You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

All properties

 

SubjectPropertyDefaultExplanationProperty fileAdditional information
Aggregates

blueriq.customerdata-client.list.record.limit

10Maxiumum results of the search.

application.properties



blueriq.customerdata-client.url
Url for the customerdata service 

application.properties



blueriq.customerdata-client.username
Username used for authentication against the customerdata service

application.properties



blueriq.customerdata-client.password
Password used for authentication against the customerdata service

application.properties



blueriq.customerdata-client.preemptive-authenticationtrue

Use preemptive authentication

application.properties

since 11.8

blueriq.customerdata-client.socket-timeout120 (seconds)

Time waiting for data – after establishing the connection; maximum time of inactivity between two data packets

application.properties

Note: exception thrown can still cause data changes on Customer Data Service side, because connection has been established.

https://hc.apache.org/httpclient-legacy/preference-api.html


blueriq.customerdata-client.connection-timeout10 (seconds)

Time to establish the connection with the remote host

application.properties

https://hc.apache.org/httpclient-legacy/preference-api.html


blueriq.customerdata-client.connection-request-timeout10 (seconds)

Time to wait for a connection from the connection manager/pool

application.properties

https://hc.apache.org/httpclient-legacy/preference-api.html

blueriq.customerdata-client.pool.validate-after-inactivity2500 (milliseconds)

Defines period of inactivity in milliseconds after which persistent connections must be re-validated prior to being leased to the consumer. Non-positive value passed to this method disables connection validation. This check helps detect connections that have become stale (half-closed) while kept inactive in the pool.

application.properties



blueriq.customerdata-client.pool.default-max-per-route50

The default maximum number of concurrent connections per route

application.properties



blueriq.customerdata-client.pool.max-total1000

The maximum total connections

application.properties




SubjectPropertyDefaultExplanationProperty file
Service call type: AQ_MailServiceblueriq.mail.dkim.domain_alias.name
Specifies the domain name for dkim.

application.properties


blueriq.mail.dkim.domain_alias.enabledfalseEnable/disable dkim. 

application.properties


blueriq.mail.dkim.domain_alias.selector
Specifies the DNS selector for dkim.

application.properties


blueriq.mail.dkim.domain_alias.private-key-file
Specify the path to the private key file used for dkim in signing email messages.

application.properties



Properties

SubjectPropertyDefaultExplanationProperty file
Clusterblueriq.session.session-manager
Configures the type of session manager used. The session manager can be 'memory', 'external' or a custom implemented bean.

 application.properties

blueriq.session.request-ward-enabledfalseToggle to enable request wards

application.properties


Messages

SubjectKeyExplanation
Cluster

request-ward.invalid.titleThe title of the error message when request ward validation fails
request-ward.invalid.messageThe error message when request ward validation fails

SubjectPropertyExplanation
CMIS















blueriq.cmis.userThe username needed for the cmis connection.
application-cmis-client.properties


blueriq.cmis.passwordThe password needed for the cmis connection.

application-cmis-client.properties

blueriq.cmis.services-urlThe serviceURL of the cmis connection.

application-cmis-client.properties

blueriq.cmis.repository-idThe repository on the filesystem the cmis connection connects to.

application-cmis-client.properties

blueriq.cmis.objectType-idThe kind of objectType the file is.

application-cmis-client.properties

blueriq.cmis.binding-typeThe type of communication you desire. Currently the only supported value is atompub

application-cmis-client.properties

blueriq.cmis.read-timeoutThe number of milliseconds within which a call to the CMIS URL needs to get a response.

application-cmis-client.properties

blueriq.cmis.connection-timeoutThe number of milliseconds within which the CMIS Server needs accept the connection.

application-cmis-client.properties

blueriq.cmis.authProviderClassNameThe classname of the authProvider

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.jwt.ks.fileUrlURL pointing to key store containing RSA private/public keys for JWT signing

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.jwt.ks.passwordKey store password

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.

jwt.ks.blueriqKeyAlias

Alias of key that Blueriq should use for JWT signing

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.

jwt.ks.blueriqKeyPassword

Password for key that Blueriq should use for JWT signing

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.jwt.claims.iss
Standard 'issuer' claim to put in Json Web token

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.jwt.claims.audStandard 'audience' claim to put in Json Web token

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.jwt.claims.subStandard 'subject' claim to put in Json Web token

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.jwt.claims.idpCustom claim to put in Json Web token

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.

jwt.blueriqUser.id.claimName

JWT claim name to put the Blueriq user id in

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.

jwt.cmisConnector.id.claimName

JWT claim name to put the CMIS connector id in

application-cmis-client.properties

SubjectPropertyExplanation

Connections


blueriq.connection.sessionHeadersA comma-separated list of HTTP header names, stored through the blueriq.session.headers property, that should be put on outgoing requests for all HTTP and SOAP connections. More info here.

application.properties

@since 11.6
blueriq.connection.header.[headerName]Key-value pairs of HTTP headers that should be put on all outgoing REST and SOAP requests. 

application.properties

@since 14.11
blueriq.connection.timeout

Default global timeout in milliseconds to use for all outgoing HTTP requests (SOAP, REST or CMIS) when no other timeout was specified on the specific connection configuration.

The value of 0 means there is no global timeout.

Default is 5000 milliseconds (5 seconds).

