Section | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
- If you enter an email address in the frevvo.xml parameter and leave the Email address fields on the Edit Tenant screen blank - Doc action emails will use the frevvo.xml from email value and task notification will use tenant admin's email address.
- If you enter a value into the Email address fields on the Edit tenant page - Doc action and task notification emails will use this value. The value in the frevvo.xml file is overridden.
If you want to use the frevvo.xml value for Doc action emails, leave the tenant from email address blank. This would mean flow task notifications will use tenant admin's email address.
Debug sends more debugging info to the tomcat log files. And bounce.email sets an address to receive emails that cannot be delivered to the to email recipients.
...
is a multi-tenant application. See the administration section on Manage Tenants. However, it is possible that all you need is a single tenant. If this is your case, it simplifies the server login if you default the @<tenantname> so the user only needs to enter their username to login. Customers who default the tenant login normally would also customize the placeholder on the login screen. Please read that topic for details.
There are two files where the changes to default the tenant login to your tenant name can be made: web.xml or the frevvo.xml. The recommended approach is to add the configuration parameters to the frevvo.xm;l file as it keeps all your modified parameters in one place and makes it easy to upgrade to newer releases. Since the file is outside the frevvo war, you avoid the unzip/rezip of the of the frevvo.war that is needed if you make the changes in web.xml. Examples containing the context parameters for both files are shown below.
...
By default, the server writes useful logging information to a daily logging file located here: <frevvo-home>/tomcat/logs. You will see the logfiles listed below in <frevvo-home>/tomcat/logs. The current date appends to the logfile name for all the files except the frevvo log:
- catalina.YYYY-MM-DD.log - this log captures the stderr and stdout of the tomcat process including startup/shutdown messages. This is usually a small file.
- frevvo_YYYY-MM-DD.log - all messages are logged to this file. A new log with the current date appended to it is created daily.
- localhost.YYYY.MM.DD.log - this tomcat logfile should be empty.
- localhost_access_log.YYYY - MM - DD.txt - is used to log all HTTP accesses to Tomcat. It is enabled by the following entry in <frevvo-home>/tomcat/conf/server.xml. Comment out the statement below to turn off logging to this file if it is not needed.
- insight.log - this file contains logging from the Insight service. You will see entries from running the Insight Batch Job in this file.
- host-manager.MM-DD-YYYY.log - this logfile is part of the tomcat distribution and is empty by default. It is a log file for the host-manager web application that is used to manage virtual hosts in tomcat. The host manager web-app is typically not needed because is preconfigured. Messages are written to this log only if the host-manager web application is being used.
- manager.MM-DD.YYYY.log - this logfile is part of the tomcat distribution and is empty by default - this is the log file for the tomcat manager web application which is used to check the status of web apps, memory usage etc. Messages are written to this log only if the manager web app is being used.
Note |
---|
There will be three additional logfiles when running Tomcat as a Windows service:
|
...
Using Debug Mode to see logged in users
If the log level is set to DEBUG, then you will see user login and logout information in the <frevvo-home>\frevvo\tomcat\logs\frevvo.log file. Examples of log entries are shown below. Search for “Server num users” in the log file to quickly see the number of currently logged in/out users. Note the first log entry below shows the number of users currently logged in. Showing the list of currently logged in users via the UI to the superuser and tenant admins is planned for a future release.
User login:
10:01:40.813 |-DEBUG [http-nio-8082-exec-1] [ c.f.u.UsersMonitor] - Tenant (qa): login: num users: 1. Server num users: 1
--Number of currently logged in users
10:01:40.816 |-INFO [http-nio-8082-exec-1] [ c.f.b.d.DBUtil] - Getting User info for customer: fd tenant: qa
---User who is logging in
User Logout:
10:02:03.287 |-DEBUG [http-nio-8082-exec-5] [ c.f.u.UsersMonitor] - Tenant (qa): logout: num users: 0. Server num users: 0
10:02:03.287 |-DEBUG [http-nio-8082-exec-5] [f.f.w.SessionFormsListener] - Forcing a Subject qa@fd logout on session expiration ...
---User who is logging out
...
The following screen displays when a user tries to submit a form from a timed out session.
Editing Submissions
Designer users can view/edit submissions by clicking the edit link on the submissions panel. Non designer users can view/edit submissions by clicking on the Shared Items tab if they have been granted permission to do so by the designer via the Access Control feature. The frevvo.submission.edit .link parameter must be set to the default value of true, for the edit link to be visible to any user. To disable the edit link on the submission panel, change the default value of true to false for the frevvo.submissions.edit.link configuration parameter in <frevvo-home>/WEB-INF/web.xml file. The web.xml file must be unzipped from the frevvo.war before it can be edited. Follow the instructions above to unzip, modify and rezip the war file.
...
no longer supports the web.xml parameters for frevvo.xforwarded.protocol.header, frevvo.xforwarded.host.header, and frevvo.xforwarded.port.headers. The general recommendation is to rely on the Servlet Container for handling dynamic proxies. A better approach is to use tomcat's RemoteIp Valve instead. Please see this documentation on the Apache Tomcat website for information about the RemotIp valve functionality. This tomcat valve has been incorporated nto our tomcat bundle.
Code Block |
---|
<Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies=".*" remoteIpHeader="x-forwarded-for" proxiesHeader ="x-forwarded-by" protocolHeader="x-forwarded-proto" /> |
...
Skew error when logging into an Azure SAML tenant
Users logging into a Azure SAML tenant may encounter the error "Access Denied. Authorization Required". Examination of the frevvo.log shows the following entry:
Code Block |
---|
Response issue time is either too old or with date in the future, skew 60, time 2016-06-01T05:49:25.330Z |
This error is typically caused by a clock synchronization issue between the SP (frevvo) and the Idp (Azure) or a genuine delay in the connection. If you get this error, you can change the value of the context parameter, com.frevvo.security.saml.response.skew, to specify the time in seconds allowed between the request and the response from Azure to a value greater than the default value of 60 seocnds.
If you are using the tomcat bundle, the configuration parameter - com.frevvo.security.saml.response.skew - can be added to the <frevvo-home>\tomcat\conf\catalina\localhost\frevvo.xml file. This is the recommended location.
...
Changing the Default Task Notification Email Message
If you want to change the default task notification email for your server, add this parameter in your \frevvo\tomcat\conf\Catalina\localhost\frevvo.xml file in the frevvo war section:
Code Block |
---|
<Parameter name="frevvo.task.notification.email.message" value="You can access your task list by clicking: {task.list.url}" override="false"/> |
Change the value in this parameter to anything you want. The task.list.url template {task.list.url} is a built-in template in and it will always point to your frevvo server's task list URL. If you do not want the link in your task notification emails to go there, you can remove it. The default message can include form control templates.
Security Vulnerabilities
The following security vulnerablities have been addressed as follows:
...