You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.

All properties


SubjectPropertyDefaultExplanationProperty fileAdditional information
Aggregates

blueriq.customerdata-client.list.record.limit

10Maxiumum results of the search.

application.properties



blueriq.customerdata-client.url
Url for the customerdata service 

application.properties



blueriq.customerdata-client.username
Username used for authentication against the customerdata service

application.properties



blueriq.customerdata-client.password
Password used for authentication against the customerdata service

application.properties



blueriq.customerdata-client.preemptive-authenticationtrue

Use preemptive authentication

application.properties

since 11.8



SubjectPropertyDefaultExplanationProperty file
Service call type: AQ_MailServiceblueriq.mail.dkim.domain_alias.name
Specifies the domain name for dkim.

application.properties


blueriq.mail.dkim.domain_alias.enabledfalseEnable/disable dkim. 

application.properties


blueriq.mail.dkim.domain_alias.selector
Specifies the DNS selector for dkim.

application.properties


blueriq.mail.dkim.domain_alias.private-key-file
Specify the path to the private key file used for dkim in signing email messages.

application.properties



Properties

SubjectPropertyDefaultExplanationProperty file
Clusterblueriq.session.session-manager
Configures the type of session manager used. The session manager can be 'memory', 'external' or a custom implemented bean.

 application.properties

blueriq.session.request-ward-enabledfalseToggle to enable request wards

application.properties


Messages

SubjectKeyExplanation
Cluster

request-ward.invalid.titleThe title of the error message when request ward validation fails
request-ward.invalid.messageThe error message when request ward validation fails

SubjectPropertyExplanation
CMIS















blueriq.cmis.userThe username needed for the cmis connection.

application-cmis-client.properties

blueriq.cmis.passwordThe password needed for the cmis connection.

application-cmis-client.properties

blueriq.cmis.services-urlThe serviceURL of the cmis connection.

application-cmis-client.properties

blueriq.cmis.repository-idThe repository on the filesystem the cmis connection connects to.

application-cmis-client.properties

blueriq.cmis.objectType-idThe kind of objectType the file is.

application-cmis-client.properties

blueriq.cmis.binding-typeThe type of communication you desire. Currently the only supported value is atompub

application-cmis-client.properties

blueriq.cmis.authProviderClassNameThe classname of the authProvider

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.jwt.ks.fileUrlURL pointing to key store containing RSA private/public keys for JWT signing

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.jwt.ks.passwordKey store password

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.

jwt.ks.blueriqKeyAlias

Alias of key that Blueriq should use for JWT signing

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.

jwt.ks.blueriqKeyPassword

Password for key that Blueriq should use for JWT signing

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.jwt.claims.iss
Standard 'issuer' claim to put in Json Web token

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.jwt.claims.audStandard 'audience' claim to put in Json Web token

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.jwt.claims.subStandard 'subject' claim to put in Json Web token

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.jwt.claims.idpCustom claim to put in Json Web token

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.

jwt.blueriqUser.id.claimName

JWT claim name to put the Blueriq user id in

application-cmis-client.properties

blueriq.cmis.authProviderConfiguration.

jwt.cmisConnector.id.claimName

JWT claim name to put the CMIS connector id in

application-cmis-client.properties

SubjectPropertyExplanation

Connections






blueriq.connection.[name].sql.typeThe type of sql connection (ie. jdbc)

application.properties


blueriq.connection.[name].sql.urlThe url of the datasource which should be connected to.

application.properties


blueriq.connection.[name].sql.driverThe driver that needs to be used to connect to the datasource

application.properties


blueriq.connection.[name].sql.usernameThe username to login to the datasource

application.properties


blueriq.connection.[name].sql.passwordThe password to login to the datasource

application.properties


blueriq.connection.[name].filesystem.pathThe path of the filesystem

application.properties


blueriq.connection.[name].memoryName of a memory connection.

application.properties


blueriq.connection.namesA comma-separated list of connection names, which are later defined using connection.<name>.

application.properties


blueriq.connection.headersA comma-separated list of http-header names which will be send as header on a outgoing request. More info here.

application.properties

@since 11.6
blueriq.connection.[name].http.urlThe URL of the REST web service.

application.properties


blueriq.connection.[name].http.usernameThe username for basic authentication.

application.properties


blueriq.connection.[name].http.passwordThe password for basic authentication.

application.properties


blueriq.connection.[name].http.headerNamesA comma-separated list of http-header names which will be send as header on a outgoing request for this connection. Overrides blueriq.connection.headers. More info here.

application.properties

@since 11.6
blueriq.connection.[name].http.timeoutThe timeout in milliseconds.

application.properties


blueriq.connection.[name].http.authentication

If the Runtime authentication is set to openid-connect, then setting this property to 'openid-connect' will make the webservice send along a bearer Authorization header.

Since Blueriq 13.12, it is also possible to set this property to 'oauth2' for Oauth2 authentication. The next 5 properties will configure Oauth2.

application.properties


blueriq.connection.[name].http.oauth2-token-endpointThe URL of the OAuth2 authentication server, where tokens can be requested(required)

application.properties

@since 13.12
blueriq.connection.[name].http.oauth2-client-idThe id of the client that a token should be requested for
(required)

application.properties

@since 13.12
blueriq.connection.[name].http.oauth2-client-secretThe secret key of the client where a token should be requested for
(required)

application.properties

@since 13.12
blueriq.connection.[name].http.oauth2-grant-typeThe value of the grant type parameter when requesting a token

application.properties

@since 13.12
blueriq.connection.[name].http.oauth2-scopeThe scope that we want to request a token for

application.properties

@since 13.12
blueriq.connection.[name].soap.urlThe URL of the SOAP web service.

