Versions Compared

Old Version 94

changes.mady.by.user Former user

Saved on

compared with

New Version 95

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section
Column

configuration parameters are located in three places:

  1. frevvo-config.properties - This file contains properties that define global customizations that apply to the frevvo.war and the frevvo connector warfiles (Database  Connector, Box, Filesystem, SharePoint). For example, you can provide the client secret information for the Google Connector with a property in this file. You will have to create it if you are using the frevvo tomcat bundle. When used in a container that is not tomcat,  the System Admin can add properties to this file for a simpler way to override parameters in the container web.xml file. See below for more information.
  2. <frevvo-home>\tomcat\conf\Catalina\localhost\frevvo.xml - recommended file to override context-parameters in the web.xml file when using the tomcat container.
  3. WEB-INF\web.xml - this configuration file is included in the <frevvo-home>\tomcat\webapps\frevvo.war zipfile. Modifications to this file require unzipping/rezipping the frevvo.war file after the modifications have been made. See below for the instructions.

The parameters that are most commonly modified and discussed in the sections below can be added to <frevvo-home>\tomcat\conf\catalina\localhost\frevvo.xml or in the the frevvo-config.properties file that you create in the <frevvo-home>\tomcat conf directory. The less commonly modified parameters are in web.xml. Any parameter in web.xml can be duplicated in frevvo.xml and the value in frevvo.xml takes precedence over the value in web.xml. If you plan to override the web.xml context parameter values and you are using the frevvo Tomcat bundle, we suggest doing so in frevvo.xml. This keeps all your modified parameters in one place and makes it easy to upgrade frevvo to newer releases.

A frevvo-config.properties file in a deployment of the frevvo tomcat bundle can be used to define the configuration parameters discussed below as properties in this file. It can also define global properties to customize frevvo connector warfiles (Database Connector, Box, SharePoint, Google, Filesystem). The configuration properties in the frevvo-config.properties file will override the frevvo.xml and web.xml files.

Modifying the frevvo.xml file.

Follow these steps to add/modify context parameters in the frevvo.xml file. If you are using tomcat, making your configuration changes here, will make it easier when you upgrade :

  1. Stop if it is running.
  2. Navigate to <frevvo-home>\tomcat\conf\catalina\localhost\frevvo.xml.
  3. Open the file with a text editor.
  4. The installation tasks listed below will reference the frevvo.xml and web.xml files when appropriate. You can configure anything in frevvo.xml that you can configure in web.xml. When you add parameters to the file, use the same syntax as the ones already there. Here is an example of a parameter to control the Maximum Size of Attachments that users can upload.
Code Block
<Parameter name="frevvo.attachment.maxsize" value="10485760" override="false"/>

      5. Save the file after all your changes are made. Restart .

Modifying the web.xml file

The web.xml file is included in the <frevvo-home>\tomcat\webapps\frevvo.war. The frevvo.war must be unzipped/rezipped after modifications have been made as outlined in the steps below:

  1. Stop  if it is running. 
  2. Unpack the frevvo.war file to a temporary location of your choice: e.g. c:\tmp\frevvo-war. Change the file extension from .war to .zip if necessary.
  3. Edit c:\tmp\frevvo-war\WEB-INF\web.xml.
  4. Make the desired configuration changes - see appropriate sections of this page for information on specific parameters. Save the changes to the web.xml file. 

  5. Rezip all the files in the c:\tmp\frevvo-war directory, even the ones you did not edit — if you change directories or zip them differently, Live Forms may not load correctly:

    This is the correct structure for the frevvo.war zipfile.

  6. Make sure you create the zipfile with the directory structure as shown in the image above. It is an easy mistake to include the containing directory in the zipfile. If you do this, Live Forms may not load correctly. Zip will often give your zipfile a .zip extension. Make sure you change this to a .war extension. 

