@@ -166,20 +166,115 @@ icon: config
166166- ** Example:** ` /run/secrets/app_client_certificate_private_key.pem.password `
167167
168168
169+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG
170+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config
171+ - ** Required:** No
172+ - ** Description:** FHIR server connections YAML config for v2 process plugins
173+
174+
175+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG_DEFAULT_ENABLE_DEBUG_LOGGING
176+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config.default.enable.debug.logging
177+ - ** Required:** No
178+ - ** Description:** FHIR server connections YAML: Default value for properties ` enable-debug-logging ` and ` oidc-auth.enable-debug-logging `
179+ - ** Recommendation:** To enable debug logging of requests and reponses to configured FHIR servers by default set to ` true `
180+ - ** Default:** ` false `
181+
182+
183+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG_DEFAULT_ENABLE_DEBUG_LOGGING
184+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config.default.enable.debug.logging
185+ - ** Required:** No
186+ - ** Description:** FHIR server connections YAML: Default value for properties ` oidc-auth.verify-authorized-party `
187+ - ** Recommendation:** To disable verification of the authorized party (aud) claim by default set to ` false `
188+ - ** Default:** ` true `
189+
190+
191+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG_DEFAULT_OIDC_DISCOVERY_PATH
192+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config.default.oidc.discovery.path
193+ - ** Required:** No
194+ - ** Description:** FHIR server connections YAML: Default value for property ` oidc-auth.discovery-path `
195+ - ** Default:** ` /.well-known/openid-configuration `
196+
197+
198+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG_DEFAULT_TEST_CONNECTION_ON_STARTUP
199+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config.default.test.connection.on.startup
200+ - ** Required:** No
201+ - ** Description:** FHIR server connections YAML: Default value for properties ` test-connection-on-startup ` and ` oidc-auth.test-connection-on-startup `
202+ - ** Recommendation:** To perform connection tests on BPE startup to configured FHIR servers by default set to ` true `
203+ - ** Default:** ` false `
204+
205+
206+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG_DEFAULT_TIMEOUT_CONNECT
207+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config.default.timeout.connect
208+ - ** Required:** No
209+ - ** Description:** FHIR server connections YAML: Default value for properties ` connect-timeout ` and ` oidc-auth.connect-timeout `
210+ - ** Default:** ` PT2S `
211+
212+
213+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG_DEFAULT_TIMEOUT_READ
214+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config.default.timeout.read
215+ - ** Required:** No
216+ - ** Description:** FHIR server connections YAML: Default value for properties ` read-timeout ` and ` oidc-auth.read-timeout `
217+ - ** Default:** ` PT10M `
218+
219+
220+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG_DEFAULT_TRUST_SERVER_CERTIFICATE_CAS
221+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config.default.trust.server.certificate.cas
222+ - ** Required:** No
223+ - ** Description:** FHIR server connections YAML: Default value for properties ` trusted-root-certificates-file ` and ` oidc-auth.trusted-root-certificates-file ` . Folder with PEM encoded files (* .crt, * .pem) or a single PEM encoded file with one or more trusted root certificates.
