, button.
Please note that all of the parameters are not available and used for the Queue Agent Profiles.Parameter | Description | Default value |
|---|---|---|
System | General parameter, regarding the whole system. | |
System Locale | Language code for language used in the system. | en |
Time convention | From the drop-down list, select 24 hour or AM/PM, depending on which time format you want to use throughout the system. | 24 hour |
Date convention | Select a date format depending on which date format you want to use throughout the system | YY-MM-DD |
Connectors | General parameters regarding connectors. | |
Date Time Format | Date and time format. | HH:mm |
Customer External JNDI Name | Customer External JNDI Name | java:global/customCustomerDb/customerdbintegration/CustomerCentralManagerBean |
Weekend Settings | Parameter regarding scheduling of Context Marketing Messages. | |
Weekend days | Select which days of the week that should be regarded as weekend days. Default is Saturday and Sunday. This is used when scheduling Context Marketing Messages. For more information, see the Administrator’s Guide. | Saturday Sunday |
Parameter | Description | Default value |
|---|---|---|
HTTP Settings | Parameters connected HTTP | |
Central HTTP Port | Enter the port number that should be used to access the Central Orchestra Server. This is usually the port number that Wildfly uses. In case of a load balancer in front of Orchestra, enter the port number of the load balancer. | 8080 for http and 8443 for https. |
Central HTTP Protocol | Select the HTTP protocol (http or https) that should be used to access the Central Orchestra Server. This is usually the protocol that Wildfly uses. In case of a load balancer in front of Orchestra, enter the protocol of the load balancer. | http or https |
Parameter | Description | Default value |
|---|---|---|
Certificate and key store Settings | ||
(Re)generate certificate | Enabling this check box and saving the parameter list will cause the certificate to be generated in the key store. If a certificate with the same alias already exists, it will be overwritten, so be careful! | |
KeyStore alias | The alias of the certificate key entry, in key store. | orchestra |
Distinguished name | The distinguished name of the certificate. The first (CN) section is the host name of the server and the subsequent sections describe the organization. | CN=localhost,OU=orgUnit, O=org, L=city, S=state, C=countryCode |
Subject alternate name | This field needs to be set to both IP address and host name of the server if both are going to be used for HTTPS communication. Separate each entry with a comma. Example: myhost.com, 10.0.10.0. | localhost |
HTTPS server settings | ||
HTTPS enabled | Controls whether HTTPS should be enabled or not in Wildfly. An Orchestra restart is recommended after enabling HTTPS. | Disabled |
KeyStore alias | Determines which key entry in the key store to use as a server certificate. HTTPS must be disabled before selecting a new KeyStore alias. | |
HTTPS port | Decides whichto use for HTTPS communication. | 8443 |
Central WebSocket Server Settings | Settings connected to the Central Websocket server, heartbeat, etc. | |
WebSocket enabled | If this check box is checked, Web socket communication over unencrypted channels is allowed. WARNING! Disabling this will cause any distributed Queue Agent connected over unencrypted WebSocket to stop functioning! | Enabled |
WebSocket port | Theto use for unencrypted WebSocket communication. WARNING! Changing this will cause any distributed Queue Agent connected over unencrypted WebSockets to stop functioning, until they are re-configured! | 8787 |
Secure WebSocket enabled | Enabling this parameter will cause the WebSocket server on Central to support WebSocket secure. Make sure that the certificate setting is properly configured. WARNING! Disabling this setting will cause any Queue Agents that are currently connected using secure WebSocket to stop functioning! | Disabled |
Secure WebSocket port | Theto use for secure WebSocket communication. WARNING! Changing this parameter will cause any Queueu Agents that are currently connected using secure WebSocket to stop functioning, until they are re-configured! | 9150 |
Netty worker thread pool size | The number of worker threads available to handle web socket traffic. Minimum 5, maximum 1000. | 100 |
Init commands thread pool size | The number of threads available to handle init commands from the Queue Agents. Minimum 1, maximum 500. | 20 |
Non-init commands thread pool size | The number of threads available to handle all non-init commands from the Queue Agents. Minimum 1, maximum 500. | 20 |
Event thread pool size | The number of threads available to handle events from the Queue Agents. Minimum 1, maximum 500. | 20 |
Command pool size | The number of threads tasked with notification of results to commands. Minimum 5, maximum 1000. | 20 |