application.properties


blueriq.connection.[name].soap.usernameThe username for basic authentication.

application.properties


blueriq.connection.[name].soap.passwordThe password for basic authentication.

application.properties


blueriq.connection.[name].soap.security.implementationsA comma separate list of security implementations (defined using the blueriq.soap.security.* properties)

application.properties


blueriq.connection.[name].soap.timeoutThe timeout in milliseconds.

application.properties


blueriq.connection.[name].soap.headersA comma-separated list of http-header names which will be send as header on a outgoing request for this connection. Overrides blueriq.connection.headers. More info here.

application.properties

@since 11.6
blueriq.connection.[name].email.smtpThe hostname of the SMTP server.

application.properties


blueriq.connection.[name].email.smtpportThe port of the SMTP server.

application.properties


blueriq.connection.[name].email.usernameThe username to use when connecting to the SMTP server.

application.properties


blueriq.connection.[name].email.passwordThe password to use when connecting to the SMTP server.

application.properties


blueriq.connection.[name].email.usetlsIndicates if the SMTP server should be contacted using TLS.

application.properties


blueriq.connection.[name].email.fromaddressAn email address from which to send the email.

application.properties


blueriq.connection.[name].email.toaddressAn email address to which to send the email.

application.properties


blueriq.connection.[name].email.ccaddressesAddresses to put in cc.

application.properties


blueriq.connection.[name].email.bccaddresses


Addresses to put in bcc.

application.properties


blueriq.connection.[name].resource.pathDefines a path to a resource.

application.properties


blueriq.connection.[name].external-flow.projectThe REQUIRED name of the project that contains the flow to be started

application.properties


blueriq.connection.[name].external-flow.versionThe REQUIRED  version of the project that contains the flow to be started, e.g. 0.0-Trunk

application.properties


blueriq.connection.[name].external-flow.flowThe REQUIRED  name of the flow to be started

application.properties


blueriq.connection.[name].external-flow.channelThe OPTIONAL name of the channel be started

application.properties


blueriq.connection.[name].external-flow.baseurlThe OPTIONAL URL of the external host where the target project is on (if omitted the same server is assumed).

application.properties


For the Blueriq Runtime there are two types of datasources that you can define in your properties: jndidatasources or externaldatasources. You can only enable one type by providing the type in the property spring.profiles.active.

Datasource configuration for the Customerdata Service can be found here: Customerdata service#Configuration

SubjectPropertyDefaultExplanation

Property file

spring.profiles.active= externaldatasources

Property file

spring.profiles.active=

jndidatasources

Datasources







blueriq.datasource.[name].url
The url of the datasource which should be connected to.

application-externaldatasources.properties

Only available when you have  externaldatasources enables instead of jndidatasources.

blueriq.datasource.[name].username
The username to login to the datasource

application-externaldatasources.properties

Only available when you have  externaldatasources enables instead of jndidatasources.

blueriq.datasource.[name].password
The password to login to the datasource

application-externaldatasources.properties

Only available when you have  externaldatasources enables instead of jndidatasources.

blueriq.datasource.[name].driverClassName
The driver that needs to be used to connect to the datasource

application-externaldatasources.properties

Only available when you have  externaldatasources enables instead of jndidatasources.

blueriq.datasource.[name].jndiName
The name of the jndi datasource connection.

Only available when you have jndidatasourcesinstead of externaldatasources.

application-jndidatasources.properties

blueriq.hibernate.[name].hbm2ddl.autovalidateWhen starting server (SessionFactory) create/update/create-drop/validate

application-externaldatasources.properties

application-jndidatasources.properties

blueriq.hibernate.[name].dialect
The dialect that hibernate should use.

application-externaldatasources.properties

application-jndidatasources.properties

blueriq.hibernate.[name].use_nationalized_character_data

trueEnable nationalized character support on all string / clob based attributes ( string, char, clob, text etc ). Note that this property by defaults to true because 'hibernate.use_nationalized_character_data' is set in application.properties that is packaged in the default runtime WAR. When using H2 this property should be set to 'false' because H2 does not have specific nationalized data types. For more information about it's usage see: UTF8 support.

application-externaldatasources.properties

application-jndidatasources.properties

The development properties only apply when the profile development-tools is added to the Spring.active.profiles

Since Blueriq 13.13 the development tools have been updated. The new toolset, which has been available to activate for a long time, has now been made the default.

We still support the old toolset, switching between the two version is described on page Switching between development toolsets

SubjectPropertyExplanationExample
Development


logging.file.name=C:/Deployments/logs/runtime.logThe file in which to write the log

application.properties

blueriq.development.sessionStore.dir=C:/Deployments/SessionStore/Path to where the sessionstore file can be found.(if property is present, it will be enabled by default)

application-development-tools.properties

blueriq.development.showToolbar=trueDevelopment Toolbar on/off. default is true

application-development-tools.properties

blueriq.development.usePasswordEncryption=trueWhen editing properties encrypt passwords before saving them.

application-development-tools.properties

blueriq.development.settingsExternallyManaged=falseWhen properties can not be managed by the Blueriq 'development-tools' this can disable the settings menu and reload settings button.

application-development-tools.properties

blueriq.external.themes.[name].baseUrl

URL where the external theme is can be reached.

When using a custom made them which is not configured via the Runtime using an STG, but rather via a CDN or reverse proxy. An external theme can be configured so that the development dashboard can create URL's to the corresponding targets.

https://example.com/

application-development-tools.properties

blueriq.external.themes.[name].template.flow

RFC-6570 URI template for creating a start flow request. 

By combining the baseUrl and template.flow properties a full URL is formed. 

The variables which can be used in the URI template are: 

flow

- name of the flow to start

project

- name of the project to use

version

- project version to use

languageCode

- code of the language to use

testPath

- name of the test path to use

The combined URL will be expanded in development dashboard.