224+ - ** Recommendation:** Add file to default folder via bind mount or use docker secret file to configure
225+ - ** Example:** ` /run/secrets/app_client_trust_certificates.pem `
226+ - ** Default:** ` ca/server_root_cas `
227+
228+
229+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG_OIDC_CACHE
230+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config.oidc.cache
231+ - ** Required:** No
232+ - ** Description:** Set ` false ` to disable caching of OIDC dicovery and jwks resources as well as access tokens in the 'Client Credentials Grant' client; access tokens are evicted 10 seconds before they expire
233+ - ** Default:** ` true `
234+
235+
236+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG_OIDC_CACHE_TIMEOUT_ACCESS_TOKEN
237+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config.oidc.cache.timeout.access.token
238+ - ** Required:** No
239+ - ** Description:** OIDC 'Client Credentials Grant' client cache timeout of access tokens before they expire, duration is subtracted from the expires at value of the acess token
240+ - ** Default:** ` PT10S `
241+
242+
243+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG_OIDC_CACHE_TIMEOUT_CONFIGURATION_RESOURCE
244+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config.oidc.cache.timeout.configuration.resource
245+ - ** Required:** No
246+ - ** Description:** OIDC 'Client Credentials Grant' client cache timeout of the 'openid-configuration' discovery resource
247+ - ** Default:** ` PT1H `
248+
249+
250+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG_OIDC_CACHE_TIMEOUT_JWKS_RESOURCE
251+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config.oidc.cache.timeout.jwks.resource
252+ - ** Required:** No
253+ - ** Description:** OIDC 'Client Credentials Grant' client cache timeout of the jwks resource
254+ - ** Default:** ` PT1H `
255+
256+
257+ ### DEV_DSF_BPE_FHIR_CLIENT_CONNECTIONS_CONFIG_OIDC_TIME_VALIDATION_LEEWAY
258+ - ** Property:** dev.dsf.bpe.fhir.client.connections.config.oidc.time.validation.leeway
259+ - ** Required:** No
260+ - ** Description:** OIDC 'Client Credentials Grant' client access token time validation leeway for 'Not Before', 'Issued At' and 'Expires At' values
261+ - ** Default:** ` PT10S `
262+
263+
169264### DEV_DSF_BPE_FHIR_CLIENT_LOCAL_TIMEOUT_CONNECT
170265- ** Property:** dev.dsf.bpe.fhir.client.local.timeout.connect
171266- ** Required:** No
172- - ** Description:** Timeout in milliseconds until a connection is established with the local DSF FHIR server
267+ - ** Description:** Timeout until a connection is established with the local DSF FHIR server
173268- ** Recommendation:** Change default value only if timeout exceptions occur
174- - ** Default:** ` 2000 `
269+ - ** Default:** ` PT2S `
175270
176271
177272### DEV_DSF_BPE_FHIR_CLIENT_LOCAL_TIMEOUT_READ
178273- ** Property:** dev.dsf.bpe.fhir.client.local.timeout.read
179274- ** Required:** No
180- - ** Description:** Timeout in milliseconds until reading a resource from the local DSF FHIR server is aborted
275+ - ** Description:** Timeout until reading a resource from the local DSF FHIR server is aborted
181276- ** Recommendation:** Change default value only if timeout exceptions occur
182- - ** Default:** ` 60000 `
277+ - ** Default:** ` PT60S `
183278
184279
185280### DEV_DSF_BPE_FHIR_CLIENT_LOCAL_VERBOSE
@@ -192,17 +287,17 @@ icon: config
192287### DEV_DSF_BPE_FHIR_CLIENT_REMOTE_TIMEOUT_CONNECT
193288- ** Property:** dev.dsf.bpe.fhir.client.remote.timeout.connect
194289- ** Required:** No
195- - ** Description:** Timeout in milliseconds until a connection is established with a remote DSF FHIR server
290+ - ** Description:** Timeout until a connection is established with a remote DSF FHIR server
196291- ** Recommendation:** Change default value only if timeout exceptions occur
197- - ** Default:** ` 5000 `
292+ - ** Default:** ` PT5S `
198293
199294
200295### DEV_DSF_BPE_FHIR_CLIENT_REMOTE_TIMEOUT_READ
201296- ** Property:** dev.dsf.bpe.fhir.client.remote.timeout.read
202297- ** Required:** No
203- - ** Description:** Timeout in milliseconds until a reading a resource from a remote DSF FHIR server is aborted
298+ - ** Description:** Timeout until a reading a resource from a remote DSF FHIR server is aborted
204299- ** Recommendation:** Change default value only if timeout exceptions occur
205- - ** Default:** ` 60000 `
