Configuration of REWOO Scope

The configuration allows you to set and change various configuration parameters for the server or the Scope world. For admin users, it can be found directly in the admin panel.

Language

Default language (Server)
defaultServerLocale = [ de_DE | en_US | en_GB ]
Default language of the server.
Default language (Client)
defaultUserLocale = [ de_DE | en_US | en_GB ]
Default language of client interface. The setting only affects new users. Each user has the option in the client to set the language used at any time.
Default time zone
defaultServerTimeZone = Europe/Berlin
The default time zone of the server for the display of date and time (see date entries).
List of time zones
Search view
search.view = [ normal | extended ]
The normal view is a simple input field for the search text. The extended view requires configured facet searches on one or more element types. Then the user is offered a simple possibility to search in individual fields.
Search filter
search.filter = [ fuzzy | phonetic ]

fuzzy uses the Levenshtein distance, which is set with search.fuzziness. phonetic uses the Double Metaphone algorithm to include similar sounding, possibly misspelled hits in the result list (e.g. standard and standart).

If the search filter is changed, the complete search index must be rebuilt.

fuzziness
search.fuzziness = [ 0 | 1 | 2 ]
The Levenshtein distance is a positive integer that measures the distance between two letter sequences. This parameter sets the fuzziness of the search. 0 is equivalent to exact search. 1 allows simple word swaps. The larger the value, the less precise the search.
Maximum phonetic code length
search.phonetic.maxCodeLength = 8
The maximum code length is a positive integer that specifies the maximum length of the phonetic code. The longer the phonetic code can be, the more accurate the displayed matches will be. With a code length of 4, the code is KRKT for both cricket and cricketgame. Both terms are considered identical by the search. With a code length of 8, the code for Cricket is KRKT, but for Cricketgame it is KRKTKM. So the two terms are different for the search.
Weight of content
search.weight.content = 2.0
Weight of search results within the form.
Weight of form name
search.weight.name = 3.0
Weight of search results within form name.
Weight of path
search.weight.breadcrumb = 0.1
Weight of search results within the path of the form.
Weight of form type
search.weight.typename = 0.05
Weigth of searh results within type name.
Weight of meta data of files
search.weight.metadata = 0.2
Weight of search results within meta data of files.
Exclude file formats
search.extensionDenyList = dxf
A list of file formats that are not included in the search index. Multiple entries must be specified separated by commas.
Arguments of the Tika server
search.tika.args = 
Arguments which will be used to start the Tika server (see Tika Wiki).
JVM Aaguments of the Tika server
search.tika.jvmargs = -Xmx2g
JVM arguments which will be used to start the Tika server.
Port of the Tika servers
search.tika.port = 8200
The port behind which a Tika server is expected. If no Tika server is found, a new Tika server is started that listens on this port.
Waiting time after the start of the Tika server
search.tika.startupDelayMS = 1000
The amount of time in milliseconds that is waited after the Tika server starts until a first connection attempt is made.
Maximum time for a request to the Tika server
search.tika.timeoutMS = 60000
The maximum time in milliseconds that a request to the Tika server may take before it is aborted.
URL of the Tika server
search.tika.url = http://localhost
URL of a running Tika server.
URL of Tika server installation packages
search.tika.downloadUrl = https://rewoo.de/downloads/tika/
If no Tika server is running and no jar is found in the local installation directory, an appropriate jar is downloaded from this URL.
Working directory of Tika server
search.tika.workingDir = 
The directory to save the downloaded jar and the config file to.

Email dispatch

General email settings

Activation
mail.mute = [ true | false ]
Switch to globally activate or deactivate the email dispatch.
Email sender
mail.sender = REWOO Scope <info@rewoo.com>
Name and email address of the sender. Most providers require that the sender matches the email account used.
Email from address equal to sender
mail.fromEqualToSender = [ true | false ]
If false, then the email address of the logged-in user is entered in the email field from, if true, then the name of the user together with the email address from mail.sender is entered in the email field from.
global redirection
mail.redirect.enabled = [ true | false ]
All mails sent to users are redirected to the addresses in mail.redirect.to
Addresses for redirect
mail.redirect.to = 
A comma-separated list of addresses to which email will be redirected if mail.redirect.enabled is enabled.
Host
mail.host = localhost
Address of the computer that sends the emails (SMTP)
Port
mail.port = 587
Port on this computer through which the SMTP service can be reached.
Username
mail.username = 
Username, if authentication is necessary for the dispatch.
Password
mail.password = 
Password, if authentication is required for sending.
Parameter
mail.props = mail.smtp.auth:true,mail.smtp.socketFactory.port:587,mail.smtp.socketFactory.class:javax.net.DefaultSocketFactory,mail.smtp.socketFactory.fallback:false
Settings for sending emails.

Sending emails with STARTTLS

If the email transmission is to be secured with STARTTLS, the following settings must be made:
mail.port = 465
mail.props = mail.smtp.auth:true,mail.smtp.socketFactory.port:465,mail.smtp.socketFactory.class:javax.net.ssl.SSLSocketFactory,mail.smtp.socketFactory.fallback:false,mail.smtp.starttls.enable:true

Sending alerts and messages by email

These options configure the automatic emails that are sent when alerts and messages are generated.
Author
mail.author = REWOO Scope
Name that appears below the email text.

Email dispatch of the system action EMAIL

These options configure the automatic e-mails sent by the EMAIL system action.
Maximum attachment size
mail.maxAttachmentSizeInMB = 50
If a file links field is specified when defining the EMAIL system action, the files stored there are attached to the e-mail. This parameter limits the maximum size in megabytes that the attachments of an e-mail may not exceed. If the size is exceeded, the e-mail is not sent and the triggering action is canceled.

Sending bug reports by email

First level support
mail.firstLevelSupport = support@rewoo.com
If the software fails, the user can generate a report and have it sent as an email to this address.
Log level
mail.logging.level = [ FATAL | ERROR | WARN | INFO | DEBUG | TRACE ]
Log level above which an error message is sent by mail to the address specified under mail.firstLevelSupport. A value lower than ERROR should be avoided, since a separate e-mail is sent for each entry in the log.

Phone settings

Default protocoll for desktop
phone.desktop.protocol = [ tel | callto | sip | skype | phone ]
The default protocol for phone numbers in desktop browsers. This protocol can be overridden by each user individually or by explicitly placing it in front of the phone number.
Default protocoll for desktop
phone.mobile.protocol = [ tel | callto | sip | skype | phone ]
The default protocol for phone numbers in mobile device browsers. This protocol can be overridden by each user individually or by explicitly placing it in front of the phone number.

File converter

General converter settings

List of file extensions to ignore
converter.extensionDenyList = exe,dll
Comma-separated list of file extensions to be ignored by the file converter.
Path for test files
converter.testFiles.path = 
Absolute path to the directory containing files that are used when testing the converters via the Admin Panel.
Duration of preview migration
converter.migration.maxDurationInSec = 1800
When the preview format for images is changed, all existing preview files are migrated by the ConverterJob. This parameter specifies how much time in seconds may be spent on the migration per job run.

Configuration of the ImageMagick converter

This converter is necessary for displaying all image formats: jpg, jpeg, png, gif, tiff, bmp, eps, svg, ai, psd, wmf.
Path
converter.imagemagick.imageMagickHome = /usr/bin/
Absolute path to the directory where the convert program of ImageMagick is located.
Timeout
converter.imagemagick.timeout = 360000
Time in milliseconds that a conversion with ImageMagick may take at most before it is aborted.
Checking the MimeType
converter.imagemagick.checkMimeType = true
This switch activates the check of the MimeType against the stored white list to secure a security hole in ImageMagick (see ImageTragick).
Target image format
converter.imagemagick.targetFormat = [ png | jpg | gif | bmp ]
Target image format.
Thumbnail Size
converter.imagemagick.thumbnailSize = 160
Maximum width and height of thumbnail images.

