Configuration of REWOO Scope

The configuration allows you to set and change various configuration parameters for the server or the Scope world. For admin users, it can be found directly in the admin panel.

Language

Default language (Server)

defaultServerLocale = [ de_DE | en_US | en_GB ]

Default language of the server.

Default language (Client)

defaultUserLocale = [ de_DE | en_US | en_GB ]

Default language of client interface. The setting only affects new users. Each user has the option in the client to set the language used at any time.

Default time zone

defaultServerTimeZone = Europe/Berlin

The default time zone of the server for the display of date and time (see date entries).
List of time zones

Search

Search view

search.view = [ normal | extended ]

The normal view is a simple input field for the search text. The extended view requires configured facet searches on one or more element types. Then the user is offered a simple possibility to search in individual fields.

Search filter

search.filter = [ fuzzy | phonetic ]

fuzzy uses the Levenshtein distance, which is set with search.fuzziness. phonetic uses the Double Metaphone algorithm to include similar sounding, possibly misspelled hits in the result list (e.g. standard and standart).

If the search filter is changed, the complete search index must be rebuilt.

fuzziness

search.fuzziness = [ 0 | 1 | 2 ]

The Levenshtein distance is a positive integer that measures the distance between two letter sequences. This parameter sets the fuzziness of the search. 0 is equivalent to exact search. 1 allows simple word swaps. The larger the value, the less precise the search.

Exclude file formats

search.extensionDenyList = dxf

A list of file formats that are not included in the search index. Multiple entries must be specified separated by commas.

Arguments of the Tika server

search.tika.args = 

Arguments which will be used to start the Tika server (see Tika Wiki).

JVM Aaguments of the Tika server

search.tika.jvmargs = -Xmx2g

JVM arguments which will be used to start the Tika server.

Port of the Tika servers

search.tika.port = 8200

The port behind which a Tika server is expected. If no Tika server is found, a new Tika server is started that listens on this port.

Waiting time after the start of the Tika server

search.tika.startupDelayMS = 1000

The amount of time in milliseconds that is waited after the Tika server starts until a first connection attempt is made.

Maximum time for a request to the Tika server

search.tika.timeoutMS = 60000

The maximum time in milliseconds that a request to the Tika server may take before it is aborted.

URL of the Tika server

search.tika.url = http://localhost

URL of a running Tika server.

URL of Tika server installation packages

search.tika.downloadUrl = https://rewoo.de/downloads/tika/

If no Tika server is running and no jar is found in the local installation directory, an appropriate jar is downloaded from this URL.

Email dispatch

General email settings

Activation

mail.mute = [ true | false ]

Switch to globally activate or deactivate the email dispatch.

Email sender

mail.sender = REWOO Scope <info@rewoo.com>

Name and email address of the sender. Most providers require that the sender matches the email account used.

global redirection

mail.redirect.enabled = [ true | false ]

All mails sent to users are redirected to the addresses in mail.redirect.to

Addresses for redirect

mail.redirect.to = 

A comma-separated list of addresses to which email will be redirected if mail.redirect.enabled is enabled.

Host

mail.host = localhost

Address of the computer that sends the emails (SMTP)

Port

mail.port = 587

Port on this computer through which the SMTP service can be reached.

Username

mail.username = 

Username, if authentication is necessary for the dispatch.

Password

mail.password = 

Password, if authentication is required for sending.

Parameter

mail.props = mail.smtp.auth:true,mail.smtp.socketFactory.port:587,mail.smtp.socketFactory.class:javax.net.DefaultSocketFactory,mail.smtp.socketFactory.fallback:false

Settings for sending emails.

Sending emails with STARTTLS

If the email transmission is to be secured with STARTTLS, the following settings must be made:

mail.port = 465

mail.props = mail.smtp.auth:true,mail.smtp.socketFactory.port:465,mail.smtp.socketFactory.class:javax.net.ssl.SSLSocketFactory,mail.smtp.socketFactory.fallback:false,mail.smtp.starttls.enable:true

Sending alerts and messages by email

These options configure the automatic emails that are sent when alerts and messages are generated.

Author

mail.author = REWOO Scope

Name that appears below the email text.

Email dispatch of the system action EMAIL

These options configure the automatic e-mails sent by the EMAIL system action.

Maximum attachment size

mail.maxAttachmentSizeInMB = 50

If a file links field is specified when defining the EMAIL system action, the files stored there are attached to the e-mail. This parameter limits the maximum size in megabytes that the attachments of an e-mail may not exceed. If the size is exceeded, the e-mail is not sent and the triggering action is canceled.

Sending bug reports by email

First level support

mail.firstLevelSupport = support@rewoo.com

If the software fails, the user can generate a report and have it sent as an email to this address.

Phone settings

Default protocoll for desktop

phone.desktop.protocol = [ tel | callto | sip | skype | phone ]

The default protocol for phone numbers in desktop browsers. This protocol can be overridden by each user individually or by explicitly placing it in front of the phone number.

Default protocoll for desktop

phone.mobile.protocol = [ tel | callto | sip | skype | phone ]

The default protocol for phone numbers in mobile device browsers. This protocol can be overridden by each user individually or by explicitly placing it in front of the phone number.

File converter

General converter settings

List of file extensions to ignore

converter.extensionDenyList = exe,dll

Comma-separated list of file extensions to be ignored by the file converter.

Path for test files

converter.testFiles.path = 

Absolute path to the directory containing files that are used when testing the converters via the Admin Panel.

Duration of preview migration

converter.migration.maxDurationInSec = 1800

When the preview format for images is changed, all existing preview files are migrated by the ConverterJob. This parameter specifies how much time in seconds may be spent on the migration per job run.

Configuration of the ImageMagick converter

This converter is necessary for displaying all image formats: jpg, jpeg, png, gif, tiff, bmp, eps, svg, ai, psd, wmf.

Path

converter.imagemagick.imageMagickHome = /usr/bin/

Absolute path to the directory where the convert program of ImageMagick is located.

Timeout

converter.imagemagick.timeout = 360000

Time in milliseconds that a conversion with ImageMagick may take at most before it is aborted.

Checking the MimeType

converter.imagemagick.checkMimeType = true

This switch activates the check of the MimeType against the stored white list to secure a security hole in ImageMagick (see ImageTragick).

Thumbnail Size

converter.imagemagick.thumbnailSize = 160

Maximum width and height of thumbnail images.

Configuration of the Office Converter

This converter is necessary for displaying all office formats and text formats: doc, docx, xls, xlsx, ppt, pptx, vsd, vxd, vsdx, pub, odt, ods, odp, txt, rtf, csv (complete list of supported formats).

Path

converter.openoffice.openOfficeHome = /opt/LibreOffice5.x/

Absolute path to the program directory of LibreOffice or Apache OpenOffice.

Port

converter.openoffice.ports = 8100

Port to be used by the LibreOffice Server service. A list of port numbers can also be specified here in a comma-separated list to start multiple LibreOffice servers at the same time.