/flow/{project}/{flow}
/{version}/{languageCode}

With test path:

/flow/{project}/{flow}
/{version}/{languageCode}{?testPath}

application-development-tools.properties

blueriq.external.themes.[name].template.shortcut

RFC-6570 URI template for creating a start shortcut request. 

By combining the baseUrl and template.shortcut properties a full URL is formed.

The variables which can be used in the URI template are: 

shortcut
- name of the shortcut to start


The combined URL will be expanded in development dashboard.
/shortcut/{shortcut}

application-development-tools.properties

blueriq.external.themes.[name].template.session

RFC-6570 URI template for creating a continue session request.

By combining the baseUrl and template.session properties a full URL is formed.

The variables which can be used in the URI template are: 

sessionId

- id of the session to continue

The combined URL will be expanded in development dashboard.

/session/{sessionId}

application-development-tools.properties

SubjectPropertyExplanation 
Domain Schema

blueriq.domainschema.infinite-loop-detection-limit

Sets the limit for loops in case of domain schema in domain schema relations.

application.properties

SubjectPropertyExplanation
Exports


blueriq.exports.enabledBoolean to enable usage of exports. Default is false. 

application.properties

blueriq.exports.descriptionThe group name of all the exports shown in the dev dashboard

application.properties

blueriq.exports.prefixThe prefix in front of the export project when started.

application.properties

blueriq.exports.folderThe folder in the configuration folder where the exports are.

application.properties

blueriq.exports.filesDirect location of (an) export file(s). Comma seperated.

application.properties

SubjectPropertyExplanation
Exports


blueriq.exports-r8.enabledBoolean to enable usage of R8 type (Blueriq 8 - 11) exports. Default is false.

application.properties

blueriq.exports-r8.descriptionThe group name of all the R8 type (Blueriq 8 - 11) exports shown in the dev dashboard

application.properties

blueriq.exports-r8.prefixThe prefix in front of the R8 type (Blueriq 8 - 11) export project when started.

application.properties

blueriq.exports-r8.folderThe folder in the configuration folder where the exports R8 type (Blueriq 8 - 11) are.

application.properties

blueriq.exports-r8.filesDirect location of (an) export R8 type (Blueriq 8 - 11) file(s). Comma seperated.

application.properties

With Blueriq 11.0 we introduced legacy properties that will be available for one major version and are immediately deprecated from the moment of introduction. The properties should therefore preferably not be used but may help during a transitioning period towards the new behavior.
SubjectPropertyExplanationDefaultIntroduced inRemoved in 
XML in Web Servicesblueriq.legacy.create-empty-elements-for-unknownsControls whether the legacy behaviour of generating empty elements for unknown relations should be enabled.falseBlueriq 11.6

Changed to feature toggle in Blueriq 14.0: blueriq.webservices.create-empty-elements-for-unknowns

application.properties

Datamapping when cancel taskblueriq.legacy.execute-datamapping-on-cancel-taskControls whether the legacy behavior of executing the datamapping when cancelling a task is enabled.falseBlueriq 12.12.1Blueriq 14.0

application.properties

Flow transaction rollbackblueriq.legacy.rollback-unknown-relation-to-empty-listControls whether previously unknown multi value relations should be rolled back to an empty list instead of unknown on transaction failurefalseBlueriq 12.13.19 and Blueriq 13.9Blueriq 14.0

application.properties

Container type: AQ_InstanceListblueriq.legacy.single-field-instance-list-paginationControls whether the legacy behavior of using a single Field for pagination in the AQ_InstanceList should be enabled.
NB: the new behavior adds a Container which contains two text Assets and a Field for pagination.
falseBlueriq 13.13Blueriq 15.0

application.properties

Process Engineblueriq.legacy.use-legacy-case-unlockingWith the legacy behavior, checking if a case is locked and unlocking a case is done in Hibernate. This in contrast with acquiring a lock, which is done directly on the database. The new behavior is to check/unlock directly in the database as well and also throw an exception when a case is unlocked that was not locked.false

Blueriq 13.13.17

Blueriq 14.10.1

Blueriq 16.0

application.properties





SubjectPropertyExplanation
Example
Misc






blueriq.production.shortcuts-onlyOnly possible to start flows with shortcut (instead of 'dash start url')

application.properties


blueriq.fileupload.maxuploadsize

maximum request size for the built-in file upload container, in bytes.

Note: this is per request, so if you upload multiple files in one go, the total size of those files is validated against this property.

application.properties

# set the max upload size to 10 MB

blueriq.fileupload.maxuploadsize=10485760

blueriq.fileupload.detect-content-type

Guesses the content type of uploaded files based on the actually uploaded data, instead of using the content type as present in the request.

From a security perspective, it is advised that this option is enabled to reject malicious uploads.

Available since R12.10, defaults to true.

application.properties


blueriq.fileupload.validate-content-type

If enabled, the content type of the file is used to determine the supposed extension that is then validated against the list of allowed extensions.

From a security perspective, it is advised that this option is enabled to reject malicious uploads.