Configuration of the Office Converter

This converter is necessary for displaying all office formats and text formats: doc, docx, xls, xlsx, ppt, pptx, vsd, vxd, vsdx, pub, odt, ods, odp, txt, rtf, csv (complete list of supported formats).
Path
converter.openoffice.openOfficeHome = /opt/LibreOffice5.x/
Absolute path to the program directory of LibreOffice or Apache OpenOffice.
Port
converter.openoffice.ports = 8100
Port to be used by the LibreOffice Server service. A list of port numbers can also be specified here in a comma-separated list to start multiple LibreOffice servers at the same time.
Timeout for conversion
converter.openoffice.timeout = 600000
Time in milliseconds that a conversion with LibreOffice may take at most before it is aborted.
Maximum number of conversions
converter.openoffice.killAfter = 200
Maximum number of conversions until the LibreOffice server is restarted. This is necessary for some versions of LibreOffice because more memory is reserved with each conversion.
Start attempts
converter.openoffice.numberOfRestartAttempts = 2
Maximum number of attempts to restart LibreOffice.
Queue timeout
converter.openoffice.taskQueueTimeout = 30000
Maximum time in milliseconds that a conversion job may spend in the queue before it is aborted.

Configuration of Acme CAD converter

This converter is necessary for the display of CAD files: dxf, dwg.
Path
converter.acme.bin = /home/rewoo/rewoo/scripts/proxy-acme.sh
Absolute path to the script used to start the ACME CAD converter.
Colour chart
converter.acme.fallbackCTB = monochrome.ctb
Default CTB file for the conversion of DXF files.
Timeout
converter.acme.timeoutMS = 360000
Time in milliseconds that a conversion with the ACME CAD Converter may take at most before it is aborted.

ETL

Create new fields
etlconfig.global.protectedmode = [ true | false ] 
switch whether form fields are automatically added to the form (false) or not (true) if they do not exist
Waiting time
etlconfig.global.fileChangeWait = 2000

Time in milliseconds that the ETL process observes the file for changes before reading it in.

A set of job-specific parameters must also be created for each pre-system.

Scheduler

Long-running or recurring tasks are available as jobs. Many of these jobs are only started manually via the admin panel and do not require a schedule. The scheduled jobs are configured according to the cron syntax (see the Quartz scheduler documentation)

General settings

Waiting time after system start
quartz.startDelay = 30000
Time between the start of Scope and the first execution of the jobs in milliseconds
Queue size
quartz.queueSizePerJob = 10
Queue size per Quartz job

Anonymisation of the data set

Job for anonymizing the dataset, i.e. element names and form values are falsified according to a predefined plan.
Cron parameter
jobs.AnonymizerJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.AnonymizerJob.enabled = [ true | false ]
Switch whether this job is executable.

Deletes all expired session

Job to delete all expired sessions.
Cron parameter
jobs.ClearTimedOutSessionsJob.cron = 0 3 * * * ? * 
Cron trigger, default is three minutes after every full hour
Activation
jobs.ClearTimedOutSessionsJob.enabled = [ true | false ]
Switch whether this job is executable.

Converting the files

Job to convert all files for which a standard format (png, pdf, swf) is not yet available.
Cron parameter
jobs.ConverterJob.cron = 0 0 1 * * ? *
Cron trigger, default is every night at 1 o'clock server time
Activation
jobs.ConverterJob.enabled = [ true | false ]
Switch whether this job is executable.
Period in days
jobs.ConverterJob.periodInDays = 2
Creates a preview for files added in the last 2 days. If the number of days is 0, all files in the system are checked.

Calculation of checksums

Job for calculating checksums for all files for which no checksum is yet available. This checksum can be used to check whether the file has been unchanged since it was saved, or whether it has been corrupted or manipulated.
Cron parameter
jobs.CreateChecksumsJob.cron = 0 0 1 * * ? *
Cron trigger, default is every night at 1 o'clock server time
Activation
jobs.CreateChecksumsJob.enabled = [ true | false ]
Switch whether this job is executable.

Creating snapshots

Job to create a snapshot of the Scope installation. This snapshot contains all data necessary to restore this Scope instance (database, stored files, ETL configuration, license, account data).
Cron parameter
jobs.CreateSnapshotJob.cron = 
Cron trigger, is not set, because snapshots are usually created manually
Activation
jobs.CreateSnapshotJob.enabled = [ true | false ]
Switch whether this job is executable.

Deleting form values

Job for deleting form values. REWOO Scope does not actually allow values to be deleted. However, as the law stipulates that personal data must be permanently deleted on request for reasons of data protection, this job exists. It is only possible to delete the values of elements that have either been archived or discarded.
Cron parameter
jobs.DeleteElementValuesJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.DeleteElementValuesJob.enabled = [ true | false ]
Switch whether this job is executable.

Delayed execution of formula actions

Job for delayed execution of formula actions.
Cron parameter
jobs.ExecuteDelayedFormulaActionsJob.cron = * */5 * * * ?
Cron trigger, default is every 5 minutes
Activation
jobs.ExecuteDelayedFormulaActionsJob.enabled = [ true | false ]
Switch whether this job is executable.

Reading in data (ETL)

Job for reading in data using an ETL process.
Cron parameter
jobs.ExecuteETLJob.cron = */30 * * * * ?
Cron trigger, default is every 30 seconds
Activation
jobs.ExecuteETLJob.enabled = [ true | false ]
Switch whether this job is executable.

Installation-specific, external jobs

If you want REWOO Scope to run your own scripts or programs at regular intervals, you can create your own cron jobs for this purpose. In the following configuration parameters, appname is generic and can be changed to the name of the program. This allows several external jobs to be created.
jobs.ExternalLauncherJob.appname.cron
Cron expression that specifies the intervals at which the application should run.
jobs.ExternalLauncherJob.appname.enabled = [ true | false ]
Determines whether the application is executed at all.
jobs.ExternalLauncherJob.appname.path
Determines under which path the application to be executed is located. It is the responsibility of the admin to ensure that the application can actually be called.
jobs.ExternalLauncherJob.appname.timeout
The maximum time in milliseconds to wait before firing the started process. This is to prevent an external application from permanently blocking a cron thread.

List all invalid formulas

job to list all formulas whose syntax is incorrect, which contain references to non-existent elements, which contain self-references and which contain references from real elements to templates. Since the consistency of the formulas is checked directly when they are saved, this set should always be empty.
Cron parameter
jobs.FindInvalidFormulasJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.FindInvalidFormulasJob.enabled = [ true | false ]
Switch whether this job is executable.

Recalculating the rights

Job for recalculating the rights. This job is only required as a repair function in the event of problems with the access rights.
Cron parameter
jobs.RebuildAclJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.RebuildAclJob.enabled = [ true | false ]
Switch whether this job is executable.

Rebuilding the search index

Job to rebuild the search index. This operation is very computationally intensive and should not be performed regularly.
Cron parameter
jobs.RebuildSearchIndexJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.RebuildSearchIndexJob.enabled = [ true | false ]
Switch whether this job is executable.

Record Management

Job for the execution of the record management. Rules can be used to configure the time at which the status of certain elements is changed or the values are deleted.
Cron parameter
jobs.RecordManagementJob.cron = 0 0 2 3 * ? *
Cron trigger, default is every third of the month at 2 a.m.
Activation
jobs.RecordManagementJob.enabled = [ true | false ]
Switch whether this job is executable.

Reconstruction of the formula dependencies

Job for rebuilding the formula dependencies. Reference pointers are created for referencing other data fields so that the dependent formulas are also re-evaluated when values are changed. This job is only required as a repair function in the event of problems with updating formula values.
Cron parameter
jobs.RecreateDependenciesJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.RecreateDependenciesJob.enabled = [ true | false ]
Switch whether this job is executable.

Repair of the PREV/NEXT structures

Job for recalculating the PREV/NEXT structures. All formulas that can be found in PrevLinks/NextLinks fields as well as all formulas that depend on them (i.e. in particular also all formulas that use the keywords PREV or NEXT) are re-evaluated. A new version of the form is only created if the evaluation results in a different value. This job is only required if the old calculation algorithm for PrevLinks and NextLinks fields has been manually switched to the new algorithm. Please note that due to the changed evaluation logic, in most cases the previous formulas within the PrevLinks and NextLinks fields must also be adjusted in addition to the recalculation of the PREV/NEXT structures.
Cron parameter
jobs.RecreatePrevNextJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.RecreatePrevNextJob.enabled = [ true | false ]
Switch whether this job is executable.