Timeout for conversion

converter.openoffice.timeout = 600000

Time in milliseconds that a conversion with LibreOffice may take at most before it is aborted.

Maximum number of conversions

converter.openoffice.killAfter = 200

Maximum number of conversions until the LibreOffice server is restarted. This is necessary for some versions of LibreOffice because more memory is reserved with each conversion.

Start attempts

converter.openoffice.numberOfRestartAttempts = 2

Maximum number of attempts to restart LibreOffice.

Queue timeout

converter.openoffice.taskQueueTimeout = 30000

Maximum time in milliseconds that a conversion job may spend in the queue before it is aborted.

Configuration of Acme CAD converter

This converter is necessary for the display of CAD files: dxf, dwg.

Path

converter.acme.bin = /home/rewoo/rewoo/scripts/proxy-acme.sh

Absolute path to the script used to start the ACME CAD converter.

Colour chart

converter.acme.fallbackCTB = monochrome.ctb

Default CTB file for the conversion of DXF files.

Timeout

converter.acme.timeoutMS = 360000

Time in milliseconds that a conversion with the ACME CAD Converter may take at most before it is aborted.

ETL

Create new fields

etlconfig.global.protectedmode = [ true | false ] 

switch whether form fields are automatically added to the form (false) or not (true) if they do not exist

Waiting time

etlconfig.global.fileChangeWait = 2000

Time in milliseconds that the ETL process observes the file for changes before reading it in.

A set of job-specific parameters must also be created for each pre-system.

Scheduler

Long-running or recurring tasks are available as jobs. Many of these jobs are only started manually via the admin panel and do not require a schedule. The scheduled jobs are configured according to the cron syntax (see the Quartz scheduler documentation)

General settings

Waiting time after system start

quartz.startDelay = 30000

Time between the start of Scope and the first execution of the jobs in milliseconds

Queue size

quartz.queueSizePerJob = 10

Queue size per Quartz job

Anonymisation of the data set

Job for anonymizing the dataset, i.e. element names and form values are falsified according to a predefined plan.

Cron parameter

jobs.AnonymizerJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.AnonymizerJob.enabled = [ true | false ]

Switch whether this job is executable.

Deletes all expired session

Job to delete all expired sessions.

Cron parameter

jobs.ClearTimedOutSessionsJob.cron = 0 3 * * * ? * 

Cron trigger, default is three minutes after every full hour

Activation

jobs.ClearTimedOutSessionsJob.enabled = [ true | false ]

Switch whether this job is executable.

Converting the files

Job to convert all files for which a standard format (png, pdf, swf) is not yet available.

Cron parameter

jobs.ConverterJob.cron = 0 0 1 * * ? *

Cron trigger, default is every night at 1 o'clock server time

Activation

jobs.ConverterJob.enabled = [ true | false ]

Switch whether this job is executable.

Period in days

jobs.ConverterJob.periodInDays = 2

Creates a preview for files added in the last 2 days. If the number of days is 0, all files in the system are checked.

Calculation of checksums

Job for calculating checksums for all files for which no checksum is yet available. This checksum can be used to check whether the file has been unchanged since it was saved, or whether it has been corrupted or manipulated.

Cron parameter

jobs.CreateChecksumsJob.cron = 0 0 1 * * ? *

Cron trigger, default is every night at 1 o'clock server time

Activation

jobs.CreateChecksumsJob.enabled = [ true | false ]

Switch whether this job is executable.

Creating snapshots

Job to create a snapshot of the Scope installation. This snapshot contains all data necessary to restore this Scope instance (database, stored files, ETL configuration, license, account data).

Cron parameter

jobs.CreateSnapshotJob.cron = 

Cron trigger, is not set, because snapshots are usually created manually

Activation

jobs.CreateSnapshotJob.enabled = [ true | false ]

Switch whether this job is executable.

Deleting form values

Job for deleting form values. REWOO Scope does not actually allow values to be deleted. However, as the law stipulates that personal data must be permanently deleted on request for reasons of data protection, this job exists. It is only possible to delete the values of elements that have either been archived or discarded.

Cron parameter

jobs.DeleteElementValuesJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.DeleteElementValuesJob.enabled = [ true | false ]

Switch whether this job is executable.

Delayed execution of formula actions

Job for delayed execution of formula actions.

Cron parameter

jobs.ExecuteDelayedFormulaActionsJob.cron = * */5 * * * ?

Cron trigger, default is every 5 minutes

Activation

jobs.ExecuteDelayedFormulaActionsJob.enabled = [ true | false ]

Switch whether this job is executable.

Reading in data (ETL)

Job for reading in data using an ETL process.

Cron parameter

jobs.ExecuteETLJob.cron = */30 * * * * ?

Cron trigger, default is every 30 seconds

Activation

jobs.ExecuteETLJob.enabled = [ true | false ]

Switch whether this job is executable.

Installation-specific, external jobs

If you want REWOO Scope to run your own scripts or programs at regular intervals, you can create your own cron jobs for this purpose. In the following configuration parameters, appname is generic and can be changed to the name of the program. This allows several external jobs to be created.

jobs.ExternalLauncherJob.appname.cron

Cron expression that specifies the intervals at which the application should run.

jobs.ExternalLauncherJob.appname.enabled = [ true | false ]

Determines whether the application is executed at all.

jobs.ExternalLauncherJob.appname.path

Determines under which path the application to be executed is located. It is the responsibility of the admin to ensure that the application can actually be called.

jobs.ExternalLauncherJob.appname.timeout

The maximum time in milliseconds to wait before firing the started process. This is to prevent an external application from permanently blocking a cron thread.

List all invalid formulas

job to list all formulas whose syntax is incorrect, which contain references to non-existent elements, which contain self-references and which contain references from real elements to templates. Since the consistency of the formulas is checked directly when they are saved, this set should always be empty.

Cron parameter

jobs.FindInvalidFormulasJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.FindInvalidFormulasJob.enabled = [ true | false ]

Switch whether this job is executable.

Recalculating the rights

Job for recalculating the rights. This job is only required as a repair function in the event of problems with the access rights.

Cron parameter

jobs.RebuildAclJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.RebuildAclJob.enabled = [ true | false ]

Switch whether this job is executable.

Rebuilding the search index

Job to rebuild the search index. This operation is very computationally intensive and should not be performed regularly.

Cron parameter

jobs.RebuildSearchIndexJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.RebuildSearchIndexJob.enabled = [ true | false ]

Switch whether this job is executable.

Record Management

Job for the execution of the record management. Rules can be used to configure the time at which the status of certain elements is changed or the values are deleted.

Cron parameter

jobs.RecordManagementJob.cron = 0 0 2 3 * ? *

Cron trigger, default is every third of the month at 2 a.m.

Activation

jobs.RecordManagementJob.enabled = [ true | false ]

Switch whether this job is executable.