Available since R12.10, defaults to true.



blueriq.documents.base-folder

The base directory for documents resources. . For example D:/yourlocation/documents/. You only need to set this property when the /documents folder is not located in the spring.config.additional-location

application.properties


blueriq.license

the license for blueriq (content of the license file). Property is optional. One should set either this property or place a license file in the spring.config.additional-location folder , behaviour is undefined if both are set.

application.properties

The property blueriq.license should contain the contents of the license file, not the path to the license file. The value should be something like:

blueriq.license=0MtWfrubLL4Rq6TH/4TfNleRJqJHtSQIYe070...

blueriq.cache.timeoutThis property is used to specified the timeout that has to pass before the data in the aggregate / Process statistics container is considered not up to date and has to be reloaded.

application.properties


blueriq.runtimekeys.enabledThe element keys created by the Runtime that are send to the browser to build the HTML are now containing the element name prefixed by the page ID. E.g. P108-C0-C0-F0 is now P108_Person_Firstname_1. This way, the pagemodel which is used to build the HTML is more stable and in turn leads to a more predictable way of testing. This functionality is enabled by default.

application.properties


blueriq.webservices.create-empty-elements-for-unknowns

Controls whether generating empty elements for unknown relations should be enabled.

This property is available in Blueriq 14. Use the Legacy Property in earlier versions.

application.properties


blueriq.webservices.structured-input-validation

The webservice responses can be returned by Blueriq in a more structured way when input validations are triggered so those can be used in the model of the receiver. When this functionality is enabled, the error message returned for an invalid request is split up in such a way that validation messages can be handled separately and indicate the exact instance which is not valid. When this functionality is disabled, the error message is one string containing the validation message.

This functionality only applies to REST services based on domain schemas.

This functionality is disabled by default.

application.properties


Model Preloading properties

Note: these properties were introduced in Blueriq 13.8

SubjectPropertyExplanationDefault valueProperty fileExample
Model preloading






blueriq.modelpreload.enabled

If true, preloading of configured application models during Runtime startup is enabled

false

application.properties


blueriq.modelpreload.before-requests

If false, preload the application models after the Runtime is ready to accept HTTP requests. Otherwise the models will be preloaded before HTTP requests are accepted.

true

application.properties


blueriq.modelpreload.models

A map of application models (name and versions) to preload. Only application models that are in this list will preloaded if preloading is enabled.


application.properties

blueriq.modelpreload.models.MyApp1=0.0-Trunk,0.0-FeatureX,0.0-FeatureY

blueriq.modelpreload.models.MyApp2=0.0-Trunk

SubjectPropertyDefaultExplanationProperty file
Multi-tenacy

blueriq.multi-tenancy.enabled

falseToggle to enable multi-tenancy.

application.properties


blueriq.multi-tenancy.allowed-tenants

List of comma separated tenant names. Tenant names can contain letters, digits and '-' (dashes).

For example:

blueriq.multi-tenancy.allowed-tenants=google,apple

application.properties


blueriq.multi-tenancy.http-header
The name of the HTTP header which the Runtime can retrieve the tenant name

application.properties


SubjectPropertyExplanation 
MVC UI - deprecated



blueriq.mvc.development-modeTurning mvc development mode on or off.

application.properties

blueriq.mvc.themes.[theme].template-group-filePath to where the stg file can be found.

application.properties

blueriq.mvc.themes.[theme].template-nameName of the mvcui template.

application.properties

blueriq.mvc.active-themesThe themes that are active in the Runtime. The theme names listed here (as a comma separated list) must match the theme names that are used with the properties above. Not all defined themes need to be active. Only the active ones will be shown in the development dashboard. This is useful for overriding the default styling that is packaged with Blueriq.

application.properties

spring.mvc.dispatch-options-requestThis is a spring mvc property that enables the dispatcher to listen to OPTIONS request methods.

application.properties

Example

blueriq.mvc.themes.bootstrap3.template-group-file=UI/mvc/v2/bootstrap3.stg
blueriq.mvc.themes.bootstrap3.template-name=main
blueriq.mvc.active-themes=bootstrap3

SubjectJAVA PropertyExplanation
OpenID Connectblueriq.security.openid-connect.use-discoveryBoolean property which enables Blueriq to read identity provider specific properties from an specific exposed location if the value is true, or to read them from application.properties if the value is false. Default: false.

application.properties


blueriq.security.openid-connect.keys-endpoint

Location from where Blueriq loads the public keys. In order to work, blueriq.security.openid-connect.use-discovery must be true.

Example for Keycloak: http://<server>:<port>/auth/realms/<realm name>/protocol/openid-connect/certs

Note: this property was introduced in 11.4 and removed in 11.5 with the introduction of the discovery feature.

application.properties


blueriq.security.openid-connect.public-keys.<key id>Defines the <key id, public key> mappings that are loaded by Blueriq if blueriq.security.openid-connect.use-discovery is false.

application.properties


blueriq.security.openid-connect.client-id

The client-id of the Runtime, as defined at the identity provider.

application.properties


blueriq.security.openid-connect.client-secret

The client secret of the Runtime, as defined at the identity provider. This value is used, for example, to complete the OpenID Connect Authorization Code Flow, when exchanging the authorization code for ID and access tokens.

application.properties


blueriq.security.openid-connect.scopes

The OpenID Connect scopes used when starting the Authorization Code flow. The scopes must include the value "openid" in order for the identity provider to recognize that the OpenID Connect Authorization Code flow must be initiated. If "openid" is not specified as a scope, the identity provider may instead initiate the OAuth2 Authorization Code flow (depends on the identity provider in use). Multiple scopes can be specified separated with coma.

application.properties


blueriq.security.openid-connect.token-endpoint

the URL of the endpoint where access codes can be exchanged for ID and access tokens.

Example for Keycloak: http://<host>:<port>/auth/realms/<realm name>/protocol/openid-connect/token

application.properties


blueriq.security.openid-connect.token-endpoint-parameters.<name>=<value>

Additional custom parameters to be sent to the token endpoint. For example;

blueriq.security.openid-connect.token-endpoint-parameters.audience=https://example.eu.auth0.com/api/v2/

application.properties


blueriq.security.openid-connect.authorization-endpoint

the URL where the OpenID Connect Authorization Code flow can be started.