When a negative number is configured, or this property is not configured at all, this value will fallback to the default.

application.properties

@since 15.0

The default value changed from 15000 to 5000 ms in Blueriq 17.0

blueriq.connection.[name].sql.typeThe type of sql connection (ie. jdbc)

application.properties


blueriq.connection.[name].sql.urlThe url of the datasource which should be connected to.

application.properties


blueriq.connection.[name].sql.driverThe driver that needs to be used to connect to the datasource

application.properties


blueriq.connection.[name].sql.usernameThe username to login to the datasource

application.properties


blueriq.connection.[name].sql.passwordThe password to login to the datasource

application.properties


blueriq.connection.[name].filesystem.pathThe path of the filesystem

application.properties


blueriq.connection.[name].memoryName of a memory connection.

application.properties


blueriq.connection.[name].http.urlThe URL of the REST web service.

application.properties


blueriq.connection.[name].http.usernameThe username for basic authentication.

application.properties


blueriq.connection.[name].http.passwordThe password for basic authentication.

application.properties


blueriq.connection.[name].http.sessionHeadersA comma-separated list of HTTP header names, stored through the blueriq.session.headers property, that should be put on outgoing requests for this connection. Overrides blueriq.connection.sessionHeaders. More info here.

application.properties

@since 11.6
blueriq.connection.[name].http.header.[headerName]Key-value pairs of HTTP headers that should be put on outgoing REST requests for this connection.
Overrides blueriq.connection.header

application.properties

@since 14.11
blueriq.connection.[name].http.timeout

The timeout in milliseconds.

The value of 0 means there is no timeout.

When a negative number is configured this value will fallback to the global default.

application.properties


blueriq.connection.[name].http.authentication

If the Runtime authentication is set to openid-connect, then setting this property to 'openid-connect' will make the webservice send along a bearer Authorization header.

Since Blueriq 16.3, if the Runtime authentication is set to jwt, then setting this property to 'jwt' will make the webservice send along a bearer Authorization header.

Since Blueriq 17.0 Spring Security is used for defining OAuth2 connections, set this property to 'oauth2' when using oauth2. Define an Client Registration for OAuth 2 via Spring Security and set it on the connection. For an example see Release 17.0 Upgrade Instructions

application.properties


blueriq.connection.[name].http.oauth2-client-registrationThe name of the OAuth2 Client Registration defined in the properties or yaml file with Spring Security. (required when using oauth2)

application.properties

@since 17.0
blueriq.connection.[name].http.oauth2-token-request-parameters.[paramName]Key-value pairs of additional access token request parameters

application.properties

@since 17.2
blueriq.connection.[name].soap.urlThe URL of the SOAP web service.

application.properties


blueriq.connection.[name].soap.usernameThe username for basic authentication.

application.properties


blueriq.connection.[name].soap.passwordThe password for basic authentication.

application.properties


blueriq.connection.[name].soap.interceptorsA comma separate list of security interceptors (defined using the blueriq.soap.interceptors.security.* properties, see WS-Security)

application.properties


blueriq.connection.[name].soap.timeoutThe timeout in milliseconds.

application.properties


blueriq.connection.[name].soap.sessionHeadersA comma-separated list of HTTP header names, stored through the blueriq.session.headers property, that should be put on outgoing requests for this connection.
Overrides blueriq.connection.headers. More info here.

application.properties

@since 11.6
blueriq.connection.[name].soap.header.[headerName]

Key-value pairs of HTTP headers that should be put on outgoing SOAP requests for this connection.
Overrides blueriq.connection.header

application.properties

@since 14.11
blueriq.connection.email.*

The service call name of AQ_MailService is being used to retrieve the corresponding mail connection, so the [name] part. However it is also possible to define a default mail connection with the prefix blueriq.connection.email.*. When a 'named' mail connection doesn't have all the properties defined it will even fallback to the default for those properties, to be able to create correct mail connection. When no properties are available for the 'named' connection, but there are default mail connection properties present, it will use the default mail connection. For more information : Service call type: AQ_MailService

application.properties


blueriq.connection.[name].email.smtpThe hostname of the SMTP server.

application.properties

required 
blueriq.connection.[name].email.smtpportThe port of the SMTP server.

application.properties


blueriq.connection.[name].email.usernameThe username to use when connecting to the SMTP server.

application.properties


blueriq.connection.[name].email.passwordThe password to use when connecting to the SMTP server.

application.properties


blueriq.connection.[name].email.usetlsIndicates if the SMTP server should be contacted using TLS.

application.properties


blueriq.connection.[name].email.fromaddressAn email address from which to send the email.

application.properties


blueriq.connection.[name].email.replytoaddresses

Email addresses that the recipient should reply to.

 

application.properties

@since 17.7
blueriq.connection.[name].email.toaddressesAddresses to send the email to.

application.properties


blueriq.connection.[name].email.ccaddressesAddresses to put in cc.

application.properties


blueriq.connection.[name].email.bccaddresses


Addresses to put in bcc.

application.properties


blueriq.connection.[name].resource.pathDefines a path to a resource.

application.properties


blueriq.connection.[name].external-flow.projectThe REQUIRED name of the project that contains the flow to be started

application.properties


blueriq.connection.[name].external-flow.versionThe REQUIRED  version of the project that contains the flow to be started, e.g. 0.0-Trunk

application.properties


blueriq.connection.[name].external-flow.flowThe REQUIRED  name of the flow to be started

application.properties


blueriq.connection.[name].external-flow.channelThe OPTIONAL name of the channel be started

application.properties


blueriq.connection.[name].external-flow.baseurlThe OPTIONAL URL of the external host where the target project is on (if omitted the same server is assumed).

application.properties


Unable to render {include} The included page could not be found.

For the Blueriq Runtime there are two types of datasources that you can define in your properties: jndidatasources or externaldatasources. You can only enable one type by providing the type in the property spring.profiles.active.

Datasource configuration for the Customerdata Service can be found here: Customerdata service

It is possible to set the same property with a hibernate. (global) prefix and a blueriq.datasource.[name].hibernate. (datasource specific) prefix. When the same property is set with both prefixes, the property with the datasource specific prefix will have precedence over the global prefix. 


SubjectPropertyDefaultExplanation

Property file

spring.profiles.active= externaldatasources

Property file

spring.profiles.active=

jndidatasources

Datasources








blueriq.datasource.[name].url
The url of the datasource which should be connected to.

application-externaldatasources.properties

Only available when you have  externaldatasources enables instead of jndidatasources.

blueriq.datasource.[name].username
The username to login to the datasource

application-externaldatasources.properties

Only available when you have  externaldatasources enables instead of jndidatasources.

blueriq.datasource.[name].password
The password to login to the datasource

application-externaldatasources.properties

Only available when you have  externaldatasources enables instead of jndidatasources.

blueriq.datasource.[name].driverClassName
The driver that needs to be used to connect to the datasource

application-externaldatasources.properties

Only available when you have  externaldatasources enables instead of jndidatasources.

blueriq.datasource.[name].jndiName
The name of the jndi datasource connection.