Reconstruction of the formula dependencies

Job for rebuilding the formula dependencies. Reference pointers are created for referencing other data fields so that the dependent formulas are also re-evaluated when values are changed. This job is only required as a repair function in the event of problems with updating formula values.

Cron parameter

jobs.RecreateDependenciesJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.RecreateDependenciesJob.enabled = [ true | false ]

Switch whether this job is executable.

Repair of the PREV/NEXT structures

Job for recalculating the PREV/NEXT structures. All formulas that can be found in PrevLinks/NextLinks fields as well as all formulas that depend on them (i.e. in particular also all formulas that use the keywords PREV or NEXT) are re-evaluated. A new version of the form is only created if the evaluation results in a different value. This job is only required if the old calculation algorithm for PrevLinks and NextLinks fields has been manually switched to the new algorithm. Please note that due to the changed evaluation logic, in most cases the previous formulas within the PrevLinks and NextLinks fields must also be adjusted in addition to the recalculation of the PREV/NEXT structures.

Cron parameter

jobs.RecreatePrevNextJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.RecreatePrevNextJob.enabled = [ true | false ]

Switch whether this job is executable.

Re-evaluation of all formulas

Job to re-evaluate all formulas. All formulas are evaluated again, but a new version of the form is only generated if the evaluation results in a different value. This job is only needed as a repair function in the event of problems with updating formula values.

Cron parameter

jobs.ReevaluateDatasheetsJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.ReevaluateDatasheetsJob.enabled = [ true | false ]

Switch whether this job is executable.

Rebuilding the table view cache

Job to rebuild the table view cache.

Cron parameter

jobs.ReInitializeTableViewCacheJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.ReInitializeTableViewCacheJob.enabled = [ true | false ]

Switch whether this job is executable.

Run repair script

Job for repairing the dataset. This option is only required in the rarest of cases. Because damage up to total loss of the data is possible with the script, only scripts certified by REWOO GmbH are permitted here.

Cron parameter

jobs.RepairByScriptJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.RepairByScriptJob.enabled = [ true | false ]

Switch whether this job is executable.

Repair of formulas in default value

Job for repairing formulas that are in the default value of the field. All field references are converted from field ids to field names and back to field ids. This will fix any errors in these references. This job is only needed as a repair function in case of problems with field references in default formulas.

Cron parameter

jobs.RepairDefaultFormulasJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.RepairDefaultFormulasJob.enabled = [ true | false ]

Switch whether this job is executable.

Importing snapshots

Job for importing a snapshot.

Cron parameter

jobs.RestoreSnapshotJob.cron = 

Cron trigger, is not set, because snapshots are usually imported manually.

Activation

jobs.RestoreSnapshotJob.enabled = [ true | false ]

Switch whether this job is executable.

Scanning for malware

Job to start an external malware scanner that scans the stored files for known malware.

Cron parameter

jobs.SearchForMalwareJob.cron = 

Cron trigger, is not set because the scans are started manually

Activation

jobs.SearchForMalwareJob.enabled = [ true | false ]

Switch whether this job is executable.

Indexing of new values

Job for indexing new values and files. These are only indexed after the job has run successfully and can therefore be found via the search.

Cron parameter

jobs.UpdateIndexJob.cron = */10 * * * * ?

Cron trigger, default is every 10 seconds.

Activation

jobs.UpdateIndexJob.enabled = [ true | false ]

Switch whether this job is executable.

Updating formulas with date dependency

Job for re-evaluating formulas with date dependency (see TODAY, PERIODIC, SMA)

Cron parameter

jobs.UpdateDayClockChangeDependenciesJob.cron = 0 0 1 * * ? *

Cron trigger, default is every night at 1 o'clock server time

Activation

jobs.UpdateDayClockChangeDependenciesJob.enabled = [ true | false ]

Switch whether this job is executable.

Updating formulas with time dependency

Job for re-evaluating formulas with time dependency (see NOW)

Cron parameter

jobs.UpdateIntradayClockChangeDependenciesJob.cron = 

Cron trigger

Activation

jobs.UpdateIntradayClockChangeDependenciesJob.enabled = [ true | false ]

Switch whether this job is executable.

Checking the files

Job to verify that all files are unchanged.

Cron parameter

jobs.ValidateChecksumsJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.ValidateChecksumsJob.enabled = [ true | false ]

Switch whether this job is executable.

Exporting the data as XML

Job to export all types, layouts, elements, form values, table views and gantts as an XML file, which is packed into a zml archive together with the files. See also the job "Import XML data".

Cron parameter

jobs.XmlExportJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.XmlExportJob.enabled = [ true | false ]

Switch whether this job is executable.

Import XML data

Job to import types, layouts, elements, datasheet values, portfolios and gantts from an XML file, and files from a zml archive. See also the job "Export files as XML".

Cron parameter

jobs.XmlImportJob.cron = 

Cron trigger, not needed, because only started manually

Activation

jobs.XmlImportJob.enabled = [ true | false ]

Switch whether this job is executable.

LDAP and AD

Procedure

To include users managed in an LDAP in REWOO Scope, proceed as follows:

1. Customize LDAP
2. Configure REWOO Scope
3. Select user from LDAP and assign login point

Configuration of OpenLDAP

Include REWOO schema
REWOO Software GmbH has developed its own schema for OpenLDAP, which is based on object classes of very frequently used standard schemas. That is, it extends the object classes and/or schemas:

• cosine
• inetOrgPerson
• person
• posixAccount

The schema does not introduce any new attributes. Instead, some attributes that we need for REWOO Scope are changed from MAY to MUST.

slapd.conf
To include the additional schema, the configuration of the OpenLDAP server must be adapted. The file rewoo.schema must be copied into the directory for the schema files and then added to slapd.conf. Add this to the list of include lines: include /etc/ldap/schema/rewoo.schema.
This might then look something like the following:

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/rewoo.schema

Then restart slapd and check the logfile for possible errors.

slapd.d 

In more recent OpenLDAP versions, the concept of the slapd.conf file has been abandoned in favor of an LDIF structure in /etc/ldap/slapd.d. This means that the slapd is no longer set via a single configuration file, but via LDIF files. This means that slapd is no longer set via a single configuration file, but via LDIF files. The advantage is that changes to the configuration can be made on the fly without restarting slapd.
If you are running an OpenLDAP server with LDIF configuration, please use the file rewoo.ldif, adapt it to your environment (this concerns especially the order in which the schema should be included, probably has to be adapted) and then load it into slapd, e.g. with ldapadd.

Set up user
As soon as the slapd is available again, you can edit users who should be able to use REWOO Scope. Add the object class rewooUser as a new attribute to the affected users. Make sure that the uid, userPassword and displayName attributes are set before saving the change. Otherwise, the save will fail.

