Configuring the appsettings.json File - Integration for Adobe Sign - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - external

Integration for Adobe Sign

Platform
OnBase
Product
Integration for Adobe Sign
Release
Foundation 23.1
License

To configure the appsettings.json file, follow these steps:

  1. Open the appsettings.json file in a text editor such as Notepad. This file is located in the installation directory for the Hyland Electronic Integration Service. For example: C:\Program Files\Hyland\HylandESignatureService
    Note:

    In Windows, the JSON file must be opened as an administrator.

  2. Update the Address element (under Authentication | Provider) to be the address of your IDP server.
  3. Update the following fields (under ElectronicSignatureService | TenantList) as required:

    Field

    Description

    DataSource

    The name of the data source for your OnBase solution. This must match the tenant name configured for your Hyland IdP.

    Note:

    This value must be unique.

    DataProvider

    The database provider type. Set the value to MSSQL for Microsoft SQL or ORACLE for Oracle.

    ConnectionString

    A valid connection string to the OnBase database for the database provider type (SQL or Oracle). The connection string must include Data Source, database, User Id, and Password information.

    Tip:

    ADO connections strings are a method of connecting applications to databases. Complete details on connection strings and how to create them are available from Microsoft.

    Note:

    Make sure you include the double-slash ( \\ ) between the server and the database instance to account for JSON formatting. For example, Data Source=MyDB\\SQLInstance;

  4. Configure encryption settings for your solution as required. You should configure your solution to use one of the following encryption methods:
    • Certificate thumbprint encryption: this is the recommended encryption method. This encryption method uses a certificate thumbprint. When using this encryption method, you must configure the CertificateThumbPrint setting in the appsettings.json file. In addition, it is considered a best practice to configure the KeyDirectoryPath setting in the appsettings.json file.

    • DPAPI-NG encryption: this encryption method uses DPAPI-NG. When using this encryption method, it is considered a best practice to configure the ProtectionDescriptorRule and KeyDirectoryPath settings in the appsettings.json file.

      Note:

      DPAPI-NG encryption is only supported on Windows 8 or higher and Windows Server 2012.

  5. Set the EncryptionSettings settings as required:

    Field

    Description

    ProtectionDescriptorRule

    Note:

    This setting is not supported for use with certificate thumbprint encryption. You should only configure this setting if you are using DPAPI-NG encryption.

    Set to the SID of an active directory group. The SID must be set using the following format: "SID=MySIDNumber", where MySIDNumber is replaced with the SID number to be used. For example:

    "ProtectionDescriptorRule":"SID=S-1-1-12-12345678-123456789-123456789-12345",

    When using this setting, it is recommended to create a shared directory used to store the encryption key. This directory can then be entered as the KeyDirectoryPath later in this procedure. If setting up multiple instances of the Hyland Electronic Integration Service, it is recommended that the KeyDirectoryPath be a shared directory that each instance can access.

    Note:

    If this setting is left blank, the SID of the application pool identity will be used.

    CAUTION:

    If this setting is left blank and the application pool user is not a user in your active directory domain, the Integration for Adobe Sign will not be able to use the key generated in KeyDirectoryPath to encrypt the data.

  6. Set the LocalStorageManagement settings as required:

    Field

    Description

    KeyDirectoryPath

    Note:

    This setting is supported for use with certificate thumbprint encryption and DPAPI-NG encryption.

    Set to the directory used to store the encryption key created when you link your Adobe account to Studio. For example, %LocalAppData%\\MyKeysDirectory

    It is considered a best practice to manually create a directory and configure the KeyDirectoryPath setting for that directory.

    However, if this setting is left blank, a directory will be created automatically when you link your Adobe account to Studio, as long as the application pool user has access to the directory location being created. The service will attempt to create a directory in the following locations, in order:

    • %localAppData%\esignkeys

    • %AppData%\esignkeys

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\4.0.30319.0\AutoGenKeys\{CurrentUserSID}\EsignKeys

    • the installation location of the Hyland Electronic Integration Service

    CAUTION:

    If the application pool user does not have access to any of the above, no directory will be created and Adobe Sign credentials cannot be stored.

    Note:

    If deploying in IIS, ensure that the application pool user has permission to access the directory used in KeyDirectoryPath setting as well as access to IIS resources and permissions to write to the temporary files folder.

    CertificateThumbPrint

    Note:

    This setting is not supported for use with DPAPI-NG encryption. You should only configure this setting if you are using certificate thumbprint encryption.

    Set to the thumbprint for the certificate.

    This setting is required to use certificate thumbprint encryption, which is supported for both Windows and Linux environments. The user running the process must have access to the certificate.

    When using this setting, it is recommended to create a shared directory used to store the encryption key. This directory can then be entered as the KeyDirectoryPath. If setting up multiple instances of the Hyland Electronic Integration Service, it is recommended that the KeyDirectoryPath be a shared directory that each instance can access.

  7. Save and close the appsettings.json file.