Example for Keycloak: http://<host>:<port>/auth/realms/<realm name>/protocol/openid-connect/auth

application.properties


blueriq.security.openid-connect.authorization-endpoint-parameters.<name>=<value>

Additional custom parameters to be sent to the authorization endpoint. For example;

blueriq.security.openid-connect.authorization-endpoint-parameters.audience=https://example.eu.auth0.com/api/v2/

application.properties


blueriq.security.openid-connect.token-issuer

The expected issuer in the "iss" claim of JWT tokens. A received JWT which does not have this exact, case-sensitive value in its "iss" claim will be rejected as invalid.

application.properties


blueriq.security.openid-connect.roles-path

The comma-separated path to the roles claim in the JWT body. For example if the JWT body contains the following claims:


{
  ... other claims ...
  "realm_access": [
    "roles": ["role1", "role2"]
  ]
  ... other claims ...
}

then this property should be set to "realm_access,roles" in order to indicate that the roles claim nested within the realm_access claim represents the user's roles.

application.properties


blueriq.security.openid-connect.teams-path

The comma-separated path to the teams claim in the JWT body. See roles-path above for an example.

application.properties


blueriq.security.openid-connect.role-mapping.<role-claim>

Maps a role claim to zero, one or multiple Blueriq roles. If a role claim does not have a mapping, it is considered to have an implicit identity mapping.

Example: blueriq.security.openid-connect.role-mapping.employee=authenticated_user,vu_employee

(all users which have the employee role at the identity provider will have the authenticated_user and vu_employee roles in Blueriq)

application.properties


blueriq.security.openid-connect.team-mapping.<team-claim>

Maps a team claim to zero, one or multiple Blueriq teams. If a team claim does not have a mapping, it is considered to have an implicit identity mapping.

Example: blueriq.security.openid-connect.team-mapping.amsterdam=europe,netherlands

(all users which have the amsterdam team at the identity provider will have the europe and netherlands teams in Blueriq)

application.properties


blueriq.security.openid-connect.check-audience

Boolean indicating whether the audience claim should be checked. If true, the audience claim must contain the Runtime's client-id. All JWTs which do not contain the Runtime's client-id in the audience claim are rejected as invalid.

When false, the audience claim is not checked. Default: false.

application.properties


blueriq.security.openid-connect.sso-logout

Boolean indicating whether when logging out of Blueriq the user should be logged out of the Single-Sign-On session as well.

Default: false

application.properties


blueriq.security.openid-connect.end-session-endpointWhen sso-logout is true, the Runtime redirects to this URL at the identity provider in order to log out of the Single-Sign-On session.

application.properties


blueriq.security.openid-connect.username-path

The comma-separated path to the username claim in the JWT body. For example if the JWT body contains the following claims:

{
  ... other claims ...
  "realm_access": [
    "nickname": "username"
  ]
  ... other claims ...
}

then this property should be set to "realm_access,nickname" in order to indicate that the nickname claim nested within the realm_access claim represents the username.

Auth0 will include the claim nickname in the JWT body when the scope profile is added to the list of scopes. We suggest to set this property to "nickname" when using Auth0.

If no value is specified, the default value is used: preferred_username.

application.properties


blueriq.security.openid-connect.user-info-endpointthe URL of the OpenID Connect UserInfo endpoint. This endpoint provides information about the user associated with an access token. It is used when the access token is not a JWT.

application.properties


blueriq.security.openid-connect.user-info-endpoint-parameters.<name>=<value>

Additional custom parameters to be sent to the user info endpoint. For example;

blueriq.security.openid-connect.user-info-endpoint-parameters.audience=https://example.eu.auth0.com/api/v2/

application.properties

The property retain-required-tasks has been added

SubjectJAVA PropertyExplanation
Processes and DCM





blueriq.timer.intervalTimer interval of when to check timed tasks - (values must now be MINUTE, HOUR or NEVER, caps are required)

application.properties

blueriq.scheduler-quartz.advanced-scheduler

Property to enable the advanced scheduler

Default: false

application.properties

blueriq.migrate.displaynames.endpoint.enabledActivates the migration endpoint for processing and updating the cases and tasks display names

application.properties

 blueriq.processengine.cancel-started-tasks

Will cancel all started tasks when the runtime starts.

This property does not work as intended for production environments where the runtime is installed on multiple nodes. Starting a new (or restarting a running node) might cancel tasks that are in use. For that scenario we recommend to use the Reopening Tasks endpoint exposed by the CancelAllStartedTasks from the Scheduler Maintenance REST API or the Backend REST API V1

Default: false

application.properties

blueriq.processengine.retain-required-tasksIf true, ad-hoc tasks for which the precondition becomes false will not be automatically canceled (pre R11 behaviour). Defaults to false.

application.properties

blueriq.processengine.worklist.limit

Limit of amount of items shown in the worklist

Default: 1000

application.properties

blueriq.processengine.caselist.limit

Limit of amount of items shown in the caselist

Default: 1000


blueriq.processengine.default-app-id-ignore-mode

To influence the behavior of models that normally make use of the application Id for whole server (Control applicationId behavior)

Default: none

application.properties

blueriq.processengine.app-id-ignore-modes.[app-id]To influence the behavior of models that normally make use of the application Id, but per project.

application.properties

blueriq.processengine.default-ignore-unknown-attributesIndicates whether attributes stored in the process database which are no longer in the model should be ignored. By default, these attributes are not ignored and an error is raised when such an attribute is found in the database. To ignore the attributes, set this property to true.

application.properties

blueriq.processengine.ignore-unknown-attributes.[app-name]Same as blueriq.processengine.default-ignore-unknown-attributes, but allows enabling this setting on a per-application basis. The application-specific setting takes precedence over the global setting.