Only available when you have jndidatasourcesinstead of externaldatasources.

application-jndidatasources.properties

blueriq.hibernate.[name].hbm2ddl.autovalidate

When starting server (SessionFactory)

Supported values: none / validate 

create/update/create-drop are not supported ways to create a schema. Use the dbscripts that are provided  with the release instead.

application-externaldatasources.properties

application-jndidatasources.properties

blueriq.hibernate.[name].use_nationalized_character_data

trueEnable nationalized character support on all string / clob based attributes ( string, char, clob, text etc ). Note that this property by defaults to true because 'hibernate.use_nationalized_character_data' is set in application.properties that is packaged in the default runtime WAR. For more information about it's usage see: UTF8 support.

application-externaldatasources.properties

application-jndidatasources.properties

blueriq.hibernate.[name].globally_quoted_identifiers

false

Quotes all database identifiers. (warning) Note that some databases treat column names as case sensitive when they are quoted, which may break the application. Blueriq requires this property to be false (which is the default).

application-externaldatasources.properties


blueriq.hibernate.[name].globally_quoted_identifiers_skip_column_definitions

falseWhen blueriq.hibernate.[name].globally_quoted_identifiers is set to true, column names will be skipped. (warning) Like the previous property, Blueriq requires this property to be false (which is the default).

application-externaldatasources.properties



The development properties only apply when the profile development-tools is added to the spring.profiles.active
SubjectPropertyExplanationExample
Development


logging.file.name=C:/Deployments/logs/runtime.logThe file in which to write the log

application.properties

blueriq.development.usePasswordEncryption=trueWhen editing properties encrypt passwords before saving them.

application-development-tools.properties

 blueriq.development.configuration.sanitize-keys

A comma-separated list of strings. Any keys of OS Environment Variables and Java System Properties that contain any value in this list will be sanitized before being displayed in the Blueriq Runtime Development Dashboard, meaning that they will be replaced by '******'.

Default: password,secret,key,token,credentials



Studio


blueriq.studio.description

description that is used in the development dashboard flow starter.

default via installer = Studio Projects


application-development-tools.properties

blueriq.studio.prefix

The prefix in front of the studio project when started.

default via installer = studio


application-development-tools.properties

blueriq.studio.authentication

Method of authentication that the Blueriq Studio uses.

Its value always is BASIC.


application-development-tools.properties

blueriq.studio.url

url where the management service of the Blueriq Studio can be reached. 

default via installer = http://HOSTNAME:PORT/Studio/Server/Services/ManagementService


application-development-tools.properties

blueriq.studio.domain

Network domain where the studio is in. 

default via installer = empty


application-development-tools.properties

blueriq.studio.username

Username for the studio management service.

default via installer = runtime


application-development-tools.properties

blueriq.studio.password

Password for the studio management service

default via installer = runtime


application-development-tools.properties

Externalblueriq.external.themes.[name].baseUrl

URL where the external theme is can be reached.

When using a custom made them which is not configured via the Runtime using an STG, but rather via a CDN or reverse proxy. An external theme can be configured so that the development dashboard can create URL's to the corresponding targets.

https://example.com/

application-development-tools.properties

blueriq.external.themes.[name].template.flow

RFC-6570 URI template for creating a start flow request. 

By combining the baseUrl and template.flow properties a full URL is formed. 

The variables which can be used in the URI template are: 

flow

- name of the flow to start

project

- name of the project to use

version

- project version to use

languageCode

- code of the language to use

testPath

- name of the test path to use

The combined URL will be expanded in development dashboard.

/flow/{project}/{flow}
/{version}/{languageCode}

With test path:

/flow/{project}/{flow}
/{version}/{languageCode}{?testPath}

application-development-tools.properties

blueriq.external.themes.[name].template.shortcut

RFC-6570 URI template for creating a start shortcut request. 

By combining the baseUrl and template.shortcut properties a full URL is formed.

The variables which can be used in the URI template are: 

shortcut
- name of the shortcut to start


The combined URL will be expanded in development dashboard.
/shortcut/{shortcut}

application-development-tools.properties

blueriq.external.themes.[name].template.session

RFC-6570 URI template for creating a continue session request.

By combining the baseUrl and template.session properties a full URL is formed.

The variables which can be used in the URI template are: 

sessionId

- id of the session to continue

The combined URL will be expanded in development dashboard.

/session/{sessionId}

application-development-tools.properties



SubjectPropertyExplanation 
Domain Schema

blueriq.domainschema.infinite-loop-detection-limit

Sets the limit for loops in case of domain schema in domain schema relations.

application.properties

SubjectPropertyExplanation
Exports


blueriq.exports.enabledBoolean to enable usage of exports. Default is false. 

application.properties

blueriq.exports.descriptionThe group name of all the exports shown in the dev dashboard

application.properties

blueriq.exports.prefixThe prefix in front of the export project when started.

application.properties

blueriq.exports.folderThe folder in the configuration folder where the exports are.

application.properties

blueriq.exports.filesDirect location of (an) export file(s). Comma seperated.

application.properties

SubjectPropertyExplanation
Example
Misc






blueriq.production.shortcuts-onlyOnly possible to start flows with shortcut (instead of 'dash start url')

application.properties


blueriq.fileupload.maxuploadsize

maximum request size for the built-in file upload container, in bytes. 

Note: this is per request, so if you upload multiple files in one go, the total size of those files is validated against this property.

Since 16.1 defaults to 10MB

application.properties

# set the max upload size to 10 MB

blueriq.fileupload.maxuploadsize=10485760

blueriq.fileupload.detect-content-type

Guesses the content type of uploaded files based on the actually uploaded data, instead of using the content type as present in the request.