Re-evaluation of all formulas

Job to re-evaluate all formulas. All formulas are evaluated again, but a new version of the form is only generated if the evaluation results in a different value. This job is only needed as a repair function in the event of problems with updating formula values.
Cron parameter
jobs.ReevaluateDatasheetsJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.ReevaluateDatasheetsJob.enabled = [ true | false ]
Switch whether this job is executable.

Rebuilding the table view cache

Job to rebuild the table view cache.
Cron parameter
jobs.ReInitializeTableViewCacheJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.ReInitializeTableViewCacheJob.enabled = [ true | false ]
Switch whether this job is executable.

Run repair script

Job for repairing the dataset. This option is only required in the rarest of cases. Because damage up to total loss of the data is possible with the script, only scripts certified by REWOO GmbH are permitted here.
Cron parameter
jobs.RepairByScriptJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.RepairByScriptJob.enabled = [ true | false ]
Switch whether this job is executable.

Repair of formulas in default value

Job for repairing formulas that are in the default value of the field. All field references are converted from field ids to field names and back to field ids. This will fix any errors in these references. This job is only needed as a repair function in case of problems with field references in default formulas.
Cron parameter
jobs.RepairDefaultFormulasJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.RepairDefaultFormulasJob.enabled = [ true | false ]
Switch whether this job is executable.

Importing snapshots

Job for importing a snapshot.
Cron parameter
jobs.RestoreSnapshotJob.cron = 
Cron trigger, is not set, because snapshots are usually imported manually.
Activation
jobs.RestoreSnapshotJob.enabled = [ true | false ]
Switch whether this job is executable.

Scanning for malware

Job to start an external malware scanner that scans the stored files for known malware.
Cron parameter
jobs.SearchForMalwareJob.cron = 
Cron trigger, is not set because the scans are started manually
Activation
jobs.SearchForMalwareJob.enabled = [ true | false ]
Switch whether this job is executable.

Indexing of new values

Job for indexing new values and files. These are only indexed after the job has run successfully and can therefore be found via the search.
Cron parameter
jobs.UpdateIndexJob.cron = */10 * * * * ?
Cron trigger, default is every 10 seconds.
Activation
jobs.UpdateIndexJob.enabled = [ true | false ]
Switch whether this job is executable.

Updating formulas with date dependency

Job for re-evaluating formulas with date dependency (see TODAY, PERIODIC, SMA)
Cron parameter
jobs.UpdateDayClockChangeDependenciesJob.cron = 0 0 1 * * ? *
Cron trigger, default is every night at 1 o'clock server time
Activation
jobs.UpdateDayClockChangeDependenciesJob.enabled = [ true | false ]
Switch whether this job is executable.

Updating formulas with time dependency

Job for re-evaluating formulas with time dependency (see NOW)
Cron parameter
jobs.UpdateIntradayClockChangeDependenciesJob.cron = 
Cron trigger
Activation
jobs.UpdateIntradayClockChangeDependenciesJob.enabled = [ true | false ]
Switch whether this job is executable.

Checking the files

Job to verify that all files are unchanged.
Cron parameter
jobs.ValidateChecksumsJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.ValidateChecksumsJob.enabled = [ true | false ]
Switch whether this job is executable.

Exporting the data as XML

Job to export all types, layouts, elements, form values, table views and gantts as an XML file, which is packed into a zml archive together with the files. See also the job "Import XML data".
Cron parameter
jobs.XmlExportJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.XmlExportJob.enabled = [ true | false ]
Switch whether this job is executable.

Import XML data

Job to import types, layouts, elements, datasheet values, portfolios and gantts from an XML file, and files from a zml archive. See also the job "Export files as XML".
Cron parameter
jobs.XmlImportJob.cron = 
Cron trigger, not needed, because only started manually
Activation
jobs.XmlImportJob.enabled = [ true | false ]
Switch whether this job is executable.

LDAP and AD

Procedure

To include users managed in an LDAP in REWOO Scope, proceed as follows:
  1. Customize LDAP
  2. Configure REWOO Scope
  3. Select user from LDAP and assign login point

Configuration of OpenLDAP

Include REWOO schema
REWOO Software GmbH has developed its own schema for OpenLDAP, which is based on object classes of very frequently used standard schemas. That is, it extends the object classes and/or schemas:

  • cosine
  • inetOrgPerson
  • person
  • posixAccount
The schema does not introduce any new attributes. Instead, some attributes that we need for REWOO Scope are changed from MAY to MUST.

slapd.conf
To include the additional schema, the configuration of the OpenLDAP server must be adapted. The file rewoo.schema must be copied into the directory for the schema files and then added to slapd.conf. Add this to the list of include lines: include /etc/ldap/schema/rewoo.schema.
This might then look something like the following:

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/rewoo.schema
Then restart slapd and check the logfile for possible errors.
slapd.d 

In more recent OpenLDAP versions, the concept of the slapd.conf file has been abandoned in favor of an LDIF structure in /etc/ldap/slapd.d. This means that the slapd is no longer set via a single configuration file, but via LDIF files. This means that slapd is no longer set via a single configuration file, but via LDIF files. The advantage is that changes to the configuration can be made on the fly without restarting slapd.
If you are running an OpenLDAP server with LDIF configuration, please use the file rewoo.ldif, adapt it to your environment (this concerns especially the order in which the schema should be included, probably has to be adapted) and then load it into slapd, e.g. with ldapadd.

Set up user
As soon as the slapd is available again, you can edit users who should be able to use REWOO Scope. Add the object class rewooUser as a new attribute to the affected users. Make sure that the uid, userPassword and displayName attributes are set before saving the change. Otherwise, the save will fail.

Configuration of Active Directory service

For Active Directory, we recommend setting up a new group. As AD administrator, set up a new user group, e.g. RewooUser. Add all users who will use REWOO Scope as members of the RewooUser group.

Configuring REWOO Scope for a Directory Service

To configure REWOO Scope for use with a directory service, log in as an administrator. Switch to the configuration page. Most of the parameters you need to set up an LDAP-based directory service are already prepared with dummy entries. Since the setup is slightly different when using OpenLDAP and Active Directory Service, both services will be discussed separately in the following.

Use the edit link to set all values as required in your environment. The values are valid or active as soon as you have set them. Therefore, set the value for ldap.enabled to true only at the very end.