application.properties

blueriq.processengine.default-ignore-unknown-entitiesIndicates whether entity instances stored in the process database which are no longer in the model should be ignored. By default, these entity instances are not ignored and an error is raised when such an entity instance is found in the database. To ignore the entity instances, set this property to true.

application.properties

blueriq.processengine.ignore-unknown-entities.[app-name]Same as blueriq.processengine.default-ignore-unknown-attributes, but allows enabling this setting on a per-application basis. The application-specific setting takes precedence over the global setting.

application.properties

blueriq.processlist.default-app-id-ignore-mode

application.properties

blueriq.processlist.app-id-ignore-modes.[app-id]

application.properties

blueriq.process-sql-store.oracle.case-insensitive-search-enabledThis property enables case insensitive searching for oracle. For more information see: How to enable case insensitive search on case data for Oracle

application.properties







SubjectPropertyExplanation
Publisherclient





blueriq.hibernate.publisher-client.main.hbm2ddl.auto=validateSpecifies the hibernate property for publisherclient connection.

application-publisher-client.properties

blueriq.hibernate.publisher-client.dialect=org.hibernate.dialect.Oracle12cDialectExample: blueriq.hibernate.publisherclient.dialect=org.hibernate.dialect.Oracle12cDialect

application-publisher-client.properties

blueriq.datasource.publisher-client.database.url=jdbc:oracle:{host}:{port}:{servicename}The url of the publisher database.

application-publisher-client.properties

blueriq.datasource.publisher-client.database.driverClassName=oracle.jdbc.driver.OracleDriver

The driverclassname of the publisher database.

application-publisher-client.properties

blueriq.datasource.publisher-client.database.username={Username}The username to log in the database.

application-publisher-client.properties

blueriq.datasource.publisher-client.database.password={password}

The password to log in the database.

application-publisher-client.properties

blueriq.publisher-client.environmentName=Test

application-publisher-client.properties



SubjectPropertyExplanation 
Runtime API

blueriq.oauth2.client-idThe username (id) so a oAuth user can login to the REST API.

application.properties

blueriq.oauth2.secretThe password so a oAuth user can login to the REST API.

application.properties

blueriq.runtime.namename of the runtime in the REST API

application.properties

 

 

 

 

SubjectPropertyExplanation
Security LDAP













blueriq.security.auth-providers.ldap01.typeWhat type of provider is used, in this case it always is 'ldap'

application.properties

blueriq.security.auth-providers.ldap01.connectionUrlThe connection url to the LDAP server

application.properties

blueriq.security.auth-providers.ldap01.userDnThe userDn to connect with the ldap; format should look something like 'cn=LDAP reader,ou=something,dc=company,dc=nl'

application.properties

blueriq.security.auth-providers.ldap01.passwordPassword to connect to the LDAP

application.properties

blueriq.security.auth-providers.ldap01.useTlsboolean to either use TLS or not for the LDAP connection; this setting is not required

application.properties

blueriq.security.auth-providers.ldap01.tls.trustStoreUrlOnly required if useTls is true; the location to the truststore file

application.properties

blueriq.security.auth-providers.ldap01.tls.trustStorePasswordOnly required if useTls is true; The password used to login to the keystore

application.properties

blueriq.security.auth-providers.ldap01.tls.trustStoreTypeOnly required if useTls is true; what type of keystore is used, like 'jks' or 'pkcs12'

application.properties

blueriq.security.auth-providers.ldap01.referralStrategyCan be 'ignore' or 'follow'

application.properties

blueriq.security.auth-providers.ldap01.searchSubtreeUsed for searching in LDAP; boolean value if set to true, not only the current directory will be search, but also underlaying directories.

application.properties

blueriq.security.auth-providers.ldap01.userSearchBaseDnUsed for searching in LDAP; Should look something like 'OU=Gebruikers,DC=company,DC=nl'; points to the directory to where the user search should happen.

application.properties

blueriq.security.auth-providers.ldap01.userSearchAttributeUsed for searching in LDAP; What attribute to use to iddentify as a user, common use is : 'sAMAccountName'

application.properties

blueriq.security.auth-providers.ldap01.groupSearchBaseDnUsed for searching in LDAP; Should look something like 'OU=Groepen,DC=company,DC=nl'; points to the directory to where the group search should happen. Important for the roles for the user

application.properties

blueriq.security.auth-providers.ldap01.groupSearchFilterAttributeUsed for searching groups in ldap; What attribute to use to to filter groups on; This property is not required

application.properties

blueriq.security.auth-providers.ldap01.groupSearchFilterPattern

Used for searching groups in ldap; What pattern to use to to filter groups on;This property is not required;

Should look something like this: 'BQ_*, EVE_*,PRO - *,PRO -*'

Results in: ((<attribute>=BQ_*)(<attribute>=EVE_*)(<attribute>=PRO -*))

application.properties

blueriq.security.auth-providers.ldap01.role-mapping

Used for mapping LDAP groups to Blueriq roles, in the form

..role-mapping.<ldap group 1>=<blueriq role 1>[,<blueriq role 2>,...,<blueriq role n>]
..role-mapping.<ldap group n>=<blueriq role 1>[,<blueriq role 2>,...,<blueriq role n>]

application.properties









SubjectJAVA PropertyExplanation
Security
















blueriq.security.click-jacking-protection.enabledTurning clickjack protection on/off. For more information go to Security: Clickjacking protection

application.properties

blueriq.security.click-jacking-protection.content-security-policy.default-srcSet the location where content can be loaded from, if no more specific value (for example font for where fonts can be loaded from) is given there is a fallback to this value. For more information see Security: Clickjacking protection.