From a security perspective, it is advised that this option is enabled to reject malicious uploads.

Available since R12.10, defaults to true.

application.properties


blueriq.fileupload.validate-content-type

If enabled, the content type of the file is used to determine the supposed extension that is then validated against the list of allowed extensions.

From a security perspective, it is advised that this option is enabled to reject malicious uploads.

Available since R12.10, defaults to true.



blueriq.license

the license for blueriq (content of the license file). Property is optional. One should set either this property or place a license file in the spring.config.additional-location folder , behaviour is undefined if both are set.

application.properties

The property blueriq.license should contain the contents of the license file, not the path to the license file. The value should be something like:

blueriq.license=0MtWfrubLL4Rq6TH/4TfNleRJqJHtSQIYe070...

blueriq.cache.timeoutThis property is used to specified the timeout that has to pass before the data in the aggregate / Process statistics container is considered not up to date and has to be reloaded.

application.properties


blueriq.runtimekeys.enabledThe element keys created by the Runtime that are send to the browser to build the HTML are now containing the element name prefixed by the page ID. E.g. P108-C0-C0-F0 is now P108_Person_Firstname_1. This way, the pagemodel which is used to build the HTML is more stable and in turn leads to a more predictable way of testing. This functionality is enabled by default.

application.properties


blueriq.webservices.create-empty-elements-for-unknowns

Controls whether generating empty elements for unknown relations should be enabled.

This property is available in Blueriq 14. Use the Legacy Property in earlier versions.

application.properties


blueriq.webservices.structured-input-validation

The webservice responses can be returned by Blueriq in a more structured way when input validations are triggered so those can be used in the model of the receiver. When this functionality is enabled, the error message returned for an invalid request is split up in such a way that validation messages can be handled separately and indicate the exact instance which is not valid. When this functionality is disabled, the error message is one string containing the validation message.

This functionality only applies to REST services based on domain schemas.

This functionality is disabled by default.

application.properties


Model Preloading properties

Note: these properties were introduced in Blueriq 13.8

SubjectPropertyExplanationDefault valueProperty fileExample
Model preloading






blueriq.modelpreload.enabled

If true, preloading of configured application models during Runtime startup is enabled

false

application.properties


blueriq.modelpreload.before-requests

If false, preload the application models after the Runtime is ready to accept HTTP requests. Otherwise the models will be preloaded before HTTP requests are accepted.

true

application.properties


blueriq.modelpreload.models

A map of application models (name and versions) to preload. Only application models that are in this list will be preloaded if preloading is enabled.


application.properties

blueriq.modelpreload.models.MyApp1=0.0-Trunk,0.0-FeatureX,0.0-FeatureY

blueriq.modelpreload.models.MyApp2=0.0-Trunk

SubjectPropertyDefaultExplanationProperty file
Multi-tenacy

blueriq.multi-tenancy.enabled

falseToggle to enable multi-tenancy.

application.properties


blueriq.multi-tenancy.allowed-tenants

List of comma separated tenant names. Tenant names can contain letters, digits and '-' (dashes).

For example:

blueriq.multi-tenancy.allowed-tenants=google,apple

application.properties


blueriq.multi-tenancy.http-header
The name of the HTTP header which the Runtime can retrieve the tenant name

application.properties


blueriq.multi-tenancy.amqp-header
The name of the AMQP message header in which the tenant is stored

application.properties


SubjectPropertyExplanation 
MVC UI - deprecated



blueriq.mvc.development-modeTurning mvc development mode on or off.

application.properties

blueriq.mvc.themes.[theme].template-group-filePath to where the stg file can be found.

application.properties

blueriq.mvc.themes.[theme].template-nameName of the mvcui template.

application.properties

blueriq.mvc.active-themesThe themes that are active in the Runtime. The theme names listed here (as a comma separated list) must match the theme names that are used with the properties above. Not all defined themes need to be active. Only the active ones will be shown in the development dashboard. This is useful for overriding the default styling that is packaged with Blueriq.

application.properties

spring.mvc.dispatch-options-requestThis is a spring mvc property that enables the dispatcher to listen to OPTIONS request methods.

application.properties

Example

blueriq.mvc.themes.bootstrap3.template-group-file=UI/mvc/v2/bootstrap3.stg
blueriq.mvc.themes.bootstrap3.template-name=main
blueriq.mvc.active-themes=bootstrap3

SubjectJAVA PropertyExplanation
OpenID Connectblueriq.security.openid-connect.use-discoveryBoolean property which enables Blueriq to read identity provider specific properties from an specific exposed location if the value is true, or to read them from application.properties if the value is false. Default: false.

application.properties


blueriq.security.openid-connect.public-keys.<key id>=<key value>

Defines the <key id, public key> mappings that are loaded by Blueriq if blueriq.security.openid-connect.use-discovery is false.

Note that the key value should be encoded as Base64 encoded bytes that conform to the X509EncodedKeySpec

application.properties


blueriq.security.openid-connect.client-id

The client-id of the Runtime, as defined at the identity provider.

application.properties


blueriq.security.openid-connect.client-secret

The client secret of the Runtime, as defined at the identity provider. This value is used, for example, to complete the OpenID Connect Authorization Code Flow, when exchanging the authorization code for ID and access tokens.

application.properties


blueriq.security.openid-connect.scopes

The OpenID Connect scopes used when starting the Authorization Code flow. The scopes must include the value "openid" in order for the identity provider to recognize that the OpenID Connect Authorization Code flow must be initiated. If "openid" is not specified as a scope, the identity provider may instead initiate the OAuth2 Authorization Code flow (depends on the identity provider in use). Multiple scopes can be specified separated with coma.

application.properties


blueriq.security.openid-connect.token-endpoint

the URL of the endpoint where access codes can be exchanged for ID and access tokens.