Configuring REWOO Scope for OpenLDAP

To use an OpenLDAP as a directory service, please look for the configuration parameters that start with ldap. In the following, the parameters important for OpenLDAP and their meaning are listed.
Display name
ldap.attribute.displayName = displayName
Attribute containing the string to be displayed instead of the login name.
Email
ldap.attribute.email = <mail>
Attribute containing the email address of the user
Login name
ldap.attribute.username = uid
Attribute that contains the login name; identical to the name that the user specifies for login
LDAP activation
ldap.enabled = [ true | false ]
switches authentication via LDAP on or off; if LDAP is to be used, set this value to true
Active Directory
ldap.isAD = [ true | false ]
switches between ActiveDirectory or LDAP; for OpenLDAP the switch remains false
LDAP authentication only
ldap.only = [ true | false ]
this parameter toggles between LDAP-only authentication and mixed authentication. With pure LDAP authentication, only the LDAP is used for authentication. The REWOO database is then not used for authentication. Only applies to users with the Standard and Concurrent roles.
LDAP branch
ldap.search.base = ou=people,dc=rewoo,dc=lan
the branch in LDAP under which to search for possible users; set this value to the branch where the users are located in your LDAP - check with your LDAP administrator, e.g. ou=people,dc=firma,dc=com
Search filter
ldap.search.filter = (&(objectClass=inetOrgPerson)(objectClass=RewooUser))
sets the filter to limit the result set; ask your LDAP administrator to which object classes the REWOO users belong; the syntax corresponds to the one defined in RFC 4515
Users for the search
ldap.search.user = (leer)
Distinguish Name (DN) of the user who is allowed to search the LDAP, e.g. cn=search.user,dc=firma,dc=com; this is only needed if an LDAP is not allowed to be searched anonymously.
Password
ldap.search.password = ****
sets the password for the search user; this is only needed if the LDAP may not be searched anonymously
Forwarding
ldap.search.referral = [ follow | ignore | throw ]
Configuration of forwarding to other LDAP servers
Search scope
ldap.search.scope = [ baseObject | oneLevel | wholeSubtree ]
Configuration of the search scope
URL
ldap.server.url = ldap://localhost
Host name of the server on which the LDAP service is running, for example, ldap://ldap.example.com.
Multiple servers can be specified separated by spaces.
The specification of a port is optional and is set with a colon after the server name, for example, ldap://ldap.example.com:389.
To use a secure connection, you can switch to the ldaps:// protocol.
TLS
ldap.server.useTLS = [ true | false ]
Turns TLS on or off.
Paging
ldap.paging.enabled = [ true | false ]
Turns paging of search results on or off. This makes it possible to get a larger set of search results than the maximum size of a single page allows. Please note that your LDAP server must support RFC 2696 for this.
Page size
ldap.paging.size = 500
Specifies the maximum number of entries a page can contain. This switch only has an effect if ldap.paging.enabled has been set. Please note that the limit must not be set higher than the LDAP server settings generally allow.

Configuring REWOO Scope for Active Directory

To use an Active Directory to authenticate users, basically the same settings must be made as for an OpenLDAP. The difference is that an Active Directory may not be searched anonymously and must therefore always be preceded by a successful login.
In addition, the logon to the service is not done via the distinguished name of the user object, but as one would log on under Windows with domain username. Therefore, there are some additional switches and settings that have to be set for a login via an Active Directory.
Display name
ldap.attribute.displayName = <displayName>
this value is used to display the full name of the user instead of the login name
Email
ldap.attribute.email = <mail>
This attribute is used to set or read the email address of the user.
Login name
ldap.attribute.username = uid
For an ActiveDirectory, please set this value to sAMAccountName.
Windows domain
ldap.domain = test,rewoo
Set here the name of the (Windows) domain in which the users are located. Multiple domains are separated by commas.
AD Activation
ldap.enabled = [false | true]
Enables or disables authentication via an AD; if AD is to be used, set this value to true.
Active Directory
ldap.isAD = [false | true]
set this value to true; activates a dropdown menu in the logon screen where the user can/must select the domain he wants to log on to
LDAP authentication only
ldap.only = [true | false]
causes that users of the roles Standard and Concurrent can only log on via AD
AD branch g
ldap.search.base = cn=Users,dc=<prefix>,dc=<firma>,dc=<domain>
set here the branch under which the users are stored. Adapt <prefix>, <comapny> and <domain> to your environment, e.g. cn=Users,dc=dev,dc=rewoo,dc=com
Search filter
ldap.search.filter = (&(objectClass=organizationalPerson)(objectClass=user)
(memberOf=cn=rewooUser,cn=Users,dc=<prefix>,dc=<firma>,dc=<domain>))
match <prefix>, <comapny> and <domain> to your environment, e.g.: (&(objectClass=organizationalPerson)(objectClass=user) (memberOf=cn=rewooUser,cn=Users,dc=dev,dc=rewoo,dc=com)); if you have created a different group for rewoo users than suggested above, please use that group in place of rewooUser
Users for the search
ldap.search.user = 
setzen Sie hier den Benutzer ein, der das AD durchsuchen darf; wenn sich Benutzer aus verschiedenen Domänen einloggen können sollen, dann sollte der Search-User alle Domänen durchsuchen können dürfen, z. B. dev/search
Password
ldap.search.password = ****
Password of the user to be used to browse the AD
Forwarding
ldap.search.referral = [follow | ignore | throw]
Configuration of forwarding to other LDAP servers
Search scope
ldap.search.scope = [baseObject | oneLevel | wholeSubtree]
Configuration of the search scope
URL
ldap.server.url = ldap://localhost
Host name of the server on which the Active Directory is running, e.g. ldap://directory.ka.rewoo.com
multiple servers can be specified separated by spaces
an optional specification of the port is possible, e.g. ldap://ldap.example.com:389
to use a secure connection, you can switch to the protocol ldaps://.
TLS
ldap.server.useTLS = [ true | false ]
Turns TLS on or off.
Paging
ldap.paging.enabled = [ true | false ]
Turns paging of search results on or off. This makes it possible to get a larger set of search results than the maximum size of a single page allows.
Page size
ldap.paging.size = 500
Specifies the maximum number of entries a page can contain. This switch only has an effect if ldap.paging.enabled has been set. Please note that the limit must not be set higher than the AD server settings generally allow.

Use the edit link to set all values according to your environment. All values are active as soon as you have pressed Save/Save in the edit dialog. Therefore set the value for ldap.enabled to true last.

Security

There are two ways to secure the communication between REWOO Scope and the LDAP service.

Either enable the switch ldap.server.useTLS to use TLS.

Or use the ldaps:// protocol when specifying the server URL, so that SSL is used for the connection. To establish the SSL connection, we need a trust store, which we specify when we start the Scope server. Java comes with a tool called keytool to manage such trust stores. In the following commands, the filenames and passwords are just placeholders.

If the certificate is not known, it can be queried with the following command:

openssl s_client -showcerts -connect ldap.customer.com:636

The key is PEM encoded between the first tags -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. Save this key with the tags in a text file, e.g. customerCA.cert.

The trust store is created with the following command:

keytool -import -file /home/rewoo/customerCA.cert -alias customerCA -keystore /home/rewoo/customerTrustStore

Secure the trust store with a password:

keytool -storepasswd -new new_storepass -keystore /home/rewoo/customerTrustStore

The following parameters must be added to the start script of the Scope server:

-Djavax.net.ssl.trustStore=/home/rewoo/customerTrustStore -Djava.net.ssl.trustStorePassword=new_storepass

To activate the changes, the Scope server must be restarted.

SAML2 configuration

Strict testing
saml2.strict = [ true | false ]
If this switch is on, unsigned or unencrypted messages are rejected if signed or encrypted messages are enabled in the settings. In production systems, this switch should always be on.
Debug
saml2.debug = [ true | false ]
A switch to write errors to the log.
Username
saml2.attribute.username = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
The name of the attribute that contains the username. If this parameter is set to "NameID", the attribute "NameID" is read instead of a normal attribute, which is a child element of the "Subject" tag in the SAML response.

Service Provider

ID
saml2.sp.entityid = urn:scope.rewoo.com
Id of the service provider (must be a URI)
Service URL
saml2.sp.assertion_consumer_service.url = /auth/signInSaml2
relative URL to which the IdP sends the response
Service Binding
saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
SAML protocol binding for the IdP response. Currently we only support HTTP POST
Logout response URL
saml2.sp.single_logout_service.url = /auth/signOut
Relative URL to be called by the IdP after logout.
Logout Binding
saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
SAML protocol binding for the IdP logout message. Currently we only support HTTP redirect
Namensformat
saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Format of the name used to identify the user. Possible formats:
  • urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
  • urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
  • urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
  • urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
  • urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
  • urn:oasis:names:tc:SAML:2.0:nameid-format:entity
  • urn:oasis:names:tc:SAML:2.0:nameid-format:transient
  • urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  • urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted
x509 Certificate
saml2.sp.x509cert = -----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----
Certificate of the service provider
new x509 Certificate
saml2.sp.x509certNew = -----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----
Future certificate of the service provider, to be used during key exchange
Private Key in format PKCS#8
saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----
Private Key des Service Providers