application.properties

blueriq.security.click-jacking-protection.content-security-policy.script-srcSet the location where scripts can be loaded from. For more information see Security: Clickjacking protection.

application.properties

blueriq.security.click-jacking-protection.content-security-policy.style-srcSet the location where stylesheets can be loaded from. For more information see Security: Clickjacking protection.

application.properties

blueriq.security.click-jacking-protection.content-security-policy.font-srcSet the location where fonts can be loaded from. For more information see Security: Clickjacking protection.

application.properties

blueriq.security.csrf-protection.enabledTurning Cross Site Request Forgery protection on/off. For more information go to Security: Cross-site scripting protection

application.properties

blueriq.security.strict-transport-protection.enabledTurning strict transport protection protection on/off. For more information go to Security: HTTP Strict Transport Security

application.properties

blueriq.security.x-content-type-protection.enabledTurning x-content type protection protection on/off. For more information go to Security: Content sniffing protection

application.properties

blueriq.security.xss-protection.enabledTurning cross site scripting protection protection on/off. For more information go to Security: Cross-site scripting protection

application.properties

blueriq.security.xss-protection.header.enabledTurns the X-XSS-Protection HTTP header on/off.

application.properties

blueriq.security.xss-protection.request-validation.enabledTurns cross site scripting validator filter on request body on/off.

application.properties

blueriq.security.xss-protection.blacklist.enabledTurns the XSS blacklist on/off.

application.properties

blueriq.security.xss-protection.whitelist.enabledTurns the XSS whitelist on/off.

application.properties

blueriq.security.xss-protection.whitelist.allowed-protocols=http,httpsSets the whitelisted protocols in URI attributes.

application.properties

blueriq.security.xss-protection.whitelist.allowed-tags=b,imgSets the whitelisted HTML tags.

application.properties

blueriq.security.xss-protection.whitelist.allowed-global-attributes=class,titleSets the whitelisted attributes allowed on any whitelisted HTML tag.

application.properties

blueriq.security.xss-protection.whitelist.allowed-attributes.<tag>=<attr1>,<attr2>Sets the whitelist attributes allowed on a specific whitelisted HTML tag

application.properties

blueriq.security.xss-protection.whitelist.uri-attributes.<tag>=<attr1>,<attr2>Marks which attributes are URI attributes and are subject to the allowed protocols rule. In Java, URI attributes can be defined per tag. In .NET, URI attributes can be defined only globally.

application.properties

blueriq.security.xss-protection.whitelist.max-loop-count=5Defines a limit on the number of sanitization iterations.
blueriq.security.http.restricted-methods=head,optionsSpecifies the methods that should not be allowed while doing HTTP calls.  For more information go to Security: Block HTTP Methods

application.properties

blueriq.security.http.interactions.enabledThis property if true enables the default secured access to the runtime interactions.

application.properties

blueriq.security.auth-providers.ldap01.url


blueriq.security.login-typeDefines the login type used in Blueriq. Possible values: form-loginopenid-connect, kerberos. This property is not mandatory and default value is form-login. If openid-connect is chosen, openid-connect properties have to be defined as well.

application.properties

blueriq.security.redirect-url-whitelistDefines a whitelist of URLs where the user can be redirected to. If the redirect_uri (for OpenIdConnect login/logout) or the error-redirect (for render document/page and file download) are not in this list, the Runtime will return 400. If the list is empty, any URL is accepted.

application.properties

blueriq.security.keystore.locationThe path to the keystore file to be used as repository for security certificates

application.properties

blueriq.security.keystore.passwordThe password of the keystore

application.properties

blueriq.security.truststore.locationThe path to the trust store containing the public keys/certificates of external hosts that should be trusted

application.properties

blueriq.security.truststore.passwordThe password for the truststore file.

application.properties

blueriq.security.bcrypt-strength

Defines the BCrypt strength for password hashing. BCrypt is the default encoder in Blueriq.

Default value : 10 

Applicable values : number between 4-30

Performance impact

The higher the number the higher the hashing complexity but also the work to calculate the hash. Each increment is twice as much work. 

Introduced in version 12.13

application.properties

blueriq.security.session-fixation-protection.enabled

Turns session fixation on/off. For more information, see Security: Session Fixation protection

Default value: false

Introduced in 13.13.18

application.properties





SubjectPropertyDefaultExplanationProperty file

Shortcuts








blueriq.shortcut.[name].flow

The flow of the project that is started


application.properties

blueriq.shortcut.[name].languageCode

The languagecode of the project that is started

application.properties

blueriq.shortcut.[name].project
The name project that is started

application.properties

blueriq.shortcut.[name].theme
The theme of the project that is started

application.properties

blueriq.shortcut.[name].ui
The ui of the project that is started

application.properties

blueriq.shortcut.[name].version
The version of the project that is started

application.properties

blueriq.shortcut.[name].channel
The device channel of the project that is started

blueriq.shortcut.[name].privateAccess


This property indicates if the project reference that is specified in the shortcut is private or not.