Command timeout (milliseconds) | The time in milliseconds to wait for a response from a command sent to a Queue Agent. Minimum 500, maximum180000. | 60000 |
Client connection timeout (milliseconds) | The time, in milliseconds, to wait before a connection to a Queue Agent is considered lost. Minimum 1000, maximum 600000. | 120000 |
Heartbeat interval (milliseconds) | The maximum time, in milliseconds, before a heartbeat message is sent to a Queue Agent if nothing else is sent. Minimum 5000, maximum 120000. | 30000 |
Enable IP-address filtering | This check box determines whether the web socket server should only allow connections from certain IP-addresses. If enabled, only addresses specified in the definition clause, below, will be allowed to connect. | Disabled |
Allowed IP-addresses | A comma-separated list of allowed IP-addresses. Wildcards are allowed. Localhost (127.0.0.1) is always allowed. Example: 192.168.2.2*,192.168.1.100 will allow 192.168.2.2, a range from 192.168.2.20 to 192.168.2.29, a range from 192.168.2.200 to 192.168.2.255, 192.168.1.100 as well as 127.0.0.1. | |
Send extended heartbeat message | If this check box is checked, timestamps are included in the heartbeat message. This is combined with trace logging both centrally and on selected Queue Agent(s) that have the agent.conf property central.websocket.heartbeat.extended set to true. | Disabled |
Delay start of web socket server (seconds) | Increasing this value will delay the start of the web socket server and prevent any Queue Agent connections, until the web socket server is started. This can, for example, be used for a central system with many distributed Queue Agents. | 0 |
Parameter | Description | Default value |
|---|---|---|
Appointment Management Settings | Parameters regarding Appointment management. | |
Delete appointments where endtime passed by (days) | Applicable to Central. Number of days that should pass, since the end time of an appointment, before that appointment is deleted. | 1 |
Delete appointments at (hh:mm) | Applicable to Central. Time when appointments are deleted. | 02:00 |
Cron trigger for synchronizing appointments | Cron job trigger indicating when appointments should be synchronized. | 0 0 0 * * * |
Cron trigger for deleting old appointments | Cron job trigger indicating when appointments should be deleted. | 0 0 2 * * * |
Appointment Status callbacks enabled | This parameter is enabled in order to get updates for appointments. Example: CREATED: 20 RESCHEDULED: 21 CALLED: 40 ARRIVED: 30 CANCELLED: 53 COMPLETE: 50 NO_SHOW: 51 ENDED_BY_RESET: 52 | Enabled |
Appointment Status update callback URLs (comma-separated). | /calendar-backend/public/api/v1/appointments/callback | |
Appointment life cycle events enabled | Enable or disable sending of events when appointments created, updated, or deleted. | Disabled |
Block early appointments (minutes) | Specify the number of minutes before the appointment start time, that it is possible to call an appointment visit. Note that it is possible to have a different number for different Agent Profiles, here. | |
Recycle Settings | Parameters regarding recycling of tickets. | |
Recycle Max no Recycles | The maximum number of times a ticket can be recycled. | 3 |
Recycle Insert Delay | Number of seconds after which a ticket can be recycled and placed back into the queue at the first position. | 60 |
Browser Settings | ||
Allow Browser Chrome Frame | When this check box is checked, Chrome Frame is enabled. Chrome Frame is designed to expand Internet Explorer’s functionality, by adding support for open web technologies and Google Chrome’s fast rendering engine. | Disabled |
HttpOnly cookie flag enabled | Cookies with HTTP only flag set to true indicates that the cookie shall only be accessed from server side and not applications running in the browser. Note that the Use the HttpOnly cookie flag setting should also be enabled in the Calendar Admin application, under System Settings if applicable. For more information, see the Administrator’s Guide.An Orchestra restart is needed after enabling the HttpOnly cookie flag. | Disabled |
Secure cookie flag enabled | A secure flag set to true on a cookie indicates that the cookie must be sent over a secure communication, such as HTTPS. To enable secure flag: 1. Stop Orchestra. (Both Central and Queue Agent(s)) 2. Open the file shiro.ini file, located in <orchestra_install_dir>\conf\. 3. Un-comment the property cookie.secure and make sure that it is set to true. 4. Restart Orchestra. (Both Central and Queue Agent(s)) Note that the Use the Secure cookie flag setting should also be enabled in the Calendar Admin application, under System Settings, if applicable. For more information, see the Administrator’s Guide. An Orchestra restart is needed after enabling the Secure cookie flag. | Disabled |
Mobile API (Central) | Parameters regarding username and password for the Mobile API. | |
Username | Username used to access the Mobile API. | mobile |
Password | Password used to access the Mobile API. | |