Configuration of Active Directory service

For Active Directory, we recommend setting up a new group. As AD administrator, set up a new user group, e.g. RewooUser. Add all users who will use REWOO Scope as members of the RewooUser group.

Configuring REWOO Scope for a Directory Service

To configure REWOO Scope for use with a directory service, log in as an administrator. Switch to the configuration page. Most of the parameters you need to set up an LDAP-based directory service are already prepared with dummy entries. Since the setup is slightly different when using OpenLDAP and Active Directory Service, both services will be discussed separately in the following.

Use the edit link to set all values as required in your environment. The values are valid or active as soon as you have set them. Therefore, set the value for ldap.enabled to true only at the very end.

Configuring REWOO Scope for OpenLDAP

To use an OpenLDAP as a directory service, please look for the configuration parameters that start with ldap. In the following, the parameters important for OpenLDAP and their meaning are listed.

Display name

ldap.attribute.displayName = displayName

Attribute containing the string to be displayed instead of the login name.

Email

ldap.attribute.email = <mail>

Attribute containing the email address of the user

Login name

ldap.attribute.username = uid

Attribute that contains the login name; identical to the name that the user specifies for login

LDAP activation

ldap.enabled = [ true | false ]

switches authentication via LDAP on or off; if LDAP is to be used, set this value to true

Active Directory

ldap.isAD = [ true | false ]

switches between ActiveDirectory or LDAP; for OpenLDAP the switch remains false

LDAP authentication only

ldap.only = [ true | false ]

this parameter toggles between LDAP-only authentication and mixed authentication. With pure LDAP authentication, only the LDAP is used for authentication. The REWOO database is then not used for authentication. Only applies to users with the Standard and Concurrent roles.

LDAP branch

ldap.search.base = ou=people,dc=rewoo,dc=lan

the branch in LDAP under which to search for possible users; set this value to the branch where the users are located in your LDAP - check with your LDAP administrator, e.g. ou=people,dc=firma,dc=com

Search filter

ldap.search.filter = (&(objectClass=inetOrgPerson)(objectClass=RewooUser))

sets the filter to limit the result set; ask your LDAP administrator to which object classes the REWOO users belong; the syntax corresponds to the one defined in RFC 4515

Users for the search

ldap.search.user = (leer)

Distinguish Name (DN) of the user who is allowed to search the LDAP, e.g. cn=search.user,dc=firma,dc=com; this is only needed if an LDAP is not allowed to be searched anonymously.

Password

ldap.search.password = ****

sets the password for the search user; this is only needed if the LDAP may not be searched anonymously

Forwarding

ldap.search.referral = [ follow | ignore | throw ]

Configuration of forwarding to other LDAP servers

Search scope

ldap.search.scope = [ baseObject | oneLevel | wholeSubtree ]

Configuration of the search scope

URL

ldap.server.url = ldap://localhost

Host name of the server on which the LDAP service is running, for example, ldap://ldap.example.com.
Multiple servers can be specified separated by spaces.
The specification of a port is optional and is set with a colon after the server name, for example, ldap://ldap.example.com:389.
To use a secure connection, you can switch to the ldaps:// protocol.

TLS

ldap.server.useTLS = [ true | false ]

Turns TLS on or off.

Paging

ldap.paging.enabled = [ true | false ]

Turns paging of search results on or off. This makes it possible to get a larger set of search results than the maximum size of a single page allows. Please note that your LDAP server must support RFC 2696 for this.

Page size

ldap.paging.size = 500

Specifies the maximum number of entries a page can contain. This switch only has an effect if ldap.paging.enabled has been set. Please note that the limit must not be set higher than the LDAP server settings generally allow.

Configuring REWOO Scope for Active Directory

To use an Active Directory to authenticate users, basically the same settings must be made as for an OpenLDAP. The difference is that an Active Directory may not be searched anonymously and must therefore always be preceded by a successful login.
In addition, the logon to the service is not done via the distinguished name of the user object, but as one would log on under Windows with domain username. Therefore, there are some additional switches and settings that have to be set for a login via an Active Directory.

Display name

ldap.attribute.displayName = <displayName>

this value is used to display the full name of the user instead of the login name

Email

ldap.attribute.email = <mail>

This attribute is used to set or read the email address of the user.

Login name

ldap.attribute.username = uid

For an ActiveDirectory, please set this value to sAMAccountName.

Windows domain

ldap.domain = test,rewoo

Set here the name of the (Windows) domain in which the users are located. Multiple domains are separated by commas.

AD Activation

ldap.enabled = [false | true]

Enables or disables authentication via an AD; if AD is to be used, set this value to true.

Active Directory

ldap.isAD = [false | true]

set this value to true; activates a dropdown menu in the logon screen where the user can/must select the domain he wants to log on to

LDAP authentication only

ldap.only = [true | false]

causes that users of the roles Standard and Concurrent can only log on via AD

AD branch g

ldap.search.base = cn=Users,dc=<prefix>,dc=<firma>,dc=<domain>

set here the branch under which the users are stored. Adapt <prefix>, <comapny> and <domain> to your environment, e.g. cn=Users,dc=dev,dc=rewoo,dc=com

Search filter

ldap.search.filter = (&(objectClass=organizationalPerson)(objectClass=user)
(memberOf=cn=rewooUser,cn=Users,dc=<prefix>,dc=<firma>,dc=<domain>))

match <prefix>, <comapny> and <domain> to your environment, e.g.: (&(objectClass=organizationalPerson)(objectClass=user) (memberOf=cn=rewooUser,cn=Users,dc=dev,dc=rewoo,dc=com)); if you have created a different group for rewoo users than suggested above, please use that group in place of rewooUser

Users for the search

ldap.search.user = 

setzen Sie hier den Benutzer ein, der das AD durchsuchen darf; wenn sich Benutzer aus verschiedenen Domänen einloggen können sollen, dann sollte der Search-User alle Domänen durchsuchen können dürfen, z. B. dev/search

Password

ldap.search.password = ****

Password of the user to be used to browse the AD

Forwarding

ldap.search.referral = [follow | ignore | throw]

Configuration of forwarding to other LDAP servers

Search scope

ldap.search.scope = [baseObject | oneLevel | wholeSubtree]

Configuration of the search scope

URL

ldap.server.url = ldap://localhost

Host name of the server on which the Active Directory is running, e.g. ldap://directory.ka.rewoo.com
multiple servers can be specified separated by spaces
an optional specification of the port is possible, e.g. ldap://ldap.example.com:389
to use a secure connection, you can switch to the protocol ldaps://.

TLS

ldap.server.useTLS = [ true | false ]

Turns TLS on or off.

Paging

ldap.paging.enabled = [ true | false ]

Turns paging of search results on or off. This makes it possible to get a larger set of search results than the maximum size of a single page allows.

Page size

ldap.paging.size = 500

Specifies the maximum number of entries a page can contain. This switch only has an effect if ldap.paging.enabled has been set. Please note that the limit must not be set higher than the AD server settings generally allow.