Identity Provider

ID
saml2.idp.entityid = 
Id of the Identity Provider
SSO URL
saml2.idp.single_sign_on_service.url = 
URL to which the authentication request is sent
SSO Binding
saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
SAML protocol binding used for the request. Currently we only support HTTP redirect.
Logout request URL
saml2.idp.single_logout_service.url = 
Logout request URL
Logout response URL
saml2.idp.single_logout_service.response.url = 
Optional URL for the logout response of the SP to the IdP. If this URL is not specified, saml2.idp.single_logout_service.url is used.
Logout Binding
saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
SAML protocol binding used for logout. Currently we only support HTTP redirect.
x509 Certificate
saml2.idp.x509cert = -----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----
Certificate of the Identity Provider
Fingerprint of the certificate
saml2.idp.certfingerprint = 
Fingerprint algorithm
saml2.idp.certfingerprint_algorithm = [ sha1 | sha256 | sha384 | sha512 ]

Security

Encrypted name
saml2.security.nameid_encrypted = [ true | false ]
Switch whether the name is sent encrypted by the SP.
saml2.security.want_nameid_encrypted = [ true | false ]
Switch whether the name is sent encrypted by the IdP.
Signed authentication request
saml2.security.authnrequest_signed = [ true | false ]
Switch whether the authentication request is signed by the SP.
Signed logout request
saml2.security.logoutrequest_signed = [ true | false ]
Switch whether the logout request is signed by the SP.
Signed logout response
saml2.security.logoutresponse_signed = [ true | false ]
Switch whether the logout response is signed by the SP.
Signed data from IdP
saml2.security.want_messages_signed = [ true | false ]
Switch whether the SP expects the data received from the IdP to be signed.
Signed assertions from IdP
saml2.security.want_assertions_signed = [ true | false ]
Switch whether the SP expects the assertions received from the IdP to be signed.
Encrypted assertions
saml2.security.want_assertions_encrypted = [ true | false ]
Switch whether the SP expects the assertions received from the IdP to be encrypted.
Signed meta data
saml2.security.sign_metadata = 
Switch whether the metadata of the SP should be signed
Authentication context
saml2.security.requested_authncontext = urn:oasis:names:tc:SAML:2.0:ac:classes:Password
Multiple values can be specified separated by commas.
  • urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
  • urn:oasis:names:tc:SAML:2.0:ac:classes:Password
  • urn:oasis:names:tc:SAML:2.0:ac:classes:X509
  • urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard
  • urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos
Authentication comparison
saml2.security.requested_authncontextcomparison = exact
  • exact
  • minimum
  • maximum
  • better
XML validation
saml2.security.want_xml_validation = [ true | false ]
Switch whether the SP should validate all received XML.
Signature algorithm
saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Possible values:
  • http://www.w3.org/2000/09/xmldsig#rsa-sha1
  • http://www.w3.org/2000/09/xmldsig#dsa-sha1
  • http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
  • http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
  • http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
Digest algorithm
saml2.security.digest_algorithm = http://www.w3.org/2001/04/xmlenc#sha256
Possible values:
  • http://www.w3.org/2000/09/xmldsig#sha1
  • http://www.w3.org/2001/04/xmlenc#sha256
  • http://www.w3.org/2001/04/xmldsig-more#sha384
  • http://www.w3.org/2001/04/xmlenc#sha512
Handling old algorithms
saml2.security.reject_deprecated_alg = [ true | false ]
Switch whether old algorithms (sha1) should be rejected.
Trim names
saml2.parsing.trim_name_ids = [ true | false ]
Switch whether to trim name IDs when parsing (against the SAML specification).
Trim attribute values
saml2.parsing.trim_attribute_values = [ true | false ]
Switch whether to trim attribute values when parsing (against the SAML specification).

Organization

Name
saml2.organization.name = REWOO Software GmbH
Display name
saml2.organization.displayname = REWOO Scope
URL
saml2.organization.url = https://rewoo.de
Language
saml2.organization.lang = en_US

Contact

Technical contact
saml2.contacts.technical.given_name = REWOO Administrator
Email of the technical contact
saml2.contacts.technical.email_address = administration@rewoo.com
Application support
saml2.contacts.support.given_name = REWOO Support
E-Mail of the application support
saml2.contacts.support.email_address = support@rewoo.com

globaler Code

Global CSS definition for the HTML client
mobile.global.css = 
This parameter can be used to specify additional CSS definitions for the HTML client that apply globally. This code is loaded after the default CSS files (Bootstrap framework and Scope specific customizations) but before datasheet specific CSS. This makes it possible to customize the HTML client to match the style of your own corporate design.
Global javascript for the HTML client
mobile.global.javascript = 
This parameter can be used to set global javascript for the HTML client.
Global meta tags for the HTML client
mobile.global.meta = 
This parameter can be used to set global meta tags for the HTML client.
Global CSS definition for calendars
mobile.calendar.css = 
This parameter can be used to set CSS definition for calendars.
Global javascript for calendars
mobile.calendar.javascript = 
This parameter can be used to set javascript for caledars.
Global CSS definition for Kanban boards
mobile.kanban.css = 
This parameter can be used to set CSS definition for Kanban boards.
Global javascript for Kanban boards
mobile.kanban.javascript = 
This parameter can be used to set javascript for Kanban boards.
Global CSS definition for table views
mobile.tableview.css = 
This parameter can be used to set CSS definition for table views.
Global javascript for table views
mobile.tableview.javascript = 
This parameter can be used to set javascript for table views.
Global CSS definition for task views
mobile.taskview.css = 
This parameter can be used to set CSS definition for task views.
Global javascript for task views
mobile.taskview.javascript = 
This parameter can be used to set javascript for task views.

