's email address. 

Debug sends more debugging info to the tomcat log files. And bounce.email sets an address to receive emails that cannot be delivered to the to email recipients. 

...

 is a multi-tenant application. See the administration section on Manage Tenants. However, it is possible that all you need is a single tenant. If this is your case, it simplifies the  server login if you default the @<tenantname> so the user only needs to enter their username to login. Customers who default the tenant login normally would also customize the placeholder on the login screen. Please read that topic for details.

There are two files where the changes to default the tenant login to your tenant name can be made: web.xml or the frevvo.xml. The recommended approach is to add the configuration parameters to the frevvo.xm;l file as it keeps all your modified parameters in one place and makes it easy to upgrade to newer releases.  Since the file is outside the frevvo war, you avoid the unzip/rezip of the of the frevvo.war that is needed if you make the changes in web.xml. Examples containing the context parameters for both files are shown below.

...

Note

There will be three additional logfiles when running Tomcat as a Windows service:

  • frevvoforms - stderr.YYYYMMDD and frevvoforms - stdout.YYYYMMDD for standard error messages and standard output stream, respectively. This is the default Tomcat behavior.
  • commons-daemon.YYYY-MM-DD.log for Windows Service errors

...

Using Debug Mode to see logged in users

If the log level is set to DEBUG, then you will see user login and logout information in the <frevvo-home>\frevvo\tomcat\logs\frevvo.log file. Examples of log entries are shown below. Search for “Server num users” in the log file to quickly see the number of currently logged in/out users. Note the first log entry below shows the number of users currently logged in. Showing the list of currently logged in users via the UI to the  superuser and tenant admins is planned for a future release.

User login:
10:01:40.813 |-DEBUG [http-nio-8082-exec-1] [       c.f.u.UsersMonitor] - Tenant (qa): login: num users: 1. Server num users: 1
--Number of currently logged in users
10:01:40.816 |-INFO  [http-nio-8082-exec-1] [           c.f.b.d.DBUtil] - Getting User info for customer: fd tenant: qa
---User who is logging in

User Logout:
10:02:03.287 |-DEBUG [http-nio-8082-exec-5] [       c.f.u.UsersMonitor] - Tenant (qa): logout: num users: 0. Server num users: 0
10:02:03.287 |-DEBUG [http-nio-8082-exec-5] [f.f.w.SessionFormsListener] - Forcing a Subject qa@fd logout on session expiration ... 
---User who is logging out

...

The following screen displays when a user tries to submit a form from a timed out session.

Editing Submissions

Designer users can view/edit submissions by clicking the edit link on the submissions panel. Non designer users can view/edit submissions by clicking on the Shared Items tab if they have been granted permission to do so by the designer via the Access Control feature. The frevvo.submission.edit .link parameter must be set to the default value of true, for the edit link to be visible to any  user. To disable the edit link on the submission panel, change the default value of true to false for the frevvo.submissions.edit.link configuration parameter in <frevvo-home>/WEB-INF/web.xml file. The web.xml file must be unzipped from the frevvo.war before it can be edited. Follow the instructions above to unzip, modify and rezip the war file.

...

no longer supports the web.xml parameters for frevvo.xforwarded.protocol.header, frevvo.xforwarded.host.header, and frevvo.xforwarded.port.headers. The general recommendation is to rely on the Servlet Container for handling dynamic proxies. A better approach is to use tomcat's RemoteIp Valve instead.  Please see this documentation on the Apache Tomcat website for information about the RemotIp valve functionality. This tomcat valve has been incorporated nto our tomcat bundle.

Code Block
 <Valve className="org.apache.catalina.valves.RemoteIpValve"
            internalProxies=".*" 
            remoteIpHeader="x-forwarded-for" 
            proxiesHeader ="x-forwarded-by" 
            protocolHeader="x-forwarded-proto" />

...

Skew error when logging into an Azure SAML tenant

Users logging into a Azure SAML tenant may encounter the error "Access Denied.  Authorization Required". Examination of the frevvo.log shows the following entry:

Code Block
Response issue time is either too old or with date in the future, skew 60, time 2016-06-01T05:49:25.330Z

This error is typically caused by a clock synchronization issue between the SP (frevvo) and the Idp (Azure) or a genuine delay in the connection. If you get this error, you can change the value of the context parameter, com.frevvo.security.saml.response.skew, to specify the time in seconds allowed between the request and the response from Azure to a value greater than the default value of 60 seocnds.

If you are using the tomcat bundle, the configuration parameter - com.frevvo.security.saml.response.skew - can be added to the <frevvo-home>\tomcat\conf\catalina\localhost\frevvo.xml file. This is the recommended location.

...

Changing the Default Task Notification Email Message

If you want to change the default task notification email for your  server, add this parameter in your \frevvo\tomcat\conf\Catalina\localhost\frevvo.xml file in the frevvo war section:

Code Block
<Parameter name="frevvo.task.notification.email.message" value="You can access your task list by clicking: {task.list.url}" override="false"/>

Change the value in this parameter to anything you want. The task.list.url template {task.list.url} is a built-in template in  and it will always point to your frevvo server's task list URL. If you do not want the link in your task notification emails to go there, you can remove it. The default message can include form control templates. 