  7. Copy the updated frevvo.war file to <frevvo-home>tomcat\webapps.
  8. Restart your  server.
Column
width400px

On this page:

Table of Contents
maxLevel1

...

  1. If you enter an email address in the frevvo.xml parameter and leave the Email address fields on the Edit Tenant screen blank - Doc action emails will use the frevvo.xml from email value and task notification will use tenant admin's email address.
  2. If you enter a value into the Email address fields on the Edit tenant page - Doc action and task notification emails will use this value. The value in the frevvo.xml file is overridden. 

If you want to use the frevvo.xml value for Doc action emails, leave the tenant from email address blank. This would mean flow task notifications will use tenant admin's email address. 

Debug sends more debugging info to the tomcat log files. And bounce.email sets an address to receive emails that cannot be delivered to the to email recipients. 

...

 is a multi-tenant application. See the administration section on Manage Tenants. However, it is possible that all you need is a single tenant. If this is your case, it simplifies the  server login if you default the @<tenantname> so the user only needs to enter their username to login. Customers who default the tenant login normally would also customize the placeholder on the login screen. Please read that topic for details.

There are two files where the changes to default the tenant login to your tenant name can be made: web.xml or the frevvo.xml. The recommended approach is to add the configuration parameters to the frevvo.xm;l file as it keeps all your modified parameters in one place and makes it easy to upgrade to newer releases.  Since the file is outside the frevvo war, you avoid the unzip/rezip of the of the frevvo.war that is needed if you make the changes in web.xml. Examples containing the context parameters for both files are shown below.

...

Code Block
<Parameter name="frevvo.submission.edit.link" value="false" override="false"/>

Administration of reCAPTCHA Keys

provides a default reCAPTCHA key. No other configuration steps are required for on-premise customers that choose to use the default key. This default reCAPTCHA key is:

  • NOT configured to a particular host/domain server
  • NOT configured for Google to perform any host/domain name checking on the challenge step. However,  will perform a host/domain verification on the verification step so that any attempts at site key spoofing are blocked.
  • Considered secure.

In-house customers who want the maximum possible protection from form spamming, will need to create their own reCAPTCHA key and configure to their domain (example.com).

Follow these steps:

  1. You will need a google account.
  2. Follow the instructions on this Google site to register your domain and create the site and secret keys.
    1. You can also choose "Domain Name Validation" on this key to have Google check the domain on the challenge step.
  3. Copy the site and secret keys from the Registration page for your site

  4. Add the frevvo.reCAPTCHA.sitekey and the frevvo.reCAPTCHA.secretkey parameters to the <frevvo-home>\tomcat\conf\catalina\localhost\frevvo.xml file.

    Code Block
    <Parameter name="frevvo.recaptcha.sitekey" value="<your custom site key here>" override="false"/>
<Parameter name="frevvo.recaptcha.secretkey" value="<your custom secret key here>" override="false"/>
<Parameter name="frevvo.recaptcha.hostcheck" value="true or false" override="false"/>

The frevvo.recaptcha.hostcheck parameter controls the domain/host verification on the verification step that is done by . The values for this parameter can be set to true or false. If you use a custom key with Domain Name Validation configured, add this parameter to the frevvo.xml file with a value of false. Otherwise, add it to the frevvo.xml with a value of true.

Proxy Server configuration

...

Note

There will be three additional logfiles when running Tomcat as a Windows service:

  • frevvoforms - stderr.YYYYMMDD and frevvoforms - stdout.YYYYMMDD for standard error messages and standard output stream, respectively. This is the default Tomcat behavior.
  • commons-daemon.YYYY-MM-DD.log for Windows Service errors

...

Using Debug Mode to see logged in users

If the log level is set to DEBUG, then you will see user login and logout information in the <frevvo-home>\frevvo\tomcat\logs\frevvo.log file. Examples of log entries are shown below. Search for “Server num users” in the log file to quickly see the number of currently logged in/out users. Note the first log entry below shows the number of users currently logged in. Showing the list of currently logged in users via the UI to the  superuser and tenant admins is planned for a future release.

