Section | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
- Login to your server as user "admin@d", password "admin"
- On the page that is displayed, click the "Manage Tenants" link.
- Click the icon to manage tenant named "d (Default tenant)"
- Click "Manage Users"
- Click the icon for the admin user. This displays a profile form.
- Change the password as desired and submit the form.
...
- If you enter an email address in the frevvo.xml parameter and leave the Email address fields on the Edit Tenant screen blank - Doc action emails will use the frevvo.xml from email value and task notification will use tenant admin's email address.
- If you enter a value into the Email address fields on the Edit tenant page - Doc action and task notification emails will use this value. The value in the frevvo.xml file is overridden.
If you want to use the frevvo.xml value for Doc action emails, leave the tenant from email address blank. This would mean flow task notifications will use tenant admin's email address.
Debug sends more debugging info to the tomcat log files. And bounce.email sets an address to receive emails that cannot be delivered to the to email recipients.
...
is a multi-tenant application. See the administration section on Manage Tenants. However, it is possible that all you need is a single tenant. If this is your case, it simplifies the server login if you default the @<tenantname> so the user only needs to enter their username to login. Customers who default the tenant login normally would also customize the placeholder on the login screen. Please read that topic for details.
There are two files where the changes to default the tenant login to your tenant name can be made: web.xml or the frevvo.xml. The recommended approach is to add the configuration parameters to the frevvo.xm;l file as it keeps all your modified parameters in one place and makes it easy to upgrade to newer releases. Since the file is outside the frevvo war, you avoid the unzip/rezip of the of the frevvo.war that is needed if you make the changes in web.xml. Examples containing the context parameters for both files are shown below.
...
The maximum number of users that can be validated and uploaded with a csv file is controlled by the context parameter frevvo.userloader.maxUserLoadSize The default value is 10,000 and is configured in the web.xml file in the frevvo war.
In-house customers can increase the maximum number by adding a parameter in <frevvo-home>\tomcat\conf\catalina\localhost\frevvo.xml. The maximum number of users that should be configured with this parameter for uploads using the UI is 90,000.
Follow these Steps:
- Edit the <frevvo-home>\tomcat\conf\catalina\localhost\frevvo.xml file
Add the frevvo.userloader.maxUserLoadSize with a value for the maximum number of users per upload
Code Block <Parameter name="frevvo.userloader.maxUserLoadSize" value="<maximum number of users per upload>" override="false"/>
- Restart
If you have more than a few thousand users, we recommend using the API because it is programmatic and can be automated. This is a more resilient way to bulk load lots of users. The CSV Upload using the API has not been tested by frevvo with more than 150,000 users per upload.
Proxy Server configuration
...
Note |
---|
There will be three additional logfiles when running Tomcat as a Windows service:
|
...
Using Debug Mode to see logged in users
If the log level is set to DEBUG, then you will see user login and logout information in the <frevvo-home>\frevvo\tomcat\logs\frevvo.log file. Examples of log entries are shown below. Search for “Server num users” in the log file to quickly see the number of currently logged in/out users. Note the first log entry below shows the number of users currently logged in. Showing the list of currently logged in users via the UI to the superuser and tenant admins is planned for a future release.
User login:
10:01:40.813 |-DEBUG [http-nio-8082-exec-1] [ c.f.u.UsersMonitor] - Tenant (qa): login: num users: 1. Server num users: 1
--Number of currently logged in users
10:01:40.816 |-INFO [http-nio-8082-exec-1] [ c.f.b.d.DBUtil] - Getting User info for customer: fd tenant: qa
---User who is logging in
User Logout:
10:02:03.287 |-DEBUG [http-nio-8082-exec-5] [ c.f.u.UsersMonitor] - Tenant (qa): logout: num users: 0. Server num users: 0
10:02:03.287 |-DEBUG [http-nio-8082-exec-5] [f.f.w.SessionFormsListener] - Forcing a Subject qa@fd logout on session expiration ...
---User who is logging out
...
The following screen displays when a user tries to submit a form from a timed out session.
Editing Submissions
Designer users can view/edit submissions by clicking the edit link on the submissions panel. Non designer users can view/edit submissions by clicking on the Shared Items tab if they have been granted permission to do so by the designer via the Access Control feature. The frevvo.submission.edit .link parameter must be set to the default value of true, for the edit link to be visible to any user. To disable the edit link on the submission panel, change the default value of true to false for the frevvo.submissions.edit.link configuration parameter in <frevvo-home>/WEB-INF/web.xml file. The web.xml file must be unzipped from the frevvo.war before it can be edited. Follow the instructions above to unzip, modify and rezip the war file.
...
no longer supports the web.xml parameters for frevvo.xforwarded.protocol.header, frevvo.xforwarded.host.header, and frevvo.xforwarded.port.headers. The general recommendation is to rely on the Servlet Container for handling dynamic proxies. A better approach is to use tomcat's RemoteIp Valve instead. Please see this documentation on the Apache Tomcat website for information about the RemotIp valve functionality. This tomcat valve has been incorporated nto our tomcat bundle.
Code Block |
---|
<Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies=".*" remoteIpHeader="x-forwarded-for" proxiesHeader ="x-forwarded-by" protocolHeader="x-forwarded-proto" /> |
...
Skew error when logging into an Azure SAML tenant
Users logging into a Azure SAML tenant may encounter the error "Access Denied. Authorization Required". Examination of the frevvo.log shows the following entry:
Code Block |
---|
Response issue time is either too old or with date in the future, skew 60, time 2016-06-01T05:49:25.330Z |
This error is typically caused by a clock synchronization issue between the SP (frevvo) and the Idp (Azure) or a genuine delay in the connection. If you get this error, you can change the value of the context parameter, com.frevvo.security.saml.response.skew, to specify the time in seconds allowed between the request and the response from Azure to a value greater than the default value of 60 seocnds.
If you are using the tomcat bundle, the configuration parameter - com.frevvo.security.saml.response.skew - can be added to the <frevvo-home>\tomcat\conf\catalina\localhost\frevvo.xml file. This is the recommended location.
...
Changing the Default Task Notification Email Message
If you want to change the default task notification email for your server, add this parameter in your \frevvo\tomcat\conf\Catalina\localhost\frevvo.xml file in the frevvo war section:
Code Block |
---|
<Parameter name="frevvo.task.notification.email.message" value="You can access your task list by clicking: {task.perform.url}" override="false"/> |
Change the value in this parameter to anything you want. The task.perform.url template {task.perform.url} is a built-in template in and it will always point the user directly to the task.
If you do not want the link in your task notification emails to go there, you can remove it. If you want the email notification link to point to the user's frevvo server's task list URL, then change the {task.perform.url} template to {task.list.url}.
The default message can include form control templates in addition to the built-in templates.
Security Vulnerabilities
The following security vulnerablities have been addressed as follows:
...