Section | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
- Login to your server as user admin@d, password admin.
- On the page that is displayed, click the Manage Tenants link.
- Click the icon to manage tenant named d (Default tenant)
- Click Manage Users
- Click the edit admin user icon for the admin user. This displays a profile form.
- Change the password as desired and submit the form.
...
is a multi-tenant application. See the administration section on Manage Tenants. However, it is possible that all you need is a single tenant. If this is your case, it simplifies the server login if you default the @<tenantname> so the user only needs to enter their username to login. Customers who default the tenant login normally would also customize the placeholder on the login screen. Please read that topic for details.
- Stop Live Forms if it is running.
- Navigate to the <frevvo-home>\tomcat\conf directory
- Open the frevvo-config.properties file with a text editor.
Add the frevvo.default.login.tenant.id property to the <frevvo-home>\tomcat\conf\frevvo-config.properties file and set the param-value to the name of your one tenant.
Code Block title frevvo-config.properties frevvo.default.login.tenant.id=<your_tenant_id>
- Save the file
- Restart .
...
Code Block | ||
---|---|---|
| ||
frevvo.deprecated.submissions.view.enabled=<true or false> |
...
Forms Home Page when the Legacy Submissions View is turned off.
...
Designers see a message when an attempt is made to add a searchable field that would exceed this max number.
The message The message appears on the lower right of the screen and disappears after a short time. Any fields in excess of the max configured will not be allowed.
...
Code Block | ||
---|---|---|
| ||
frevvo.submission.delete.buttons=<true or false> |
Disable the Submission Edit Link
...
Code Block | ||
---|---|---|
| ||
frevvo.submission.edit.link value=<true or false> |
Administration of reCAPTCHA Keys
...
frevvo.forms.server.external.url - If set, all share dialogs for forms and flows will use this as the external URL. Use the syntax shown in the example. change Change the <myexternalhost>and <port> to your external server name and the port that you are using for on this server.
Code Block title frevvo-config.properties frevvo.forms.server.external.url=http://<myexternalhost>:<port>>
Note If the frevvo.forms.server.external.url is used with X-forwarded headers, the external.url will always take precedence (so X-forwarded headers will not work.)
frevvo.internal.baseurl - If set, all URLs used internally by the form server will use this base url. This may be needed when using frevvo.forms.server.external.url if that external url is not also accessible from the form server machine. Use the syntax shown
in the example. change the value "http://localhost:8082" to the server name and port of your server.Code Block frevvo.internal.baseurl=http://localhost:8082title frevvo-config.properties in the example. change the value "http://localhost:8082" to the server name and port of your server.
Code Block title frevvo-config.properties frevvo.internal.baseurl=http://localhost:8082
Warning Changing the frevvo internal connector 8081 settings in the server.xml file can cause unexpected changes, and is not advised. Please keep this in mind before changing frevvo.internal.baseurl.
- If frevvo.internal.url is set to empty, then port 8081 will go unused. In this case you should remove the connector: port=8081 in the server.xml file.
If you change frevvo.internal.port to 8082 then in this case also port 8081 will go unused, so you should remove the connector: port=8081 in the server.xml file.
If you change frevvo.internal.port to something different from 8082 then in this case user needs to set same port for the internal connector in server.xml file, as in this example:
Code Block <Connector address="127.0.0.1" port="8086" protocol="org.apache.coyote.http11.Http11NioProtocol" connectionTimeout="40000" maxHttpHeaderSize="32768" useBodyEncodingForURI="true" />
Default Port
By default the tomcat bundle is configured to bind to port 8082. You can change the port by:
...
Note |
---|
|
...
When a person is using a form/flow then pauses for longer than the configured <session-timeout>, they will see the login screen.
When a person is using a form/flow and then pauses for longer than the configured <session-timeout>, they will see the following error the next time they enter a value into the form or try to submit a form from a timed out session.
Live Forms as a windows service
...
- Stop
- Download the jai-imageio-core-1.3.1.jar here.
- Add it to frevvo classpath i.e. tomcat/lib folder
- Deploy pve.war (PVE Connector) in tomcat/webapps folder. Download the latest version of the PVE Connector from our frevvo DocuPhase Forms Software Downloads Directory.
- Restart the server. You will now see the TIFF option in the connector wizards Send Snapshot dropdown. The image shows the TIFF format option for the PaperVision or ImageSilo Connector wizard.