Read also Security: Shortcuts and AQ_GetRequestParameters


application.properties




SubjectPropertyDefaultExplanationProperty file
Studio





blueriq.studio.description
Description of the studio

application-development-tools.properties

blueriq.studio.prefix
The prefix in front of the studio project when started.

application-development-tools.properties

blueriq.studio.domain
Network domain where the studio is in.

application-development-tools.properties

blueriq.studio.url
The url of the studio in the network

application-development-tools.properties

blueriq.studio.authentication

Method of authentication (NTLM/custom/kerberos/etc) that the studio uses

Authentication can be KERBEROS, KERBEROS_CUSTOM, NTLM, NTLM_CUSTOM or BASIC

application-development-tools.properties

blueriq.studio.username
Username for the studio management service

application-development-tools.properties

blueriq.studio.password
Password for the studio management service

application-development-tools.properties



SubjectPropertyDefaultExplanationProperty file
Webresources

blueriq.web-resources.source-location

The location (URL) of additional or overridden web resources. For example file:///d:/resources/webresources/. If not set only web resources from the classpath will be available

application.properties

blueriq.web-resources.cache-key-seed

The seed used to generate a cacheKey for static resources. Set this property if you want to be responsible for invalidating the cache. This probably means you must change the cacheKeySeed every time you change one or more of your custom web resources. Please note that when this property is not set, the cacheKey is changed every time the Blueriq Runtime is restarted

application.properties

blueriq.web-resources.cache-period-seconds31536000The cache period for all static web resources. When null, default behavior is to rely only on 'Last-Modified'
header. When 0, caching is disabled. When > 0 is number of seconds to cache a resource client-side (browser). (31536000 seconds = 365 days)

application.properties



SubjectPropertyDefaultExplanationProperty fileAdditional information
External Flow Component

blueriq.external-flow.store-type

memoryThe data store type, having two possible values: memory and redis. memory is the default one.

application-external-flow.properties



blueriq.external-flow.redis-store.database0The Database index used by the connection factory.

application-external-flow.properties



blueriq.external-flow.redis-store.hostlocalhostThe REQUIRED DNS name or IP address of the Redis server.

application-external-flow.properties

No default before 13.4

blueriq.external-flow.redis-store.port6379

The REQUIRED port on which to connect to Redis.

application-external-flow.properties

Default before 13.4: -1

blueriq.external-flow.redis-store.sslfalseWhether to enable SSL support

application-external-flow.properties

Since 13.4

blueriq.external-flow.redis-store.password
The password used to connect to Redis, can be left empty if no password is required.

application-external-flow.properties



blueriq.external-flow.redis-store.read-timeout-millis

10000Timeout (ms) for read operations 

application-external-flow.properties

Since 12.8

Removed in 13.4



blueriq.external-flow.redis-store.connect-timeout-millis

10000Timeout (ms) for connect operations

application-external-flow.properties

Since 12.8

Removed in 13.4


blueriq.external-flow.redis-store.timeout2000Timeoud (ms) for connect and read operations

application-external-flow.properties

Since 13.4

blueriq.external-flow.redis-store.client-name
Client name to be set on connections. Can be left empty.

application-external-flow.properties


Redis pool configurationblueriq.external-flow.redis-store.pool.maxIdle8Maximum number of "idle" connections in the pool. Use a negative value to indicate an unlimited number of idle connections.

application-external-flow.properties

Removed in 13.4

blueriq.external-flow.redis-store.pool.minIdle0Target for the minimum number of idle connections to maintain in the pool. This setting only has an effect if it is positive.

application-external-flow.properties

Removed in 13.4

blueriq.external-flow.redis-store.pool.maxActive8Maximum number of connections that can be allocated by the pool at a given time. Use a negative value for no limit.

application-external-flow.properties

Removed in 13.4

blueriq.external-flow.redis-store.pool.maxWait-1Maximum amount of time a connection allocation should block before throwing an exception when the pool is exhausted. Use a negative value to block indefinitely.

application-external-flow.properties

Removed in 13.4

blueriq.external-flow.redis-store.jedis.pool.maxIdle8Maximum number of "idle" connections in the pool. Use a negative value to indicate an unlimited number of idle connections.

application-external-flow.properties

Since 13.4

blueriq.external-flow.redis-store.jedis.pool.minIdle0Target for the minimum number of idle connections to maintain in the pool. This setting only has an effect if it is positive.

application-external-flow.properties

Since 13.4

blueriq.external-flow.redis-store.jedis.pool.maxActive8Maximum number of connections that can be allocated by the pool at a given time. Use a negative value for no limit.

application-external-flow.properties

Since 13.4

blueriq.external-flow.redis-store.jedis.pool.maxWait-1Maximum amount of time a connection allocation should block before throwing an exception when the pool is exhausted. Use a negative value to block indefinitely.

application-external-flow.properties

Since 13.4

blueriq.external-flow.redis-store.jedis.pool.timeBetweenEvictionRuns

Time between runs of the idle object evictor thread. When positive, the idle object evictor thread starts, otherwise no idle object eviction is performed.

Can be left empty.

application-external-flow.properties

Since 13.4



This component is part of an ongoing effort to separate the Process Engine from the Runtime. As this component is still in active development, it's not ready for use in production scenarios. Behavior and interfaces are subject to change.

SubjectPropertyExplanationProperty fileAdditional information

Case Engine Client Component - under development






blueriq.dcm.rabbitmq.host

Settings for the RabbitMQ instance used to communicate with the Case Engine.

application.properties


blueriq.dcm.rabbitmq.port
blueriq.dcm.rabbitmq.username
blueriq.dcm.rabbitmq.password
blueriq.dcm.rabbitmq.exchangeName

Exchange to which events to the Case Engine should be published

blueriq.dcm.rabbitmq.queueNamesQueue from which events from the Case Engine should be consumed
blueriq.dcm.rabbitmq.virtualHost
blueriq.dcm.case-engine.urlURL and credentials for the Case Engine.

application.properties


blueriq.dcm.case-engine.username
blueriq.dcm.case-engine.password

Common used properties

server.servlet.contextPath=/runtime
# do not use spring default multipart configuration
spring.http.multipart.enabled=false
spring.cloud.config.overrideSystemProperties=false
hibernate.use_nationalized_character_data=true

Java Third Party properties

For part of the features we rely on third party libraries. These library's have their own properties like: logging.level.com.aquima=DEBUG. you can find an overview or the Spring properties here: spring-common-application-properties.

  • No labels