Use the edit link to set all values according to your environment. All values are active as soon as you have pressed Save/Save in the edit dialog. Therefore set the value for ldap.enabled to true last.

Security

There are two ways to secure the communication between REWOO Scope and the LDAP service.

Either enable the switch ldap.server.useTLS to use TLS.

Or use the ldaps:// protocol when specifying the server URL, so that SSL is used for the connection. To establish the SSL connection, we need a trust store, which we specify when we start the Scope server. Java comes with a tool called keytool to manage such trust stores. In the following commands, the filenames and passwords are just placeholders.

If the certificate is not known, it can be queried with the following command:

openssl s_client -showcerts -connect ldap.customer.com:636

The key is PEM encoded between the first tags -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. Save this key with the tags in a text file, e.g. customerCA.cert.

The trust store is created with the following command:

keytool -import -file /home/rewoo/customerCA.cert -alias customerCA -keystore /home/rewoo/customerTrustStore

Secure the trust store with a password:

keytool -storepasswd -new new_storepass -keystore /home/rewoo/customerTrustStore

The following parameters must be added to the start script of the Scope server:

-Djavax.net.ssl.trustStore=/home/rewoo/customerTrustStore -Djava.net.ssl.trustStorePassword=new_storepass

To activate the changes, the Scope server must be restarted.

SAML2 configuration

Strict testing

saml2.strict = [ true | false ]

If this switch is on, unsigned or unencrypted messages are rejected if signed or encrypted messages are enabled in the settings. In production systems, this switch should always be on.

Debug

saml2.debug = [ true | false ]

A switch to write errors to the log.

Username

saml2.attribute.username = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn

The name of the attribute that contains the username. If this parameter is set to "NameID", the attribute "NameID" is read instead of a normal attribute, which is a child element of the "Subject" tag in the SAML response.

Service Provider

ID

saml2.sp.entityid = urn:scope.rewoo.com

Id of the service provider (must be a URI)

Service URL

saml2.sp.assertion_consumer_service.url = /auth/signInSaml2

relative URL to which the IdP sends the response

Service Binding

saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

SAML protocol binding for the IdP response. Currently we only support HTTP POST

Logout response URL

saml2.sp.single_logout_service.url = /auth/signOut

Relative URL to be called by the IdP after logout.

Logout Binding

saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

SAML protocol binding for the IdP logout message. Currently we only support HTTP redirect

Namensformat

saml2.sp.nameidformat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

Format of the name used to identify the user. Possible formats:

• urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
• urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
• urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
• urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
• urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
• urn:oasis:names:tc:SAML:2.0:nameid-format:entity
• urn:oasis:names:tc:SAML:2.0:nameid-format:transient
• urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
• urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted

x509 Certificate

saml2.sp.x509cert = -----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----

Certificate of the service provider

Private Key in format PKCS#8

saml2.sp.privatekey = -----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----

Private Key des Service Providers

Identity Provider

ID

saml2.idp.entityid = 

Id of the Identity Provider

SSO URL

saml2.idp.single_sign_on_service.url = 

URL to which the authentication request is sent

SSO Binding

saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

SAML protocol binding used for the request. Currently we only support HTTP redirect.

Logout request URL

saml2.idp.single_logout_service.url = 

Logout request URL

Logout response URL

saml2.idp.single_logout_service.response.url = 

Optional URL for the logout response of the SP to the IdP. If this URL is not specified, saml2.idp.single_logout_service.url is used.

Logout Binding

saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

SAML protocol binding used for logout. Currently we only support HTTP redirect.

x509 Certificate

saml2.idp.x509cert = -----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----

Certificate of the Identity Provider

Fingerprint of the certificate

saml2.idp.certfingerprint = 

Fingerprint algorithm

saml2.idp.certfingerprint_algorithm = [ sha1 | sha256 | sha384 | sha512 ]

Security

Encrypted name

saml2.security.nameid_encrypted = [ true | false ]

Switch whether the name is sent encrypted by the SP.

saml2.security.want_nameid_encrypted = [ true | false ]

Switch whether the name is sent encrypted by the IdP.

Signed authentication request

saml2.security.authnrequest_signed = [ true | false ]

Switch whether the authentication request is signed by the SP.

Signed logout request

saml2.security.logoutrequest_signed = [ true | false ]

Switch whether the logout request is signed by the SP.

Signed logout response

saml2.security.logoutresponse_signed = [ true | false ]

Switch whether the logout response is signed by the SP.

Signed data from IdP

saml2.security.want_messages_signed = [ true | false ]

Switch whether the SP expects the data received from the IdP to be signed.

Signed assertions from IdP

saml2.security.want_assertions_signed = [ true | false ]

Switch whether the SP expects the assertions received from the IdP to be signed.

Encrypted assertions

saml2.security.want_assertions_encrypted = [ true | false ]

Switch whether the SP expects the assertions received from the IdP to be encrypted.

Signed meta data

saml2.security.sign_metadata = 

Switch whether the metadata of the SP should be signed

Authentication context

saml2.security.requested_authncontext = urn:oasis:names:tc:SAML:2.0:ac:classes:Password

Multiple values can be specified separated by commas.

• urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
• urn:oasis:names:tc:SAML:2.0:ac:classes:Password
• urn:oasis:names:tc:SAML:2.0:ac:classes:X509
• urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard
• urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos

Authentication comparison

saml2.security.requested_authncontextcomparison = exact

• exact
• minimum
• maximum
• better

XML validation

saml2.security.want_xml_validation = [ true | false ]

Switch whether the SP should validate all received XML.

Signature algorithm

saml2.security.signature_algorithm = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256

Possible values:

• http://www.w3.org/2000/09/xmldsig#rsa-sha1
• http://www.w3.org/2000/09/xmldsig#dsa-sha1
• http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
• http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
• http://www.w3.org/2001/04/xmldsig-more#rsa-sha512

Organization

Name

saml2.organization.name = REWOO Software GmbH

Display name

saml2.organization.displayname = REWOO Scope

URL

saml2.organization.url = https://rewoo.de

Language

saml2.organization.lang = en_US

Contact

Technical contact

saml2.contacts.technical.given_name = REWOO Administrator

Email of the technical contact

saml2.contacts.technical.email_address = administration@rewoo.com

Application support

saml2.contacts.support.given_name = REWOO Support

E-Mail of the application support

saml2.contacts.support.email_address = support@rewoo.com

globaler Code

Global CSS definition for the HTML client

mobile.global.css = 

This parameter can be used to specify additional CSS definitions for the HTML client that apply globally. This code is loaded after the default CSS files (Bootstrap framework and Scope specific customizations) but before datasheet specific CSS. This makes it possible to customize the HTML client to match the style of your own corporate design.

Global javascript for the HTML client

mobile.global.javascript = 

This parameter can be used to set global javascript for the HTML client.