...
Signature Date/Time
Digital Signatures require no configuration. However you can control the format of the date stamp that appears when forms are signed.
...
no longer supports the web.xml parameters for frevvo.xforwarded.protocol.header, frevvo.xforwarded.host.header, and frevvo.xforwarded.port.headers. The general recommendation is to rely on the Servlet Container for handling dynamic proxies. A better approach is to use tomcat's RemoteIp Valve instead. Please see this documentation on the Apache Tomcat website for information about the RemoteIp valve functionality. This tomcat valve has been incorporated into our tomcat bundle.
Code Block |
---|
<Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies=".*" remoteIpHeader="x-forwarded-for" proxiesHeader ="x-forwarded-by" protocolHeader="x-forwarded-proto" /> |
...
- If the target tenant does not exist, create it by following these steps. For the sake of this document, the target tenant id is mytenant.
- Login to the target tenant as an admin and create a user with the same id as the user in the original tenant. In this example, the user id is john in the tenant mytenant.
- Transfer the applications to the new user account in the target tenant
- Login to the source tenant as a tenant admin, for instance admin@d.
- Navigate to Manage > Manage Users.
- Login as the user you want to move.
- Navigate to the user's applications page.
- Download each application for that user and save to a folder in your file system.
- Logout
- Login as the user in the new tenant: john@mytenannt.
- Upload the applications you've downloaded in the previous steps.
- Move the submissions in the submissions repository. You need to run these steps in the database where you persist the submissions. Please back up your database before moving forward. Login to your database.
- Edit the script shown below to:
- Replace the word john with the id of the user you are migrating.
- Replace the tenant id d with the id of the source tenant. The default tenant in is called d.
- Replace the word mytenant with the name of your target tenant
- Login to your database.
- Edit the script shown below to:
- Run the script shown below in your submissions database.
...
Code Block | ||
---|---|---|
| ||
frevvo.login.forgot.password.enabled=false |
Moving Data Sources to the Top of the Designer
...
This image shows the Data Sources section moved to the top, the "New from XSD" button hidden and the palette configured for only nine controls.
Modifying Content Types for the Upload Control
...
This will add the swf extension to the Restricted Content Types list in the designer.
An easier and preferable alternative, is to type the additional mime type into the Other Mime/Ex field on the Upload control property pane. Refer to Upload control for more information.
...
The show/hide pagebreaks icon on the Form Designer toolbar is a toggle to make PageBreak controls in your form on visible/invisible. When you create or edit a form, PageBreak controls will be visible. When you drag a PageBreak control from the palette onto the canvas it will be visible in the designer. If you save the formr/flow then edit it the PageBreak controls remain visible. If you want to change the default behavior, i.e. make them invisible by default, add the frevvo.designer.showPageBreaks property to the frevvo-config.properties file. This property defaults to true. Setting it to false will hide the PageBreak control by default in the designer. Clicking the icon will make them visible.
...
The prompt and save of the form prior to additional pdf mapping can be controlled by the frevvo.form.save.on.mapping property. The property defaults to true. If set to false, the designer will not be prompted to save the existing pdf form before continuing pdf mapping and the editing instance will not be saved. This parameter applies only to forms, not flows.
Follow the steps to hide this message:
...
Code Block | ||
---|---|---|
| ||
frevvo.attachment.maxsize=10485760 -> Replace the default value, 10485760 in this example, with the maximum size of the attachment that you want. The value must be entered in bytes. |
When When users try to upload a file that exceeds the configured attachment size, this error displays:
Info |
---|
If you are using MySQL, and you upload a large image or you are using a workflow that contains a large pdf, , you may see this error: The default value of the max_allowed_packet parameter in your MySQL server may not be large enough. Refer to this website for detailed information about the MySql configuration parameter. Increasing the max_allowed_packet variable setting in your MySQL Server from the default (1M) to something like 16M (16777125) fixes the issue. To fix the issue temporarily, run the following commands: |
...
Skew error when logging into an Azure SAML tenant
Users logging into a Azure SAML tenant may encounter the error "Access Denied. Authorization Required". Examination of the frevvo.log shows the following entry:
Code Block |
---|
Response issue time is either too old or with date in the future, skew 60, time 2016-06-01T05:49:25.330Z |
This error is typically caused by a clock synchronization issue between the Service Provider (frevvo) and the Identity Provider (Azure) or a genuine delay in the connection. If you get this error, adding the com.frevvo.security.saml.response.skew property can be used to specify the time in seconds allowed between the request and the response from Azure to a value greater than the default value of 60 seocnds.