Example for Keycloak: http://<host>:<port>/auth/realms/<realm name>/protocol/openid-connect/token

application.properties


blueriq.security.openid-connect.token-endpoint-parameters.<name>=<value>

Additional custom parameters to be sent to the token endpoint. For example;

blueriq.security.openid-connect.token-endpoint-parameters.audience=https://example.eu.auth0.com/api/v2/

application.properties


blueriq.security.openid-connect.authorization-endpoint

the URL where the OpenID Connect Authorization Code flow can be started.

Example for Keycloak: http://<host>:<port>/auth/realms/<realm name>/protocol/openid-connect/auth

application.properties


blueriq.security.openid-connect.authorization-endpoint-parameters.<name>=<value>

Additional custom parameters to be sent to the authorization endpoint. For example;

blueriq.security.openid-connect.authorization-endpoint-parameters.audience=https://example.eu.auth0.com/api/v2/

application.properties


blueriq.security.openid-connect.token-issuer

The expected issuer in the "iss" claim of JWT tokens. A received JWT which does not have this exact, case-sensitive value in its "iss" claim will be rejected as invalid.

application.properties


blueriq.security.openid-connect.check-audience

Boolean indicating whether the audience claim should be checked. If true, the audience claim must contain the Runtime's client-id. All JWTs which do not contain the Runtime's client-id in the audience claim are rejected as invalid.

When false, the audience claim is not checked. Default: false.

application.properties


blueriq.security.openid-connect.sso-logout

Boolean indicating whether when logging out of Blueriq the user should be logged out of the Single-Sign-On session as well.

Default: false

application.properties


blueriq.security.openid-connect.end-session-endpointWhen sso-logout is true, the Runtime redirects to this URL at the identity provider in order to log out of the Single-Sign-On session.

application.properties


blueriq.security.openid-connect.post-logout-redirect-uri

Optional URI that the OpenID Connect provider should redirect to after logging out. This property will be taken account both when using discovery and when using manual configuration through properties.

Since Blueriq 16.0.1

application.properties


blueriq.security.openid-connect.user-info-endpointthe URL of the OpenID Connect UserInfo endpoint. This endpoint provides information about the user associated with an access token. It is used when the access token is not a JWT.

application.properties


blueriq.security.openid-connect.user-info-endpoint-parameters.<name>=<value>

Additional custom parameters to be sent to the user info endpoint. For example;

blueriq.security.openid-connect.user-info-endpoint-parameters.audience=https://example.eu.auth0.com/api/v2/

application.properties


SubjectJAVA PropertyExplanation

blueriq.security.jwt-claims.roles-path

A JsonPath expression to the roles claim in the JWT body. 

For example, if the JWT body contains below claims, this property should be set to $.realm_access.roles in order to indicate that the roles claim nested within the realm_access claim represents the roles. 

{
  ... other claims ...
  "realm_access": [
    "roles": ["role1", "role2"]
  ]
  ... other claims ...
}


application.properties


blueriq.security.jwt-claims.teams-path

A JsonPath expression to the teams claim in the JWT body. 

See roles-path above for more information.

application.properties


blueriq.security.jwt-claims.role-mapping.<role-claim>

Maps a role claim to zero, one or multiple Blueriq roles. If a role claim does not have a mapping, it is considered to have an implicit identity mapping.

Example: blueriq.security.jwt-claims.role-mapping.employee=authenticated_user,vu_employee

(all users which have the employee role at the identity provider will have the authenticated_user and vu_employee roles in Blueriq)

application.properties


blueriq.security.jwt-claims.team-mapping.<team-claim>

Maps a team claim to zero, one or multiple Blueriq teams. If a team claim does not have a mapping, it is considered to have an implicit identity mapping.

Example: blueriq.security.jwt-claims.team-mapping.amsterdam=europe,netherlands

(all users which have the amsterdam team at the identity provider will have the europe and netherlands teams in Blueriq)

application.properties


blueriq.security.jwt-claims.username-path

A JsonPath expression to the usernameclaim in the JWT body. 

See roles-path above for more information.

If no value is specified, the default value is used: $.preferred_username.

application.properties


blueriq.security.jwt-claims.claim-mapping.<key-id>=<value>

Additional optional custom parameter to retrieve a claim from the JWT and place it in the Authentication under the specified key. The value should be a JsonPath expression to the claim in the JWT body.

Only (lists of) strings, numbers and booleans are supported. These values will all be converted to strings.

See roles-path above for more information.

These claims can be retrieved to the profile using the GetAuthenticationClaims service.

application.properties

The property retain-required-tasks has been added

SubjectJAVA PropertyExplanation
Processes and DCM





blueriq.timer.intervalTimer interval of when to check timed tasks - (values must now be MINUTE, HOUR or NEVER, caps are required)

application.properties

blueriq.scheduler-quartz.advanced-scheduler

Property to enable the advanced scheduler

Default: false

application.properties

blueriq.migrate.displaynames.endpoint.enabledActivates the migration endpoint for processing and updating the cases and tasks display names

application.properties

 blueriq.processengine.cancel-started-tasks

Will cancel all started tasks when the runtime starts.

This property does not work as intended for production environments where the runtime is installed on multiple nodes. Starting a new (or restarting a running node) might cancel tasks that are in use. For that scenario we recommend to use the Reopening Tasks endpoint exposed by the CancelAllStartedTasks from the Scheduler Maintenance REST API or the Backend REST API V1

Default: false

application.properties

blueriq.processengine.retain-required-tasksIf true, ad-hoc tasks for which the precondition becomes false will not be automatically canceled (pre R11 behaviour). Defaults to false.

application.properties

blueriq.processengine.worklist.limit

Limit of amount of items shown in the worklist

Default: 1000

application.properties

blueriq.processengine.caselist.limit

Limit of amount of items shown in the caselist

Default: 1000


blueriq.processengine.default-app-id-ignore-mode

To influence the behavior of models that normally make use of the application Id for whole server (Control applicationId behavior)

Default: none

application.properties

blueriq.processengine.app-id-ignore-modes.[app-id]To influence the behavior of models that normally make use of the application Id, but per project.