Client configuration

Element grouping in navigation
visualization.clusterByType = 15
If the number of objects, processes or aspects of the same type is greater than the specified value, the elements are grouped.
Object grouping
visualization.cluster.objects = 15
If the number of objects of the same type is greater than the specified value, the elements are grouped. These settings override the value specified in visualization.clusterByType for this particular case.
Object aspect grouping
visualization.cluster.objectAspects = 15
If the number of aspects of the same type below objects is greater than the specified value, the elements are grouped. These settings override the value specified in visualization.clusterByType for this particular case.
Process grouping
visualization.cluster.processes = 15
If the number of processes of the same type is greater than the specified value, the elements are grouped. These settings override the value specified in visualization.clusterByType for this particular case.
Process aspect grouping
visualization.cluster.processAspects = 15
If the number of aspects of the same type below processes is greater than the specified value, the elements are grouped. These settings override the value specified in visualization.clusterByType for this particular case.
Display the editor name
user.versionAuthor.visible = [ true | false ]
This parameter can be used to set whether the name of the authors/editors is displayed in the version history below the datasheet or in the value history widget or remains hidden.
Default screen size in layout designer
mobile.designer.layout.screenSize = [ sm | md | lg | xl | xxl ]
This parameter specifies the screen size that is displayed when the layout designer is opened.
Style of the main menu
mobile.menu.style = [ labels | icons | hidden ]
If the switch is set to labels, the sandwich button is only displayed when the screen size falls below a certain value; otherwise the menu is permanently visible with icons and labels. If this option is set to icons the menu is permanently visible showing only the icons. If this option is set to hidden, the menu in the HTML client is collapsed by default and can only be opened using the sandwich button.
Tab switch behavior
datasheet.onTabSwitch = [ discard | save ]
This switch selects the strategy of what happens when values on the form have been changed and the user switches tabs.
Value check during loading
datasheet.validate.onLoad.enabled = [ true | false ]
If this switch is set to true, the values are checked after loading the datasheet, e.g. whether mandatory fields are filled in.
Warning for empty required fields
datasheet.validate.requiredWarning.enabled = [ true | false ]
If this switch is set to true, an error text will be shown for required fields that have not been filled in, otherwise these fields will only be outlined in red.
Behavior when clicking on FileLinks entries
datasheet.fileLinks.downloadOnClick = [ false | true ]
By default, clicking the name of a file stored in REWOO Scope will open the preview (if it is available for the file format). In order to be able to download the file, a download icon is also displayed to the left of the file name. If, on the other hand, the parameter is set to true, the file is downloaded when the file name is clicked. To open the preview, a button in the form of an eye symbol is then available to the left of the file name.
visible buttons of WYSIWYG editors
datasheet.richtext.buttons = Undo,Redo,Bold,Italic,Underline,NumberedList,BulletedList,Outdent,Indent,JustifyLeft,JustifyCenter,JustifyRight,JustifyBlock,FontSize,TextColor
List of buttons of WYSIWYG editors in the application. Settings to RichText entries override this list. Possible buttons are: Cut, Copy, Paste, Undo, Redo, Bold, Italic, Underline, Strike, Subscript, Superscript, NumberedList, BulletedList, Outdent, Indent, JustifyLeft, JustifyCenter, JustifyRight, JustifyBlock, Font, FontSize, TextColor, BGColor, Format, Source, About
Resizable WYSIWYG editors
datasheet.richtext.resizable = [ false | true ]
Determines whether WYSIWYG editors can be resized. Settings on RichText entries override this switch.
Demand when signatures become invalid
datasheet.signature.forceInvalidationOnValueChange = [ false | true ]
If the switch is set to false and value changes invalidate signatures, a dialog appears asking if the user wants to continue.
Position of controls for table fields in HTML client
datasheet.table.buttonPosition = [ left | right ]
By default, the plus and minus buttons are displayed on the right side of each table row. If the value is set to left, both buttons on the left side are rendered mirror-inverted (i.e. first the plus, then the minus button).
Breadcrumb above the datasheet
datasheet.breadcrumb.enabled = [ false | true ]
Determines whether a breadcrumb is displayed above the datasheet. Since all datasheets are hooked into a tree structure, the breadcrumb shows all parent elements.
Visibility of datasheet information
datasheet.footer.enabled = [ false | true ]
Determines whether information such as the version timestamp, the author of the last change, and the status is displayed below the datasheet.
Position of the quick save pop-up
datasheet.quickOperationsPopup.position = [ disabled | topLeft | center | bottomLeft | bottomRight ]
If the user has made changes on the current datasheet and scrolled down a little, a small pop-up is displayed at the configured position, which can be used to save or discard the changes.
Size of the quick save pop-up
datasheet.quickOperationsPopup.size = [ small | standard | large ]
This parameter defines the size of the pop-up.
Y-Offset for the quick save pop-up
datasheet.quickOperationsPopup.yOffset = 250
This parameter defines how many pixels the user has to scroll down until the quick save pop-up appears. 0 means the pop-up is always visible.
Show mail button for table views
tableview.mailButton.enabled = [ false | true ]
If a table view with selectable rows contains a column of the type Email, then after setting this option a "Send Mail" button will automatically appear when opening the table view. If the user now selects one or more rows and clicks on the button, a new mail will open in the user's default email client with the selected addresses as recipients. Attention: if there is more than one email column in the table view, the leftmost column of the definition will be selected.
Page size of the table view
tableview.pagingSize = 50
Number of rows that are displayed on one page of a table view. If the number of rows of a table view exceeds the value entered here, another page is created, which the user can reach via the navigation bar of the table view.
User-specific filters for table views
tableview.filter.storable = [ false | true ]
This switch enables the users to save filter settings for table views.
Number of visible filter columns
tableview.filter.maxInitialColumns = 5
If the table view is unfiltered, filter entries are displayed in the filter dialog for the n columns from the left table border.
Size of thumbnails in table views
tableview.imageSize = 60
Maximum width and height of thumbnails in pixels, if a Image entry is used as column in the table view.
Expanded groups in the list of table views
tableview.groups.expand = [ none | first | all ]
Determines which groups are expanded after loading the list of table views.
Default color of bars in graphs above a table view
tableview.chart.defaultColor = #0069c0
This color is the default color for bars in a chart above a table view.
Default colors of segmented bars in graphs above a table view
tableview.chart.defaultColors = #2196F3,#ff9800,#4caf50,#f44336,#9c27b0,#795548,#6ec6ff,#ffc947,#80e27e,#ff7961,#d05ce3,#a98274,#0069c0,#c66900,#087f23,#ba000d,#6a0080,#4b2c20
This list of colors is used for bars in a chart above a table view when these bars are segmented. The values are sorted and the colors are assigned accordingly in the specified order. If too few colors are defined, the list is started again from the beginning.
Color for bars without value in graphs above a table view
tableview.chart.emptyColor = #707070
This color is used for bars without value in a chart above a table view.
red color for traffic lights in graphs above a table view
tableview.chart.redColor = #cc2828
This red is used for TrafficLights and Conditions in a chart above a table view.
yellow color for traffic lights in graphs above a table view
tableview.chart.yellowColor = #ffc400
This yellow is used for TrafficLights and Conditions in a chart above a table view.
green color for traffic lights in graphs above a table view
tableview.chart.greenColor = #53ba50
This green is used for TrafficLights and Conditions in a chart above a table view.
Bulk changes of date values in table views
tableview.bulkChange.date = [ input | offset ]
With input a fixed date is set for all selected rows, with offset all date values are shifted by the specified time span. To enable bulk changes in a table view, the access right of the corresponding column must be set to bulk change and the 'Rows selectable' option must be enabled.
Standard color in calendar
calendar.defaultColor = #ff7961
This color is the default color for appointments in a calendar.
Category colors in calendar
calendar.colors = #6ec6ff,#ffc947,#80e27e,#ff7961,#d05ce3,#a98274,#2196F3,#ff9800,#4caf50,#f44336,#9c27b0,#795548
This list of colors is used for the categories in calendars. The categories are sorted alphabetically and the colors are assigned accordingly in the given order. If too few colors are specified, the list is started again from the beginning.
Color for dates without category
calendar.emptyColor = #cccccc
This color is used for appointments without category.
Type of HTML navigation view
mobile.navigator.style = [ finder | legacy ]
The setting finder activates a display of the hierarchy in lists like it is used in the Finder of macOS. With legacy you get the old navigator which only shows the current level and the path.
Behavior when clicking a link in HTML navigation
mobile.navigator.elementLinkOpensDatasheet = [ false | true ]
Determines whether the corresponding data sheet should be opened when an element is clicked in the legacy navigator of the HTML view (value "true") or whether the child elements should be displayed in this case (value "false"). Please note that even if this option is set, the data sheet is only actually displayed if it contains form fields that are to be displayed. If the datasheet is completely empty, no white datasheet will be displayed, but instead it will automatically scroll to the overview of the child elements.
Visible status in the navigator
mobile.navigator.visibleStates = IN_PLANNING,ACTIVE,ON_HOLD,CLOSED
List of statuses that are visible in the HTML navigator for normal users.
Usage of pdf.js
mobile.lightbox.forcePDFJS = [ false | true ]
Specifies whether to force the use of pdf.js or to use the browser's own PDF renderer if it is available.
Follow-up action if no rights exist
mobile.noRights.redirect = [ home | navigator | search | tables ]
This switch determines which view the user is redirected to when he calls up a data sheet but does not have permission to do so.
Follow-up action after own rights removal
datasheet.connectionButton.noRights = [ ask | redirect ]
This switch determines what happens if the user removes the rights to the current datasheet from himself with a ConnectionButton. Either a dialog appears explaining the situation and offering the redirects as buttons, or the user is redirected directly.
List of page sizes of the account list
account.list.lengthMenu = [10,25,50,100]
This list is offered to the user as a dropdown.
Initial page size of the account list
account.list.pageLength = 10
This size of the account list is used when it is opened for the first time. The user can change the table via the size menu.