Global meta tags for the HTML client

mobile.global.meta = 

This parameter can be used to set global meta tags for the HTML client.

Global CSS definition for calendars

mobile.calendar.css = 

This parameter can be used to set CSS definition for calendars.

Global javascript for calendars

mobile.calendar.javascript = 

This parameter can be used to set javascript for caledars.

Global CSS definition for Kanban boards

mobile.kanban.css = 

This parameter can be used to set CSS definition for Kanban boards.

Global javascript for Kanban boards

mobile.kanban.javascript = 

This parameter can be used to set javascript for Kanban boards.

Global CSS definition for table views

mobile.tableview.css = 

This parameter can be used to set CSS definition for table views.

Global javascript for table views

mobile.tableview.javascript = 

This parameter can be used to set javascript for table views.

Global CSS definition for task views

mobile.taskview.css = 

This parameter can be used to set CSS definition for task views.

Global javascript for task views

mobile.taskview.javascript = 

This parameter can be used to set javascript for task views.

Client configuration

Element grouping in navigation

visualization.clusterByType = 15

If the number of objects, processes or aspects of the same type is greater than the specified value, the elements are grouped.

Object grouping

visualization.cluster.objects = 15

If the number of objects of the same type is greater than the specified value, the elements are grouped. These settings override the value specified in visualization.clusterByType for this particular case.

Object aspect grouping

visualization.cluster.objectAspects = 15

If the number of aspects of the same type below objects is greater than the specified value, the elements are grouped. These settings override the value specified in visualization.clusterByType for this particular case.

Process grouping

visualization.cluster.processes = 15

If the number of processes of the same type is greater than the specified value, the elements are grouped. These settings override the value specified in visualization.clusterByType for this particular case.

Process aspect grouping

visualization.cluster.processAspects = 15

If the number of aspects of the same type below processes is greater than the specified value, the elements are grouped. These settings override the value specified in visualization.clusterByType for this particular case.

Display the editor name

user.versionAuthor.visible = [ true | false ]

This parameter can be used to set whether the name of the authors/editors is displayed in the version history below the datasheet or in the value history widget or remains hidden.

Default screen size in layout designer

mobile.designer.layout.screenSize = [ sm | md | lg | xl | xxl ]

This parameter specifies the screen size that is displayed when the layout designer is opened.

Style of the main menu

mobile.menu.style = [ labels | icons | hidden ]

If the switch is set to labels, the sandwich button is only displayed when the screen size falls below a certain value; otherwise the menu is permanently visible with icons and labels. If this option is set to icons the menu is permanently visible showing only the icons. If this option is set to hidden, the menu in the HTML client is collapsed by default and can only be opened using the sandwich button.

Tab switch behavior

datasheet.onTabSwitch = [ discard | save ]

This switch selects the strategy of what happens when values on the form have been changed and the user switches tabs.

Value check during loading

datasheet.validate.onLoad.enabled = [ true | false ]

If this switch is set to true, the values are checked after loading the datasheet, e.g. whether mandatory fields are filled in.

Warning for empty required fields

datasheet.validate.requiredWarning.enabled = [ true | false ]

If this switch is set to true, an error text will be shown for required fields that have not been filled in, otherwise these fields will only be outlined in red.

Behavior when clicking on FileLinks entries

datasheet.fileLinks.downloadOnClick = [ false | true ]

By default, clicking the name of a file stored in REWOO Scope will open the preview (if it is available for the file format). In order to be able to download the file, a download icon is also displayed to the left of the file name. If, on the other hand, the parameter is set to true, the file is downloaded when the file name is clicked. To open the preview, a button in the form of an eye symbol is then available to the left of the file name.

Position of controls for table fields in HTML client

datasheet.table.buttonPosition = [ left | right ]

By default, the plus and minus buttons are displayed on the right side of each table row. If the value is set to left, both buttons on the left side are rendered mirror-inverted (i.e. first the plus, then the minus button).

Show quick save dialog in HTML client

datasheet.quickOperationsPopup.enabled = [ false | true ]

If the user has made changes on the current datasheet and scrolled down a little, a small pop-up is displayed at the bottom right, which can be used to save or discard the changes. The pop-up can be prevented from appearing by setting this parameter to false.

Y-Offset for the quick save dialog in the HTML client

datasheet.quickOperationsPopup.yOffset = 250

This parameter defines how many pixels the user has to scroll down until the quick save dialog appears. 0 means the dialog is always visible.

Show mail button for table views

tableview.mailButton.enabled = [ false | true ]

If a table view with selectable rows contains a column of the type Email, then after setting this option a "Send Mail" button will automatically appear when opening the table view. If the user now selects one or more rows and clicks on the button, a new mail will open in the user's default email client with the selected addresses as recipients. Attention: if there is more than one email column in the table view, the leftmost column of the definition will be selected.

Page size of the table view

tableview.pagingSize = 50

Number of rows that are displayed on one page of a table view. If the number of rows of a table view exceeds the value entered here, another page is created, which the user can reach via the navigation bar of the table view.

User-specific filters for table views

tableview.filter.storable = [ false | true ]

This switch enables the users to save filter settings for table views.

Number of visible filter columns

tableview.filter.maxInitialColumns = 5

If the table view is unfiltered, filter entries are displayed in the filter dialog for the n columns from the left table border.

Size of thumbnails in table views

tableview.imageSize = 60

Maximum width and height of thumbnails in pixels, if a Image entry is used as column in the table view.

Type of HTML navigation view

mobile.navigator.style = [ finder | legacy ]

The setting finder activates a display of the hierarchy in lists like it is used in the Finder of macOS. With legacy you get the old navigator which only shows the current level and the path.

Behavior when clicking a link in HTML navigation

mobile.navigator.elementLinkOpensDatasheet = [ false | true ]

Determines whether the corresponding data sheet should be opened when an element is clicked in the legacy navigator of the HTML view (value "true") or whether the child elements should be displayed in this case (value "false"). Please note that even if this option is set, the data sheet is only actually displayed if it contains form fields that are to be displayed. If the datasheet is completely empty, no white datasheet will be displayed, but instead it will automatically scroll to the overview of the child elements.

Visible status in the navigator

mobile.navigator.visibleStates = IN_PLANNING,ACTIVE,ON_HOLD,CLOSED

List of statuses that are visible in the HTML navigator for normal users.

Usage of pdf.js

mobile.lightbox.forcePDFJS = [ false | true ]

Specifies whether to force the use of pdf.js or to use the browser's own PDF renderer if it is available.

Follow-up action if no rights exist

mobile.noRights.redirect = [ home | navigator | search | tables ]

This switch determines which view the user is redirected to when he calls up a data sheet but does not have permission to do so.

Follow-up action after own rights removal

datasheet.connectionButton.noRights = [ ask | redirect ]

This switch determines what happens if the user removes the rights to the current datasheet from himself with a ConnectionButton. Either a dialog appears explaining the situation and offering the redirects as buttons, or the user is redirected directly.