application.properties

blueriq.processengine.default-ignore-unknown-attributesIndicates whether attributes stored in the process database which are no longer in the model should be ignored. By default, these attributes are not ignored and an error is raised when such an attribute is found in the database. To ignore the attributes, set this property to true.

application.properties

blueriq.processengine.ignore-unknown-attributes.[app-name]Same as blueriq.processengine.default-ignore-unknown-attributes, but allows enabling this setting on a per-application basis. The application-specific setting takes precedence over the global setting.

application.properties

blueriq.processengine.default-ignore-unknown-entitiesIndicates whether entity instances stored in the process database which are no longer in the model should be ignored. By default, these entity instances are not ignored and an error is raised when such an entity instance is found in the database. To ignore the entity instances, set this property to true.

application.properties

blueriq.processengine.ignore-unknown-entities.[app-name]Same as blueriq.processengine.default-ignore-unknown-attributes, but allows enabling this setting on a per-application basis. The application-specific setting takes precedence over the global setting.

application.properties

blueriq.processlist.default-app-id-ignore-mode

application.properties

blueriq.processlist.app-id-ignore-modes.[app-id]

application.properties

blueriq.process-sql-store.oracle.case-insensitive-search-enabledThis property enables case insensitive searching for oracle. For more information see: How to enable case insensitive search on case data for Oracle

application.properties







SubjectPropertyExplanation
Publisherclient





blueriq.hibernate.publisher-client.main.hbm2ddl.auto=validateSpecifies the hibernate property for publisherclient connection.

application-publisher-client.properties

blueriq.hibernate.publisher-client.dialect=org.hibernate.dialect.Oracle12cDialectExample: blueriq.hibernate.publisherclient.dialect=org.hibernate.dialect.Oracle12cDialect

application-publisher-client.properties

blueriq.datasource.publisher-client.database.url=jdbc:oracle:{host}:{port}:{servicename}The url of the publisher database.

application-publisher-client.properties

blueriq.datasource.publisher-client.database.driverClassName=oracle.jdbc.driver.OracleDriver

The driverclassname of the publisher database.

application-publisher-client.properties

blueriq.datasource.publisher-client.database.username={Username}The username to log in the database.

application-publisher-client.properties

blueriq.datasource.publisher-client.database.password={password}

The password to log in the database.

application-publisher-client.properties

blueriq.publisher-client.environmentName=Test

application-publisher-client.properties



SubjectPropertyExplanation
Runtime APIblueriq.runtime.namename of the runtime in the REST API

application.properties

SubjectPropertyExplanation
Security LDAP













blueriq.security.auth-providers.ldap01.typeWhat type of provider is used, in this case it always is 'ldap'

application.properties

blueriq.security.auth-providers.ldap01.connectionUrlThe connection url to the LDAP server

application.properties

blueriq.security.auth-providers.ldap01.userDnThe userDn to connect with the ldap; format should look something like 'cn=LDAP reader,ou=something,dc=company,dc=nl'

application.properties

blueriq.security.auth-providers.ldap01.passwordPassword to connect to the LDAP

application.properties

blueriq.security.auth-providers.ldap01.useTlsboolean to either use TLS or not for the LDAP connection; this setting is not required

application.properties

blueriq.security.auth-providers.ldap01.tls.trustStoreUrlOnly required if useTls is true; the location to the truststore file

application.properties

blueriq.security.auth-providers.ldap01.tls.trustStorePasswordOnly required if useTls is true; The password used to login to the keystore

application.properties

blueriq.security.auth-providers.ldap01.tls.trustStoreTypeOnly required if useTls is true; what type of keystore is used, like 'jks' or 'pkcs12'

application.properties

blueriq.security.auth-providers.ldap01.referralStrategyCan be 'ignore' or 'follow'

application.properties

blueriq.security.auth-providers.ldap01.searchSubtreeUsed for searching in LDAP; boolean value if set to true, not only the current directory will be search, but also underlaying directories.

application.properties

blueriq.security.auth-providers.ldap01.userSearchBaseDnUsed for searching in LDAP; Should look something like 'OU=Gebruikers,DC=company,DC=nl'; points to the directory to where the user search should happen.

application.properties

blueriq.security.auth-providers.ldap01.userSearchAttributeUsed for searching in LDAP; What attribute to use to iddentify as a user, common use is : 'sAMAccountName'

application.properties

blueriq.security.auth-providers.ldap01.groupSearchBaseDnUsed for searching in LDAP; Should look something like 'OU=Groepen,DC=company,DC=nl'; points to the directory to where the group search should happen. Important for the roles for the user

application.properties

blueriq.security.auth-providers.ldap01.groupSearchFilterAttributeUsed for searching groups in ldap; What attribute to use to to filter groups on; This property is not required

application.properties

blueriq.security.auth-providers.ldap01.groupSearchFilterPattern

Used for searching groups in ldap; What pattern to use to to filter groups on;This property is not required;

Should look something like this: 'BQ_*, EVE_*,PRO - *,PRO -*'

Results in: ((<attribute>=BQ_*)(<attribute>=EVE_*)(<attribute>=PRO -*))

application.properties

blueriq.security.auth-providers.ldap01.role-mapping

Used for mapping LDAP groups to Blueriq roles, in the form

..role-mapping.<ldap group 1>=<blueriq role 1>[,<blueriq role 2>,...,<blueriq role n>]
..role-mapping.<ldap group n>=<blueriq role 1>[,<blueriq role 2>,...,<blueriq role n>]

application.properties









SubjectJAVA PropertyExplanationTypeDefault
Security
















blueriq.security.click-jacking-protection.enabledTurn clickjack protection on/off. For more information go to Security: Clickjacking protection.
Booleantrue

application.properties

blueriq.security.click-jacking-protection.content-security-policy.default-srcSet the location where content can be loaded from, if no more specific value (for example font for where fonts can be loaded from) is given there is a fallback to this value. For more information see Security: Clickjacking protection.String'self'

application.properties

blueriq.security.click-jacking-protection.content-security-policy.script-srcSet the location where scripts can be loaded from. For more information see Security: Clickjacking protection.String'self'

application.properties

blueriq.security.click-jacking-protection.content-security-policy.style-srcSet the location where stylesheets can be loaded from. For more information see Security: Clickjacking protection.String'self'

application.properties

blueriq.security.click-jacking-protection.content-security-policy.font-srcSet the location where fonts can be loaded from. For more information see Security: Clickjacking protection.String'self'

application.properties

blueriq.security.click-jacking-protection.content-security-policy.img-srcSet the location where images can be loaded from. For more information see Security: Clickjacking protection.String'self'

application.properties

blueriq.security.click-jacking-protection.content-security-policy.frame-ancestors

Set the valid parent hosts that may embed Blueriq using <frame>, <iframe>, <object>, <embed> or <applet>. For more information see Security: Clickjacking protection.