Follow these steps:
- Stop Live Forms if it is running.
- Navigate to <frevvo-home>\tomcat\conf
- Open the frevvo-config.properties file with a text editor.
Add the parameter shown below with a value greater than the default value of 60 seconds. The example shown increases the timer to 120 seconds.
Code Block com.frevvo.security.saml.response.skew=120
Save the file.
- Restart .
- Retry the login.
...
In-house customers can change the maximum size for images uploaded to forms/flows using the Image control in the designers by adding the frevvo.asset.maxsize property to the frevvo-config.properties file. The default value is set to 2097152 bytes. Any uploaded file that exceeds the value in this parameter displays an error message to the designer so they can take corrective action.
The error message will not display for video files that exceed the specified limit.
...
Changing the Default Task Notification Email Message
If you want to change the default subject and body of the task notification email for your server, add these properties to the frevvo-config.properties file.
Code Block |
---|
frevvo.task.notification.email.subject=New task frevvo.task.notification.email.message=You can access your task list by clicking <a href="{task.perform.url}">this link</a> |
Change the value in this parameter to anything you want. The task.perform.url template {task.perform.url} is a built-in template in and it will always point to the specific task. Refer to the Task Notification Email Link topic for some other options. If you wrap the templates in an HTML <a> tag, it will generate a clickable link in the email.
If you do not want the link in your task notification emails to go there, you can remove it. The default message can include form control templates.
Security Vulnerabilities
The following security vulnerablities have been addressed as follows:
- Information Disclosure - resolved with the tomcat upgrade to version 8.5.16
- Man in the middle - This has to do with executing the CGI Servlet. This servlet is disabled in the frevvo Apache tomcat distribution. Customers who choose to enable the servlet are responsible for ensuring security viz. adding filter etc.
Version Disclosures - Resolved by configuring the ErrorReportValve in \frevvo\tomcat\conf\server.xml file (in the Host section) as described in this Apache tomcat website. The parameter that needs to be modified is:
Code Block <Valve className="org.apache.catalina.valves.ErrorReportValve" showServerInfo="false"/>
X-Frame-Options
Header
Not
Set
-
Resolved
by
modification
at
the
tomcat
level.
In-house
customers
can
uncommentuncomment the
HttpHeaderSecurityFilter
provided
in
the
tomcat
web.xml.
The
filter
is
documented Apache tomcat website. Specify the appropriatedocumented here. Specify the appropriate X-Frame-Options
value
in
the
antiClickJackingOption
parameter
-
(SAMEORIGIN
or
ALLOW-FROM).
Warning Setting this parameter to SAMEORIGIN may interfere when embedding frevvo forms/flows in your website. Use ALLOWUse ALLOW-FROM instead. Click the appropriate link below for filter examples.
Code Block title Example of filter with SAMEORIGIN collapse true <filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingOption</param-name> <param-value>SAMEORIGIN</param-value> </init-param> <async-supported>true</async-supported> </filter> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>
Code Block theme Confluence title Example of filter with ALLOW-FROM for embedded forms collapse true <filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingOption</param-name> <param-value>ALLOW-FROM</param-value> </init-param> <init-param> <param-name>antiClickJackingUri</param-name> <param-value> http://example.com:80/*</param-value> </init-param> <async-supported>true</async-supported> </filter> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>
- Admin user name exposure in URLs - Resolved by the feature to not expose the user id in URLs.
- Tomcat 'Ghostcat' bug (affects through v9.0.10.) The frevvo Apache Tomcat will be upgraded in a future release. To address this vulnerability in the versions listed, please use the solution listed in this article.
Geo Location
...
mysql -u root
set global max_allowed_packet=16777216
To permanently set it, choose one of the two methods listed below:
You can add the parameter - max_allowed_packet=16M to the mysqld command line or (mysqld_safe command line) as shown:
mysqld --max_allowed_packet=16M
Edit the MySql configuration file (my.ini on Windows/ my.cnf on Mac OS) and add max_allowed_packet=16777216 to the [mysqld] section.
On Mac OS, you can access the my.cnf file by typing
The location of the my.ini/my.cnf file varies by configuration.