System configuration

Timeout
loginTimeout = 1800
Time in seconds until the user is logged out due to inactivity.
Bookmarks
feature.bookmarks.enabled = [ true | false ]
Switch whether the creation of bookmarks is available.
Calendar
feature.calendar.enabled = [ true | false ]
Switch whether calendars are available.
Image editor
feature.imageEditor.enabled = [ false | true ]
Switch whether the image editor is available.
Kanban
feature.kanban.enabled = [ true | false ]
Switch whether kanban boards are available.
Meetings
feature.meetings.enabled = [ true | false ]
Switch whether video meetings are available.
Messages
feature.messages.enabled = [ true | false ]
Switch whether the Scope message system is available. If the message system is switched off, the corresponding program parts such as Inbox and Configuration are hidden.
Multitenancy
feature.multitenancy.enabled = [ true | false ]
Switch whether multitenancy is available.
SAML2
feature.saml2.enabled = [ true | false ]
Switch whether Saml2 is available as authentication method.
TaskView
feature.taskView.enabled = [ true | false ]
Switch whether task views are available.
OCR
feature.ocr.enabled = [ true | false ]
Switch whether optical character recognition (OCR) is available.
Mute Messages
message.mute = [ true | false ]
Switch to globally enable or disable the sending of scope messages.
Mute messages about status changes
message.stateChange.mute = [ true | false ]
Switch to globally enable or disable the messages about status changes. These messages have a noticeable impact on runtime. It is better to use Condition entries, a status condition and the system action MESSAGE to generate messages about status changes where they are of interest.
Storage directory
file.storagedir = /home/rewoo/rewoo-admin/storage/rewoo
Absolute path to the REWOO Scope storage directory for the files, preview files, PDFs, search index, ETL scripts and ETL files.
Path of the tool ocrmypdf
file.ocrmypdf.path = 
Absolute path to the executable ocrmypdf to perform OCR for PDF files and images.
Accepted file formats for OCR
file.ocrmypdf.acceptedInput = pdf,jpg,png
Comma separated list of file formats accepted for OCR.
Timeout for ocrmypdf
file.ocrmypdf.timeout = 20
Timeout in seconds for the tool ocrmypdf.
Maximum file size
file.maxSizeInMB = 100
Sets the maximum size in megabytes that a single file can have in file fields (FileLinks, Image, SpreadsheetFile). When trying to upload larger files, an error message is displayed to the user and the respective file is not uploaded. The limit does not apply to FileLinks entries as a whole, but only to individual files.
Maximum file size for drag'n'drop
file.maxDragNDropSizeInMB = 10
Sets the maximum size in megabytes for drag'n'drop actions in the web interface. The value refers to the total size of the files. Attention, limitations of the used browser still apply.
Hash algorithm for file checksums
file.hash.algorithm = [ MD2 | MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 | SHA3_224 | SHA3_256 | SHA3_384 | SHA3_512 ]
A checksum is calculated for each file stored in Scope in order to be able to check the integrity of the file at a later time. Several hash algorithms are available for this purpose. We recommend at least SHA256. To use the SHA3 algorithms, at least Java 9 must be used.
Algorithm for mail merge
output.mailmerge.method = [ auto | new ]
The new algorithm supports printing Table and Image and is faster for high volume printing, but it does not support placeholders in headers and footers. In the "auto" setting, the new algorithm is taken only if placeholders for Table or Image are included in the template.
Attribute for login
auth.login.type = [ username | email ]
This switch specifies whether users log in with their name or with their email address.
Direct access to administrative functions
auth.directAdmin.enabled = [ false | true ]
This switch specifies whether accounts of type Power or Admin have direct access to the administrative functions Designer, Account Management and Admin Panel, or whether this access must first be enabled for the current session. If direct access is disabled, the application looks like it does for normal users.
Language on login page
auth.ignoreRequestLocale = [ false | true ]
This switch specifies whether or not the language setting supplied by the browser should be respected on the login screen. If it is ignored, the setting in defaultUserLocale applies.
Duration of password check
auth.constLoginTimeInMs = 300
The password verification time is artificially extended to this duration to make attacks more difficult.
Length of generated passwords
auth.password.generate.length = 16
The length of passwords that are automatically generated: in the settings, when creating new accounts, when the user requests a new password, or when the administrator resets the accounts' passwords (always assuming that the accounts do not authenticate via AD, LDAP, or SAML).
Minimum password length
auth.password.minLength = 8
The minimum length of passwords that the user can set.
secure switch of the session cookie
auth.sessionCookie.secure = [ false | true ]
When the user has successfully logged in, a session cookie is set. This switch determines whether the cookie should only be transferred for encrypted https connections (true) or always (false). This switch should be set to true to prevent man-in-the-middle attacks.
httpOnly switch of the session cookie
auth.password.httpOnly = [ false | true ]
When the user has successfully logged in, a session cookie is set. This switch determines whether the cookie can be read via Javascript (false) or not (true). This switch should be set to true to prevent cross-site scripting (XSS) attacks.
sameSite switch of the session cookie
auth.password.sameSite = [ STRICT | LAX | NONE ]
When the user has successfully logged in, a session cookie is set. This switch determines whether the cookie should be transferred exclusively to the server that generated the cookie (STRICT), whether the cookie should also be transferred when navigating links (LAX), or whether there are no restrictions on cross-site requests (NONE). This switch should be set to STRICT to ensure maximum security of user sessions.
Name of the session cookie
auth.sessionCookie.name = JSESSIONID
Switch for two-factor authentication
auth.mfa.enabled = [ true | false ]
This switch can be used to disable two-factor authentication for all users.
Length of the two-factor authentication secret
auth.mfa.secret.length = 54
With two-factor authentication, the server and an app on a user's mobile device share a secret. With the current time and this secret, both sides can calculate the currently valid one-time password.
Note: Some apps like Google Authenticator do not respect this setting. A different value should only be used if it is ensured that all users use apps that can handle it (e.g. freeOTP or andOTP).
Length of the one-time password
auth.mfa.code.digits = 6
The number of digits of the one-time password.
Attention: If this setting is changed, all activated two-factor authentications will no longer work and must be renewed!
Note: Some apps like Google Authenticator do not respect this setting. A different value should only be used if it is ensured that all users use apps that can handle it (e.g. freeOTP or andOTP).
Validity period of the one-time password
auth.mfa.code.period = 60
The time in seconds that the one-time password is valid.
Attention: If this setting is changed, all activated two-factor authentications will no longer work and must be renewed!
Note: Some apps like Google Authenticator do not respect this setting. A different value should only be used if it is ensured that all users use apps that can handle it (e.g. freeOTP or andOTP).
The hash algorithm of two-factor authentication
auth.mfa.code.hash = [ SHA1 | SHA256 | SHA512 ]
With two-factor authentication, the server and an app on a user's mobile device share a secret. With the current time and this secret, both sides can calculate the currently valid one-time password.
Attention: If this setting is changed, all activated two-factor authentications will no longer work and must be renewed!
Note: Some apps like Google Authenticator do not respect this setting. A different value should only be used if it is ensured that all users use apps that can handle it (e.g. freeOTP or andOTP).
Forwarding destination without session
auth.redirect = [ basic | saml ]
If the user does not have a valid session, he will be redirected either to the login screen or to the SAML login.
Account creation
account.creation.authorizedRoles = ADMIN,POWER
The roles specified here are allowed to create new accounts based on a user template. Possible roles are ADMIN, POWER, CONCURRENT and STANDARD.
Login Nodes
account.login.onlyObjectNodes = [ true | false ]
This switch specifies whether login nodes may only occur below objects or everywhere.
Coupling account and node status
account.stateFollowsLoginState.enabled = [ true | false ]
When the login node changes state, the account associated with it follows. If the node becomes active or inactive, the account is also activated or deactivated. If the node is closed, archived or discarded, the account is terminated and can no longer be used.
Task list size per user
user.taskList.size = 500
All long-running actions by CopyButtons or ActionButtons are started as an asynchronous task. This parameter controls the size of the list, which includes processed tasks.
Antivirus scanner
clamav.bin = /usr/bin/clamscan
Absolute path to the malware scanner ClamAV.
Bidirectional Prev/Next
datasheet.bidirectional_prev_next.enabled = [ true | false ]
Switch for automatic linking of PrevLinks and NextLinks entries, so that adding or deleting links on one side leads to automatic adjustment on the opposite side. For internal system reasons, the option may only be set with the previous, static calculation of the predecessor and successor nodes. The configuration parameter described under Algorithm for determining predecessor and successor nodes must therefore be set to false when used.
Algorithm for determining predecessor and successor nodes
datasheet.legacy_prev_next.enabled = [ true | false ]
Since version 10.7.2 two different variants are available to fill the PrevLinks and NextLinks entries. With the previous variant (=true) PrevLinks and NextLinks entries must be filled with explicitly named target nodes. It is thus not possible, for example, to refer to another ElementLinks entry, which in turn then defines the actual target nodes. The new algorithm (=false) can handle such calculated targets. However, it may only be used if the option described in Bidirectional Prev/Next has been turned off.
Note: For existing installations that already use PrevLinks or NextLinks entries, the old algorithm will continue to be used for compatibility reasons. If you want to switch to the new mechanism, it is not sufficient to set this flag to false. Instead, the internal structures of the PrevLinks and NextLinks must be redetermined. This is done using the repair function provided specifically for this purpose.
URL for pre-modeled solutions
import.solutions.url = https://trial.rewoo.net/solutions/solutions.xml
Internet address for the list of pre-modeled solutions. The preassignment points to the list of solutions provided by REWOO Software GmbH.
Path of the debug script
logs.debugScript = /home/rewoo/rewoo/scripts/debug.sh
Absolute path to the script that can be used to create a debug package via the admin panel.
Page size of log view
logs.pageSize = 200
Number of lines to load from a log file at once.
Name of the software
app.displayName = REWOO Scope
The name configured here is used everywhere to name the software.
External URL
app.publicUrl = https://rewoo.de/rewoo
URL through which the application can be reached via the Internet. This url is used, for example, for WebDAV links in the application or for links in emails.
app.logo.path = 
Absolute path to an image file in PNG format with maximum 240x240 pixels to be used as logo. If no file is specified, the Scope logo is used.
Maximum width of the logo
app.logo.maxWidth = 250
If the image is wider than the width specified here, the image is reduced in size while maintaining the aspect ratio. If the image is narrower, it is not enlarged. The default setting is 250 pixels.
Maximum height of the logo
app.logo.maxHeight = 250
If the image is taller than the height specified here, the image is reduced in size while maintaining the aspect ratio. If the image is less high, it is not enlarged. The default setting is 250 pixels.
Logo in side menu
app.logo.navmenu.enabled = [ false | true ]
Activates the display of the logo at the bottom of the page menu.
Information for all users
app.disclaimer.enabled = [ false | true ]
Activates the display of a dialog with information for the user directly after login. The user can suppress the future display. If the text is changed, these marks are removed for all users and the dialog appears again.
Title of the user information
app.disclaimer.title = Disclaimer
Title of the dialog with user information.
Text of the user information
app.disclaimer.text = 
Text of the dialog with user information.
Background color of the login screen
app.login.background = [ dark | light | custom ]
The background color of the login screen can be switched between dark and light. The font color is adjusted accordingly. If the value is set to custom, the two switches app.login.color and app.login.backgroundColor can be used to choose the colors.
Font color of the login screen
app.login.color = #1A365B
The font color of the login screen, if app.login.background is set to custom.
Background color of the login screen
app.login.backgroundColor = #fcfcfc
The background color of the login screen, if app.login.background is set to custom.
Dark mode
app.colorScheme.enabled = [ true | false ]
If the users can switch between light and dark mode.
Local manual
app.localManual = [ true | false ]
Switch, if the links to the manual open the local manual or the online version.
Webhooks
webhooks.enabled = [ false | true ]
Enables the possibility to couple other services to Scope using webhooks.
Limit of the rights prefetch for a TLE
prefetch.elements.minChangedElementsPerTle = 30
When making changes to elements (e.g. a status change), REWOO Scope often has to read out the rights that the individual users have to these elements. In some cases (e.g. closing a larger element hierarchy), it may be more convenient from a runtime point of view to read out all rights at once instead of determining them one by one. This configuration parameter specifies from which set of element changes under a top-level element all rights should be read at once. Since this can be a very expensive operation under certain circumstances, the limit should not be set too low. Regardless of the value set here, the system ensures that all permissions are read if the element change refers to a top-level element itself. If the value is set to 0, all rights are always read. This corresponds to the behavior before version 13.
Limit of the rights prefetch for a node
prefetch.userRights.maxConnectionsPerNode = 50
When changes are made to the authorization graph, all rights related to a node are normally read from the database at once. In unfavorable cases, this means that a lot of data is read unnecessarily. For example, if a new relationship is added for only one user, the rights on all other relationships are irrelevant. Therefore it can be useful for some modeling to reduce this value, because most rights are only assigned individually and not via role nodes.
Limit for reading the entire form
prefetch.values.minEntriesPerForm = 1
For calculations using the formula language, normally all values of referenced forms are read from the database. With very large forms this can lead to very expensive read operations. This switch determines from how many referenced entries the whole datasheet is read. If this switch is set to 1, all values are always read.
Limit for reading all value dependencies
prefetch.dependencies.minEntriesPerForm = 10000
For calculations using the formula language, normally only the dependencies to the referenced entries are read from the database. If the forms contain a lot of entries and these are strongly linked to each other via formulas, it may make more sense to read all dependencies of the form at once.
Prefetching and caching of table view values
tableview.cachevalues.enabled.ids = 14[,15,16,...]
Table views can possibly include a great many datasheets and values. To speed up access to particularly large and slow views, this configuration parameter can be used to store the REWOO Scope internal IDs of the table views for which all values are to be permanently held in memory. After adding the IDs, the corresponding values are automatically read and stored in memory. The system also automatically synchronizes the cache when new elements are added, existing values are changed or the definitions of the table views are modified. The easiest way to determine the IDs of the table views is to open the respective view in the HTML client and read them from the URL in the browser. Thus, a fictitious table view with the link https://rewoo.net/test/mobile/tableViews/14 has the ID 14 because the URL ends with the number 14.
Note: Permanently holding the values of a table view in memory can occupy large amounts of main memory. Therefore, care should be taken to activate the cache only for selected table views when required, and also to dimension the amount of available memory large enough. Otherwise, problems such as "out-of-memory" exceptions and unstable system behavior can occur.