Available since Blueriq 14.4.

Note that Content Security Policy is not supported by Internet Explorer, so this setting will not have an effect on users that still use Internet Explorer.

String'self'

application.properties

blueriq.security.csrf-protection.enabledTurn Cross Site Request Forgery protection on/off. For more information go to Security: Cross-site scripting protection.
Booleantrue

application.properties

blueriq.security.referrer-policy.enabledEnables mechanism of adding Referrer-Policy header to all outgoing requests.
Booleantrue

 application.properties

blueriq.security.referrer-policy.policySet the Referrer-Policy header value different than default.
Stringreferrerorigin

 application.properties

blueriq.security.x-content-type-protection.enabledAdd the X-Content-Type-Options header to responses to protect against MIME type sniffing. For more information go to Security: Content sniffing protection.
Booleantrue

application.properties

blueriq.security.xss-protection.enabledTurn cross site scripting protection protection on/off. For more information go to Security: Cross-site scripting protection.
Booleantrue

application.properties

blueriq.security.xss-protection.header.enabledTurn the X-XSS-Protection HTTP header on/off.Booleantrue

application.properties

blueriq.security.xss-protection.request-body-validation.enabledEnable the X-XSS-Protection on request body.Booleantrue

application.properties

blueriq.security.xss-protection.request-parameter-validation.enabledEnable the X-XSS-Protection on request parameters.Booleantrue

application.properties

blueriq.security.xss-protection.request-url-validation.enabledEnable the X-XSS-Protection on request url.Booleantrue

application.properties

blueriq.security.xss-protection.multipart-request-validation.enabledEnable the X-XSS-Protection on multipart request.Booleantrue

application.properties

blueriq.security.xss-protection.blacklist.enabledTurn the XSS blacklist on/off.

Boolean

true

application.properties

blueriq.security.xss-protection.whitelist.enabledTurn the XSS whitelist on/off.Booleantrue

application.properties

blueriq.security.xss-protection.whitelist.allowed-protocols

Set the whitelisted protocols in URI attributes.

Example value: 'http,https,mailto'

Comma separated stringempty

application.properties

blueriq.security.xss-protection.whitelist.allowed-tags

Set the whitelisted HTML tags.

Example value: 'b,img'

Comma separated stringempty

application.properties

blueriq.security.xss-protection.whitelist.allowed-global-attributes

Set the whitelisted attributes allowed on any whitelisted HTML tag.

Example value: 'class,title'

Comma separated stringempty

application.properties

blueriq.security.xss-protection.whitelist.allowed-attributes.<tag>

Set the whitelist attributes allowed on a specific whitelisted HTML tag.

Example key: 'blueriq.security.xss-protection.whitelist.allowed-attributes.h1'

Example value: 'class'

Key: string

Value: comma separated string

empty

application.properties

blueriq.security.xss-protection.whitelist.uri-attributes.<tag>=<attr1>,<attr2>Mark which attributes are URI attributes and are subject to the allowed protocols rule. In Java, URI attributes can be defined per tag. In .NET, URI attributes can be defined only globally.

Key: string

Value: comma separated string

empty

application.properties

blueriq.security.xss-protection.whitelist.max-loop-countDefine a limit on the number of sanitization iterations.Integer5

application.properties

blueriq.security.xxe-protection.enabledEnable XML External Entity (XXE) protection.Booleantrue

application.properties

blueriq.security.xxe-protection.disallow-doctype-decl

Disallow doctype declaration processing in XML-files.

Protection is enabled when set to: true.

Booleantrue

application.properties

blueriq.security.xxe-protection.load-external-dtd

Enable loading external DTDs in XML-files.

Protection is enabled when set to: false.

Booleanfalse

application.properties

blueriq.security.xxe-protection.external-general-entities

Enable processing external general entities in XML-files.

Protection is enabled when set to: false.

Booleanfalse

application.properties

blueriq.security.xxe-protection.external-parameter-entities

Enable processing external parameter entities in XML-files.

Protection is enabled when set to: false.

Booleanfalse

application.properties

blueriq.security.xxe-protection.xinclude-aware

Enable processing of XML Inclusions (XInclude) in XML-files.

Protection is enabled when set to: false.

Booleanfalse

application.properties

blueriq.security.xxe-protection.expand-entity-references

Enable expansion of entity references in XML-files.

Protection is enabled when set to: false.

Booleanfalse

application.properties

blueriq.security.http.restricted-methods

Specify the methods that should not be allowed while doing HTTP calls. For more information go to Security: Block HTTP Methods.

Example value: 'head,get,post,options'

Comma separated stringempty

application.properties

blueriq.security.http.runtime.enabled

This property if true enables the default secured access to the runtime interactions.

Booleantrue

application.properties

blueriq.security.login-type

Defines the login type used in Blueriq.

If openid-connect is chosen, openid-connect properties have to be defined as well.

One of:

  • 'form-login'
  • 'openid-connect'
  • 'jwt'
'form-login'

application.properties

blueriq.security.redirect-url-whitelist

Define a whitelist of URLs where the user can be redirected to. If the redirect_uri (for OpenIdConnect login/logout) or the error-redirect (for render document/page and file download) are not in this list, the Runtime will return 400. This list is case sensitive.