System configuration

Timeout

loginTimeout = 1800

Time in seconds until the user is logged out due to inactivity.

Mute Messages

message.mute = [ true | false ]

Switch to globally enable or disable the sending of scope messages.

Mute messages about status changes

message.stateChange.mute = [ true | false ]

Switch to globally enable or disable the messages about status changes. These messages have a noticeable impact on runtime. It is better to use Condition entries, a status condition and the system action MESSAGE to generate messages about status changes where they are of interest.

Storage directory

file.storagedir = /home/rewoo/rewoo-admin/storage/rewoo

Absolute path to the REWOO Scope storage directory for the files, preview files, PDFs, search index, ETL scripts and ETL files.

Maximum file size

file.maxSizeInMB = 100

Sets the maximum size in megabytes that a single file can have in file fields (FileLinks, Image, SpreadsheetFile). When trying to upload larger files, an error message is displayed to the user and the respective file is not uploaded. The limit does not apply to FileLinks entries as a whole, but only to individual files.

Maximum file size for drag'n'drop

file.maxDragNDropSizeInMB = 10

Sets the maximum size in megabytes for drag'n'drop actions in the web interface. The value refers to the total size of the files. Attention, limitations of the used browser still apply.

Hash algorithm for file checksums

file.hash.algorithm = [ MD2 | MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 | SHA3_224 | SHA3_256 | SHA3_384 | SHA3_512 ]

A checksum is calculated for each file stored in Scope in order to be able to check the integrity of the file at a later time. Several hash algorithms are available for this purpose. We recommend at least SHA256. To use the SHA3 algorithms, at least Java 9 must be used.

Algorithm for mail merge

output.mailmerge.method = [ auto | new ]

The new algorithm supports printing Table and Image and is faster for high volume printing, but it does not support placeholders in headers and footers. In the "auto" setting, the new algorithm is taken only if placeholders for Table or Image are included in the template.

Attribute for login

auth.login.type = [ username | email ]

This switch specifies whether users log in with their name or with their email address.

Direct access to administrative functions

auth.directAdmin.enabled = [ false | true ]

This switch specifies whether accounts of type Power or Admin have direct access to the administrative functions Designer, Account Management and Admin Panel, or whether this access must first be enabled for the current session. If direct access is disabled, the application looks like it does for normal users.

Language on login page

auth.ignoreRequestLocale = [ false | true ]

This switch specifies whether or not the language setting supplied by the browser should be respected on the login screen. If it is ignored, the setting in defaultUserLocale applies.

Duration of password check

auth.constLoginTimeInMs = 300

The password verification time is artificially extended to this duration to make attacks more difficult.

Length of generated passwords

auth.password.generate.length = 16

The length of passwords that are automatically generated: in the settings, when creating new accounts, when the user requests a new password, or when the administrator resets the accounts' passwords (always assuming that the accounts do not authenticate via AD, LDAP, or SAML).

Minimum password length

auth.password.minLength = 8

The minimum length of passwords that the user can set.

secure switch of the session cookie

auth.sessionCookie.secure = [ false | true ]

When the user has successfully logged in, a session cookie is set. This switch determines whether the cookie should only be transferred for encrypted https connections (true) or always (false). This switch should be set to true to prevent man-in-the-middle attacks.

httpOnly switch of the session cookie

auth.password.httpOnly = [ false | true ]

When the user has successfully logged in, a session cookie is set. This switch determines whether the cookie can be read via Javascript (false) or not (true). This switch should be set to true to prevent cross-site scripting (XSS) attacks.

sameSite switch of the session cookie

auth.password.sameSite = [ STRICT | LAX | NONE ]

When the user has successfully logged in, a session cookie is set. This switch determines whether the cookie should be transferred exclusively to the server that generated the cookie (STRICT), whether the cookie should also be transferred when navigating links (LAX), or whether there are no restrictions on cross-site requests (NONE). This switch should be set to STRICT to ensure maximum security of user sessions.

Name of the session cookie

auth.sessionCookie.name = JSESSIONID

Switch for two-factor authentication

auth.mfa.enabled = [ true | false ]

This switch can be used to disable two-factor authentication for all users.

Length of the two-factor authentication secret

auth.mfa.secret.length = 54

With two-factor authentication, the server and an app on a user's mobile device share a secret. With the current time and this secret, both sides can calculate the currently valid one-time password.
Note: Some apps like Google Authenticator do not respect this setting. A different value should only be used if it is ensured that all users use apps that can handle it (e.g. freeOTP or andOTP).

Length of the one-time password

auth.mfa.code.digits = 6

The number of digits of the one-time password.
Attention: If this setting is changed, all activated two-factor authentications will no longer work and must be renewed!
Note: Some apps like Google Authenticator do not respect this setting. A different value should only be used if it is ensured that all users use apps that can handle it (e.g. freeOTP or andOTP).

Validity period of the one-time password

auth.mfa.code.period = 60

The time in seconds that the one-time password is valid.
Attention: If this setting is changed, all activated two-factor authentications will no longer work and must be renewed!
Note: Some apps like Google Authenticator do not respect this setting. A different value should only be used if it is ensured that all users use apps that can handle it (e.g. freeOTP or andOTP).

Account creation

account.creation.authorizedRoles = ADMIN,POWER

The roles specified here are allowed to create new accounts based on a user template. Possible roles are ADMIN, POWER, CONCURRENT and STANDARD.

Login Nodes

account.login.onlyObjectNodes = [ true | false ]

This switch specifies whether login nodes may only occur below objects or everywhere.

Coupling account and node status

account.stateFollowsLoginState.enabled = [ true | false ]

When the login node changes state, the account associated with it follows. If the node becomes active or inactive, the account is also activated or deactivated. If the node is closed, archived or discarded, the account is terminated and can no longer be used.

Task list size per user

user.taskList.size = 500

All long-running actions by CopyButtons or ActionButtons are started as an asynchronous task. This parameter controls the size of the list, which includes processed tasks.

Antivirus scanner

clamav.bin = /usr/bin/clamscan

Absolute path to the malware scanner ClamAV.

Bidirectional Prev/Next

datasheet.bidirectional_prev_next.enabled = [ true | false ]

Switch for automatic linking of PrevLinks and NextLinks entries, so that adding or deleting links on one side leads to automatic adjustment on the opposite side. For internal system reasons, the option may only be set with the previous, static calculation of the predecessor and successor nodes. The configuration parameter described under Algorithm for determining predecessor and successor nodes must therefore be set to false when used.