Scope Maintenance Server

Before the settings described below can take effect, the Scope Maintenance server must first be installed and configured. This is explained in Installing Scope Maintenance Server. After the maintenance server has been successfully started, the parameters described below must be set to ensure communication between REWOO Scope and the Scope maintenance server.
Activation
maintenance.service.enabled = [ true | false ]
This switch can be used to prevent or allow the general use of the Scope Maintenance server.
PostgreSQL path
maintenance.service.postgres.path=/usr/bin/
Absolute path to the local Postgres installation on the REWOO Scope server. The path must be accessible for the Scope maintenance server.
PostgreSQL port
maintenance.service.postgres.port = 5432
Port of the local Postgres installation on the REWOO Scope server. The port must be accessible for the Scope maintenance server.
PostgreSQL password
maintenance.service.postgres.password =
Password to the database used by the REWOO Scope server. The password for the database user must be entered here. Alternatively, the field can be left blank if a ".pgpass" file exists in the file system and has been configured correctly.
External URL
maintenance.service.external.url = http://localhost:8081/scope-maintenance-server
The URL through which the Scope maintenance server can be reached from the clients. Normally, the maintenance server is located on the same computer as REWOO Scope when viewed from the outside. Any forwarding to a different, internal address is then achieved by the Apache web server and a corresponding ProxyPass rule. localhost must therefore be replaced here by the address of the REWOO Scope server.
Internal URL
maintenance.service.internal.url = http://localhost:8081/scope-maintenance-server
The URL through which the Scope maintenance server can be reached from the REWOO Scope server. By default, the maintenance server runs on the same physical machine as REWOO Scope, so localhost should be the correct server address.
JMX port
maintenance.service.jmx.port = 5050

The Scope Maintenance Server accesses some functions of the REWOO Scope Server via the JMX protocol. By default, port 5050 is used for this purpose, which is already preset.

JMX context name
maintenance.service.jmx.instance.key = [ context | name ]
The keyword for the name of the web application is context since Jetty 9, for Jetty 7 and 8 this parameter must be set to name.