If the list is empty, any URL is accepted up to version 14.x. From 15.0 onwards, no URLs are accepted when an empty list is provided.

Comma separated listempty

application.properties

blueriq.security.keystore.locationThe path to the keystore file to be used as repository for security certificates.

Spring Resource

empty

application.properties

blueriq.security.keystore.passwordThe password of the keystore.Stringempty

application.properties

blueriq.security.keystore.default-certificateDefault certificate used to verify signatures when no KeyInfo is provided in the request.Stringempty
blueriq.security.truststore.location

The path to the trust store containing the public keys/certificates of external hosts that should be trusted.

This indicates the trust store that is used for the Soap Service Client.

Spring Resource

empty

application.properties

blueriq.security.truststore.passwordThe password for the truststore file.Stringempty

application.properties

blueriq.security.truststore.default-certificateDefault certificate used to verify signatures when no KeyInfo is provided in the request.Stringempty
blueriq.security.bcrypt-strength

Define the BCrypt strength for password hashing. BCrypt is the default encoder in Blueriq.

Applicable values: number between 4-30 

Performance impact

The higher the number the higher the hashing complexity but also the work to calculate the hash. Each increment is twice as much work. 

Introduced in version 12.13.

Integer10

application.properties

blueriq.security.session-fixation-protection.enabled

Turn session fixation on/off. For more information, see Security: Session Fixation protection.

Introduced in versions 14.11, 13.13.18 and 12.13.39.

Booleantrue

application.properties

blueriq.security.cors.enabled

Enable response headers related to Cross-Origin Resource Sharing.

When disabled, the Same-origin policy implemented in web browsers does not allow scripts with a different origin to call Runtime endpoints. This is the secure default.

Booleanfalse

application.properties

blueriq.security.cors.allowed-originsSpecify origins for the Access-Control-Allow-Origin response header.Comma separated stringempty

application.properties

blueriq.security.cors.allowed-methodsSpecify methods for the Access-Control-Allow-Methods response header.Comma separated stringempty

application.properties

blueriq.security.cors.allowed-headersSpecify headers for the Access-Control-Allow-Headers response header.Comma separated stringempty

application.properties

blueriq.security.cookie-same-site.enabled

Turn on the same site attribute for the cookies in blueriq.  for more information see: Security: SameSite.

Introduced in version 15.0.

Booleantrue

application.properties

blueriq.security.cookie-same-site.value

Define the value for the same site attribute for the cookies in blueriq. for more information see: Security: SameSite.

Introduced in version 15.0.

String'strict'

application.properties




SubjectPropertyDefaultExplanationProperty file

Shortcuts








blueriq.shortcut.[name].flow

The flow of the project that is started


application.properties

blueriq.shortcut.[name].languageCode

The languagecode of the project that is started

application.properties

blueriq.shortcut.[name].project
The name project that is started

application.properties

blueriq.shortcut.[name].theme
The theme of the project that is started

application.properties

blueriq.shortcut.[name].ui
The ui of the project that is started

application.properties

blueriq.shortcut.[name].version
The version of the project that is started

application.properties

blueriq.shortcut.[name].channel
The device channel of the project that is started

blueriq.shortcut.[name].privateAccess


This property indicates if the project reference that is specified in the shortcut is private or not.

Read also Security: Shortcuts and AQ_GetRequestParameters


application.properties




SubjectPropertyDefaultExplanationProperty file
Webresources

blueriq.web-resources.source-location

The location (URL) of additional or overridden web resources. For example file:///d:/resources/webresources/. If not set only web resources from the classpath will be available

application.properties

blueriq.web-resources.cache-key-seed

The seed used to generate a cacheKey for static resources. Set this property if you want to be responsible for invalidating the cache. This probably means you must change the cacheKeySeed every time you change one or more of your custom web resources. Please note that when this property is not set, the cacheKey is changed every time the Blueriq Runtime is restarted

application.properties

blueriq.web-resources.cache-period-seconds31536000The cache period for all static web resources. When null, default behavior is to rely only on 'Last-Modified'
header. When 0, caching is disabled. When > 0 is number of seconds to cache a resource client-side (browser). (31536000 seconds = 365 days)

application.properties



This component is part of an ongoing effort to separate the Process Engine from the Runtime. As this component is still in active development, it's not ready for use in production scenarios. Behavior and interfaces are subject to change.

SubjectPropertyExplanationProperty fileAdditional information

Case Engine Client Component






blueriq.dcm.rabbitmq.host

Settings for the RabbitMQ instance used to communicate with the Case Engine.

application-case-engine-client.properties



blueriq.dcm.rabbitmq.port
blueriq.dcm.rabbitmq.username
blueriq.dcm.rabbitmq.password
blueriq.dcm.rabbitmq.exchangeName

Exchange to which events to the Case Engine should be published

blueriq.dcm.rabbitmq.queueNamesQueue from which events from the Case Engine should be consumed
blueriq.dcm.rabbitmq.virtualHost
blueriq.dcm.concurrency.concurrent-consumersRabbitMQ consumer concurrency settings, used to be able to process multiple messages at the same time. For more information on concurrent consumers see Configuring RabbitMQ.
blueriq.dcm.concurrency.max-concurrent-consumers
blueriq.dcm.case-engine.urlURL and credentials for the Case Engine.
blueriq.dcm.case-engine.username
blueriq.dcm.case-engine.password
blueriq.dcm.execute-automatic-tasksShould this runtime execute automatic tasks? (default = true)If this property is set to false, the blueriq.dcm.rabbitmq.queueNames property can be left empty, as this is the queue from which automatic tasks are read. 

Common used properties

server.servlet.contextPath=/runtime
# do not use spring default multipart configuration
spring.http.multipart.enabled=false
spring.cloud.config.overrideSystemProperties=false
hibernate.use_nationalized_character_data=true

Java Third Party properties

For part of the features we rely on third party libraries. These library's have their own properties like: logging.level.com.aquima=DEBUG. you can find an overview or the Spring properties here: spring-common-application-properties.