Security Vulnerabilities

The following security vulnerablities have been addressed as follows:

  • Information Disclosure - resolved with the tomcat upgrade to version 8.5.16
  • Man in the middle - This has to do with executing the CGI Servlet. This servlet is disabled in the frevvo Apache tomcat distribution. Customers who choose to enable the servlet are responsible for ensuring security viz. adding filter etc.

  • Version Disclosures - Resolved by configuring the ErrorReportValve in \frevvo\tomcat\conf\server.xml file (in the Host section) as described in this Apache tomcat website. The parameter that needs to be modified is:

    Code Block
    <Valve className="org.apache.catalina.valves.ErrorReportValve" showServerInfo="false"/>

  • X-Frame-Options Header Not Set - Resolved by modification at the tomcat level. In-house customers can uncomment the HttpHeaderSecurityFilter provided in the tomcat web.xml. The filter is documented Apache tomcat website. Specify the appropriate X-Frame-Options value in the antiClickJackingOption parameter - (SAMEORIGIN or ALLOW-FROM).

    Warning

    Setting this parameter to SAMEORIGIN may interfere when embedding frevvo forms/flows in your website. Use  ALLOW-FROM instead.

    Click the appropriate link below for filter examples.

    Code Block
    titleExample of filter with SAMEORIGIN
    collapsetrue
    <filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
		<init-param>
			<param-name>antiClickJackingOption</param-name>
			<param-value>SAMEORIGIN</param-value>
		</init-param>
        <async-supported>true</async-supported>
</filter>

<filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
</filter-mapping>
    Code Block
    themeConfluence
    titleExample of filter with ALLOW-FROM for embedded forms
    collapsetrue
    <filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
		<init-param>
			<param-name>antiClickJackingOption</param-name>
			<param-value>ALLOW-FROM</param-value>
		</init-param>
		<init-param> 
            <param-name>antiClickJackingUri</param-name> 
            <param-value> http://example.com:80/*</param-value> 
        </init-param>
        <async-supported>true</async-supported>
</filter>

<filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
</filter-mapping>


  • Admin user name exposure in URLs - Resolved by the feature to not expose the user id in URLs.

 

logging.level.com.frevvo.connectors.database=DEBUG

...

hiddentrue

DEBUG level logging only for the  logfile

You can obtain more debugging information, if needed, by following choosing one of the methods below to change the loglevel. You will see the results of the changes in  <frevvo-home>/tomcat/logs/frevvo.log. 

Change the value of the frevvo.logging.level parameter in frevvo.xml

...

Geolocation

As of June 22, 2016 Google Maps V3 no longer supports keyless access. New on-premise installations planning on using the  Geolocation feature must obtain a Google Maps API key. This may involve registering with Google and then creating an application and then a key. Refer to this Google Maps API blog article for a discussion of the changes and here for the google api pricing plans.

follow these Steps to obtain the Google Maps API key:

  1. Go to this Google Maps API website
  2. Login with your google account
  3. Click on Get a Key button
  4. Select project, copy key value

  5. Create/edit the <frevvo-home>\ tomcat\conf\

...

  1. frevvo

...

Change the word INFO to DEBUG

...

Save the file.

Code Block
titlefrevvo.xml
<Context unpackWAR="true" path="/frevvo" swallowOutput="true" unloadDelay="40000" useHttpOnly="true" validateClientProvidedNewSessionId="false">
    <Parameter name="frevvo.logging.level" value="INFO" override="false"/> - Change INFO to DEBUG

DEBUG level logging only for the  and Connector logfile

Add loglevel properties to the <frevvo-home>\tomcat\conf\frevvo-config.properties file. This is the recommended approach going forward. However, be aware that the properties in this file will also effect the logfiles for the Database, Google, Box and SharePoint connectors if you are running them.

To configure debug level logging just for the frevvo.log:

...

Code Block
titlefrevvo-config.properties - This property turns on DEBUG level logging for the frevvo.log and any connector logs
logging.level.=DEBUG

DEBUG level logging for Connector logfiles

...

The connectors are designed to use the frevvo-config.properties file. Properties in this file apply to all war files in the <frevvo-home>\tomcat\webapps directory including the frevvo.war. The Insight.war and the pve.war are the only exceptions.

To configure debug level logging for just one connector log:

  1. Create a frevvo-config.properties file in <frevvo-home>\tomcat\conf
  2. Add the logging.level.com.frevvo.connectors.<connector name>=DEBUG property to the file. NOTE: the syntax of the property is logging(dot)level(dot)com(dot)frevvo(dot)connectors(dot)<connector name>=DEBUG
  3. Save the file

The image shows examples for the properties to add to the frevvo-config.properties file to turn on DEBUG level logging for the Database, Google, Box.com, Filesystem and SharePoint connector logfiles. Add the property for the connector(s) you are running.

...

  1. -config.properties file. Add the frevvo-google.maps.apikey property with your api key as the value

    Code Block
    frevvo.google.maps.apikey=AIzaSyCa3fRtM53VB1aHZjbCHTh1al7RWo22l78
  2. Start the Insight server then .

See the Geolocation topic for details about how to display the map in your form/flow and the this Rules example if you want to show additional location information.