Mobile Ticket Base URL | Base URL used when generating URLs in e.g. barcodes, SMS messages and other mobile ticket implementations. | http://MobileTicket/MyVisit/CurrentStatus |
Customer | Parameters regarding handling of Customer data, mainly due to GDPR regulations. | |
Include customers in export | If this check box is checked, customers will be included in export/import. | Disabled |
Use retention policy for customer object | If this check box is checked, Customer objects will automatically be updated with a new interaction timestamp and deletion timestamp when Appointments or Visits are created or updated for that Customer. | Enabled |
Delete customers, based on retention policy, at (hh:mm) | Customers will automatically be deleted, based on their retention policy, at this time (hh:mm). Delete job will only run if Use retention policy for customer object is enabled. | 01:00 |
User Settings | Parameters regarding User settings. | |
Number of Login attempts before deactivating user | Number of failed Login attempts before deactivating user. Counter will be reset if successful login occurs before limit is reached. Counter will also reset when user is updated. | |
Min Login Code | Lowest valid login code number. | 1000 |
Max Login Code | Highest valid login code number. Default is set to 9999. | 9999 |
UserName validation Pattern | Regular expression used for user name validation. | ^[a-z]+[a-z,0-9]{3,}$ |
Password Validation Pattern | Regular expression used for password validation. | ^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$ |
Enable automatic deactivation of users | Check this check box to enable automatic deactivation of users that have not logged in for a specified period of time. | Enabled |
Deactivate inactive users at (hh:mm) | Users will automatically be deactivated, based on when they were last logged in, at this time (hh:mm). | 23:30 |
Deactivate users not logged in for given number of days | Number of days since last log in, after which users will automatically be deactivated. | 180 |
Password expiration | Enable/disable password expiration | Enabled |
Password expiration days | Set the number of days before a password expires. | 90 |
Require new password at first login | Require new users to change their password at first login or after password has been changed by an administrator. | Disabled |
Event Manager Settings | Parameter regarding events. | |
Upload Standard Events to Central | Whether or not standard events should be uploaded to Central (yes/no). | Events are uploaded. |
Publish Custom Events on Central Topic | Whether or not custom events should be published on Central topic. | Events are published. |
Sorting Policy Settings | Settings regarding sorting policy for visits. | |
Multi service visit sort policy | This setting affects how the visit is transferred to the Queue of the next Service in a multi-service Visit. From the drop-down list, select the wanted sorting policy; SORTED, FIRST, or LAST. | SORTED |
Queue Agent Media Settings | Parameters regarding handling of media on Queue Agents. | |
Cron trigger for deleting old media | Cron job trigger indicating when old media will be deleted. | 0 0 23 * * * |
Allowed Download Interval | Time period when download is allowed. | 00:00-23:59 |
Download media in advance (days) | Number of days in advance that media is downloaded. | 5 |
Cron trigger for downloading media. | Cron job trigger indicating when media will be downloaded. | 0 0 3 * * * |
Statistics Settings | Parameters regarding the handling of statistics. | |
Enable Stat Messages | Whether or not sending of Stat messages should be enabled. Changing this value requires a restart of both central and all Queue Agents. | Enabled. |
Stat Server Address | IP v4 address to the stat resource server. Note that when creating a Queue Agent Profile, this parameter needs to be changed to the IP address where Stat.war is located. | http://127.0.0.1 |
Stat Server Port | Port number where the stat resource is configured. | 8080 |
Stat Server Resource | Application name for the stat resource. | /stat/message/ |
Queue Agent Resend Interval (minutes) | Resend interval (minutes). | 10 |
Queue Agent Upload schedule. | JSON definition of allowed time slots for stat sending, leave empty to always allow stat upload. Example for upload during the night: [{“days”:[“Mon”, “Tue”,”Wed”,”Thu”,”Fri”,”Sat”,”Sun”],”time”:”20:00-04:00”}] | [{“days”:[“Mon”, “Tue”,”Wed”,”Thu”,”Fri”,”Sat”,”Sun”],”time”:”00:00-23:59”}] |
SSO Settings | ||
Enabled | Mark this check box to enable SSO. By default it is not enabled. | Not enabled |
Allow basic authentication | Not allowed | |
Allow localhost | Allowed | |
Allow unsecure basic | Not allowed | |
Client module | spnego-client | |
Pre-authentication user name | User name of pre-authentication user. | preauthuser |
Pre-authentication password | Password of pre-authentication user. | |
Login server module | spnego-server | |
Prompt ntlm | Not enabled. | |