User login:
10:01:40.813 |-DEBUG [http-nio-8082-exec-1] [       c.f.u.UsersMonitor] - Tenant (qa): login: num users: 1. Server num users: 1
--Number of currently logged in users
10:01:40.816 |-INFO  [http-nio-8082-exec-1] [           c.f.b.d.DBUtil] - Getting User info for customer: fd tenant: qa
---User who is logging in

User Logout:
10:02:03.287 |-DEBUG [http-nio-8082-exec-5] [       c.f.u.UsersMonitor] - Tenant (qa): logout: num users: 0. Server num users: 0
10:02:03.287 |-DEBUG [http-nio-8082-exec-5] [f.f.w.SessionFormsListener] - Forcing a Subject qa@fd logout on session expiration ... 
---User who is logging out

...

The following screen displays when a user tries to submit a form from a timed out session.

Editing Submissions

Designer users can view/edit submissions by clicking the edit link on the submissions panel. Non designer users can view/edit submissions by clicking on the Shared Items tab if they have been granted permission to do so by the designer via the Access Control feature. The frevvo.submission.edit .link parameter must be set to the default value of true, for the edit link to be visible to any  user. To disable the edit link on the submission panel, change the default value of true to false for the frevvo.submissions.edit.link configuration parameter in <frevvo-home>/WEB-INF/web.xml file. The web.xml file must be unzipped from the frevvo.war before it can be edited. Follow the instructions above to unzip, modify and rezip the war file.

...

no longer supports the web.xml parameters for frevvo.xforwarded.protocol.header, frevvo.xforwarded.host.header, and frevvo.xforwarded.port.headers. The general recommendation is to rely on the Servlet Container for handling dynamic proxies. A better approach is to use tomcat's RemoteIp Valve instead.  Please see this documentation on the Apache Tomcat website for information about the RemotIp valve functionality. This tomcat valve has been incorporated nto our tomcat bundle.

Code Block
 <Valve className="org.apache.catalina.valves.RemoteIpValve"
            internalProxies=".*" 
            remoteIpHeader="x-forwarded-for" 
            proxiesHeader ="x-forwarded-by" 
            protocolHeader="x-forwarded-proto" />

...

Skew error when logging into an Azure SAML tenant

Users logging into a Azure SAML tenant may encounter the error "Access Denied.  Authorization Required". Examination of the frevvo.log shows the following entry:

Code Block
Response issue time is either too old or with date in the future, skew 60, time 2016-06-01T05:49:25.330Z

This error is typically caused by a clock synchronization issue between the SP (frevvo) and the Idp (Azure) or a genuine delay in the connection. If you get this error, you can change the value of the context parameter, com.frevvo.security.saml.response.skew, to specify the time in seconds allowed between the request and the response from Azure to a value greater than the default value of 60 seocnds.

If you are using the tomcat bundle, the configuration parameter - com.frevvo.security.saml.response.skew - can be added to the <frevvo-home>\tomcat\conf\catalina\localhost\frevvo.xml file. This is the recommended location.

...

Changing the Default Task Notification Email Message

If you want to change the default task notification email for your  server, add this parameter in your \frevvo\tomcat\conf\Catalina\localhost\frevvo.xml file in the frevvo war section:

Code Block
<Parameter name="frevvo.task.notification.email.message" value="You can access your task list by clicking: {task.perform.url}" override="false"/>

Change the value in this parameter to anything you want. The task.perform.url template {task.perform.url} is a built-in template in  and it will always point the user directly to the task.

If you do not want the link in your task notification emails to go there, you can remove it. If you want the email notification link to point to the user's frevvo server's task list URL, then change the  {task.perform.url} template to {task.list.url}.

The default message can include form control templates in addition to the built-in templates. 

Security Vulnerabilities

The following security vulnerablities have been addressed as follows:

...