Algorithm for determining predecessor and successor nodes

datasheet.legacy_prev_next.enabled = [ true | false ]

Since version 10.7.2 two different variants are available to fill the PrevLinks and NextLinks entries. With the previous variant (=true) PrevLinks and NextLinks entries must be filled with explicitly named target nodes. It is thus not possible, for example, to refer to another ElementLinks entry, which in turn then defines the actual target nodes. The new algorithm (=false) can handle such calculated targets. However, it may only be used if the option described in Bidirectional Prev/Next has been turned off.
Note: For existing installations that already use PrevLinks or NextLinks entries, the old algorithm will continue to be used for compatibility reasons. If you want to switch to the new mechanism, it is not sufficient to set this flag to false. Instead, the internal structures of the PrevLinks and NextLinks must be redetermined. This is done using the repair function provided specifically for this purpose.

URL for pre-modeled solutions

import.solutions.url = https://trial.rewoo.net/solutions/solutions.xml

Internet address for the list of pre-modeled solutions. The preassignment points to the list of solutions provided by REWOO Software GmbH.

Path of the debug script

logs.debugScript = /home/rewoo/rewoo/scripts/debug.sh

Absolute path to the script that can be used to create a debug package via the admin panel.

Name of the software

app.displayName = REWOO Scope

The name configured here is used everywhere to name the software.

External URL

app.publicUrl = https://www.rewoo.de/rewoo

URL through which the application can be reached via the Internet. This url is used, for example, for WebDAV links in the application or for links in emails.

Software logo

app.logo.path = 

Absolute path to an image file in PNG format with maximum 240x240 pixels to be used as logo. If no file is specified, the Scope logo is used.

Maximum width of the logo

app.logo.maxWidth = 250

If the image is wider than the width specified here, the image is reduced in size while maintaining the aspect ratio. If the image is narrower, it is not enlarged. The default setting is 250 pixels.

Maximum height of the logo

app.logo.maxHeight = 250

If the image is taller than the height specified here, the image is reduced in size while maintaining the aspect ratio. If the image is less high, it is not enlarged. The default setting is 250 pixels.

Logo in side menu

app.logo.navmenu.enabled = [ false | true ]

Activates the display of the logo at the bottom of the page menu.

Background color of the login screen

app.login.background = [ dark | light | custom ]

The background color of the login screen can be switched between dark and light. The font color is adjusted accordingly. If the value is set to custom, the two switches app.login.color and app.login.backgroundColor can be used to choose the colors.

Webhooks

webhooks.enabled = [ false | true ]

Enables the possibility to couple other services to Scope using webhooks.

Limit of the rights prefetch for a TLE

prefetch.elements.minChangedElementsPerTle = 30

When making changes to elements (e.g. a status change), REWOO Scope often has to read out the rights that the individual users have to these elements. In some cases (e.g. closing a larger element hierarchy), it may be more convenient from a runtime point of view to read out all rights at once instead of determining them one by one. This configuration parameter specifies from which set of element changes under a top-level element all rights should be read at once. Since this can be a very expensive operation under certain circumstances, the limit should not be set too low. Regardless of the value set here, the system ensures that all permissions are read if the element change refers to a top-level element itself. If the value is set to 0, all rights are always read. This corresponds to the behavior before version 13.

Limit of the rights prefetch for a node

prefetch.userRights.maxConnectionsPerNode = 50

When changes are made to the authorization graph, all rights related to a node are normally read from the database at once. In unfavorable cases, this means that a lot of data is read unnecessarily. For example, if a new relationship is added for only one user, the rights on all other relationships are irrelevant. Therefore it can be useful for some modeling to reduce this value, because most rights are only assigned individually and not via role nodes.

Limit for reading the entire form

prefetch.values.minEntriesPerForm = 1

For calculations using the formula language, normally all values of referenced forms are read from the database. With very large forms this can lead to very expensive read operations. This switch determines from how many referenced entries the whole datasheet is read. If this switch is set to 1, all values are always read.

Limit for reading all value dependencies

prefetch.dependencies.minEntriesPerForm = 10000

For calculations using the formula language, normally only the dependencies to the referenced entries are read from the database. If the forms contain a lot of entries and these are strongly linked to each other via formulas, it may make more sense to read all dependencies of the form at once.

Prefetching and caching of table view values

tableview.cachevalues.enabled.ids = 14[,15,16,...]

Table views can possibly include a great many datasheets and values. To speed up access to particularly large and slow views, this configuration parameter can be used to store the REWOO Scope internal IDs of the table views for which all values are to be permanently held in memory. After adding the IDs, the corresponding values are automatically read and stored in memory. The system also automatically synchronizes the cache when new elements are added, existing values are changed or the definitions of the table views are modified. The easiest way to determine the IDs of the table views is to open the respective view in the HTML client and read them from the URL in the browser. Thus, a fictitious table view with the link https://rewoo.net/test/mobile/tableViews/14 has the ID 14 because the URL ends with the number 14.
Note: Permanently holding the values of a table view in memory can occupy large amounts of main memory. Therefore, care should be taken to activate the cache only for selected table views when required, and also to dimension the amount of available memory large enough. Otherwise, problems such as "out-of-memory" exceptions and unstable system behavior can occur.

Scope Maintenance Server

Before the settings described below can take effect, the Scope Maintenance server must first be installed and configured. This is explained in Installing Scope Maintenance Server. After the maintenance server has been successfully started, the parameters described below must be set to ensure communication between REWOO Scope and the Scope maintenance server.

Activation

maintenance.service.enabled = [ true | false ]

This switch can be used to prevent or allow the general use of the Scope Maintenance server.

PostgreSQL path

maintenance.service.postgres.path=/usr/bin/

Absolute path to the local Postgres installation on the REWOO Scope server. The path must be accessible for the Scope maintenance server.

PostgreSQL port

maintenance.service.postgres.port = 5432

Port of the local Postgres installation on the REWOO Scope server. The port must be accessible for the Scope maintenance server.

PostgreSQL password

maintenance.service.postgres.password =

Password to the database used by the REWOO Scope server. The password for the database user must be entered here. Alternatively, the field can be left blank if a ".pgpass" file exists in the file system and has been configured correctly.

External URL

maintenance.service.external.url = http://localhost:8081/scope-maintenance-server

The URL through which the Scope maintenance server can be reached from the clients. Normally, the maintenance server is located on the same computer as REWOO Scope when viewed from the outside. Any forwarding to a different, internal address is then achieved by the Apache web server and a corresponding ProxyPass rule. localhost must therefore be replaced here by the address of the REWOO Scope server.

Internal URL

maintenance.service.internal.url = http://localhost:8081/scope-maintenance-server

The URL through which the Scope maintenance server can be reached from the REWOO Scope server. By default, the maintenance server runs on the same physical machine as REWOO Scope, so localhost should be the correct server address.

JMX port

maintenance.service.jmx.port = 5050

The Scope Maintenance Server accesses some functions of the REWOO Scope Server via the JMX protocol. By default, port 5050 is used for this purpose, which is already preset.

JMX context name

maintenance.service.jmx.instance.key = [ context | name ]

The keyword for the name of the web application is context since Jetty 9, for Jetty 7 and 8 this parameter must be set to name.