Allow delegation | Allowed | |
Logger level | 1 | |
LDAP Settings | LDAP configuration in Orchestra consists of two tasks: • Server configuration • System parameters - found in this table. • Certificate handling - see “LDAP Certificate Handling” . • LDAP/AD Group Mappings, e.g how LDAP objects, groups are mapped to Orchestra entities (Roles, Branches/Branch Groups). For more information, see the Administrator’s Guide. Each Orchestra attribute has a corresponding LDAP field attribute. For more LDAP information, see “LDAP Hosts/Urls” . The user superadmin will always log in locally. It is also possible to create users that are not authenticated towards the Active Directory. | |
Enabled | When the check box is checked, all users are authenticated towards the configured LDAP server, that is the Active Directory. This parameter needs to be set to true, in order to be able to perform LDAP mappings in the User Management application. | Not enabled. |
Validate settings | Validate settings against LDAP server, when enabling LDAP. Disabling allows settings to be saved, even if LDAP server is not available. | Enabled |
Server URL(s) | Space separated list of full LDAP URL:s, e.g. ldap://somehost:somePort | ldap://localhost:389 |
Bind user Dn | Bind user name, either accountName@domain.foo or full DN. | addEntryUser@domainName.se |
Bind user password | Bind user password. | |
Base search context DN | Defines the root context, from which searches will origin. | CN=Users,DC=your_domain,DC=com |
Account search filter | Defines how a user account DN should be searched for. | (&(objectClass=user)(sAMAccountName={0})) |
Search timeout (millis) | Defines the timeout for an LDAP query in milliseconds. | 1000 |
User groups attribute name | User attribute that defines the groups of the user. | memberOf |
Mapped user attributes | Defines what user attributes that should be returned when searching for a user. The values from the fields below should be used in this string. | accountName,firstName,lastName,locale,rtl,loginCode |
Account name mapped attribute | Defines the user attribute mapped to the account name. | sAMAccount Name |
First name mapped attribute | Defines the user attribute mapped to the first name of the user. | givenName |
Last name mapped attribute | Defines the user attribute mapped to the last name of the user. | sn |
Locale mapped attribute | Defines the user attribute mapped to the locale of the user. | msExchUserCulture |
RTL mapped attribute | Defines the user attribute mapped to the right-to-left setting of the user. Should be evaluated to true/false. | rtl |
Login code mapped attribute | Defines the user attribute mapped to the login code of the user. | loginCode |
SAML v2 Web Single Sign On Settings | For more information, see “SSO Setup Using SAML 2.0 Web SSO” . | |
SAML v2 web SSO enabled | Whether SAML v2 web SSO is enabled, or not. Changing this value requires a restart to take effect. | false |
Service provider entity ID | The ID of the service provider. This shall match the value configured in the Identity Provider. | Orchestra |
Max authentication token lifetime | The maximum allowed age for an authentication token, in seconds. Tokens older than this will not be allowed and the user will need to log in to the IdP again. | 3600 |
Role attribute identifier | The SAML attribute used to identify which role(s) the user has | http://schemas.microsoft.com/ws/2008/06/identity/claims/role |
Username attribute identifier | The SAML attribute used to identify the user name of the user. This parameter will be used to identify the user name of the user. For some Identity Providers, this is the user's email address. Orchestra will truncate such addresses, so that the domain name will not be included when the user name is stored. Example: "myuser@orchestra.com" will be treated as "myuser". | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
First name attribute identifier | The SAML attribute used to identify the first name of the user. | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
Last name attribute identifier | The SAML attribute used to identify the last name of the user. | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
For an instruction about setup of Open LDAP, please refer to “Appendix D - Open LDAP Setup” . Authentication will only be performed once, using the first available connection. Note that the server url is different in this case, ldaps://server:636. The default secureis 636. You must export the CA certificate from the Active Directory server to enable Secure Sockets Layer (SSL) security. You can save the CA certificate in either DER Encoded Binary X-509 format or Based-64 Encoded X-509 format. Make sure that the password entered above matches the following parameter value: If either of the SSL parameters in the configuration file was changed, for example trust store file name or trust store password, the Orchestra must be restarted in order to commit the changes.