300+ - ** Default:** ` PT60S `
206301
207302
208303### DEV_DSF_BPE_FHIR_CLIENT_REMOTE_VERBOSE
@@ -215,17 +310,17 @@ icon: config
215310### DEV_DSF_BPE_FHIR_CLIENT_TRUST_SERVER_CERTIFICATE_CAS
216311- ** Property:** dev.dsf.bpe.fhir.client.trust.server.certificate.cas
217312- ** Required:** No
218- - ** Description:** PEM encoded file with one or more trusted root certificates to validate server certificates for https connections to local and remote DSF FHIR servers
219- - ** Recommendation:** Use docker secret file to configure
313+ - ** Description:** Folder with PEM encoded files ( * .crt, * .pem) or a single PEM encoded file with one or more trusted root certificates to validate server certificates for https connections to local and remote DSF FHIR servers
314+ - ** Recommendation:** Add file to default folder via bind mount or use docker secret file to configure
220315- ** Example:** ` /run/secrets/app_client_trust_certificates.pem `
221- - ** Default:** ` ca/server_cert_root_cas.pem `
316+ - ** Default:** ` ca/server_root_cas `
222317
223318
224319### DEV_DSF_BPE_FHIR_QUESTIONNAIRE_RESPONSE_SUBSCRIPTION_SEARCH_PARAMETER
225320- ** Property:** dev.dsf.bpe.fhir.questionnaire.response.subscription.search.parameter
226321- ** Required:** No
227322- ** Description:** Subscription to receive notifications about questionnaire response resources from the DSF FHIR server
228- - ** Default:** ` ?criteria=QuestionnaireResponse%3Fstatus%3Dcompleted&status=active&type=websocket&payload=application/fhir%2Bjson `
323+ - ** Default:** ` ?criteria:exact =QuestionnaireResponse%3Fstatus%3Dcompleted&status=active&type=websocket&payload=application/fhir%2Bjson `
229324
230325
231326### DEV_DSF_BPE_FHIR_SERVER_BASE_URL
@@ -245,15 +340,15 @@ icon: config
245340### DEV_DSF_BPE_FHIR_TASK_SUBSCRIPTION_RETRY_SLEEP
246341- ** Property:** dev.dsf.bpe.fhir.task.subscription.retry.sleep
247342- ** Required:** No
248- - ** Description:** Milliseconds between two retries to establish a websocket connection with the DSF FHIR server
249- - ** Default:** ` 5000 `
343+ - ** Description:** Time between two retries to establish a websocket connection with the DSF FHIR server
344+ - ** Default:** ` PT5S `
250345
251346
252347### DEV_DSF_BPE_FHIR_TASK_SUBSCRIPTION_SEARCH_PARAMETER
253348- ** Property:** dev.dsf.bpe.fhir.task.subscription.search.parameter
254349- ** Required:** No
255350- ** Description:** Subscription to receive notifications about task resources from the DSF FHIR server
256- - ** Default:** ` ?criteria=Task%3Fstatus%3Drequested&status=active&type=websocket&payload=application/fhir%2Bjson `
351+ - ** Default:** ` ?criteria:exact =Task%3Fstatus%3Drequested&status=active&type=websocket&payload=application/fhir%2Bjson `
257352
258353
259354### DEV_DSF_BPE_MAIL_CLIENT_CERTIFICATE
@@ -377,10 +472,10 @@ icon: config
377472### DEV_DSF_BPE_MAIL_TRUST_SERVER_CERTIFICATE_CAS
378473- ** Property:** dev.dsf.bpe.mail.trust.server.certificate.cas
379474- ** Required:** No
380- - ** Description:** PEM encoded file with one or more trusted root certificates to validate the server certificate of the SMTP server. Requires SMTP over TLS to be enabled via * DEV_DSF_BPE_MAIL_USESMTPS*
381- - ** Recommendation:** Use docker secret file to configure
475+ - ** Description:** Folder with PEM encoded files ( * .crt, * .pem) or a single PEM encoded file with one or more trusted root certificates to validate the server certificate of the SMTP server. Requires SMTP over TLS to be enabled via * DEV_DSF_BPE_MAIL_USESMTPS*
476+ - ** Recommendation:** Add file to default folder via bind mount or use docker secret file to configure
382477- ** Example:** ` /run/secrets/smtp_server_trust_certificates.pem `
383- - ** Default:** ` ca/server_cert_root_cas.pem `
478+ - ** Default:** ` ca/server_root_cas `
384479
385480
386481### DEV_DSF_BPE_MAIL_USERNAME
@@ -397,6 +492,41 @@ icon: config
397492- ** Default:** ` false `
398493
399494
495+ ### DEV_DSF_BPE_PROCESS_API_ALLOWED_BPE_CLASSES
496+ - ** Property:** dev.dsf.bpe.process.api.allowed.bpe.classes
497+ - ** Required:** No
498+ - ** Description:** Map with files containing qualified classs names allowed to be loaded by plugins for api versions; map key must match v([ 1-9] +[ 0-9] * )
499+ - ** Recommendation:** Change only during development
500+ - ** Example:** ` {v1: 'some/example.file', v2: 'other.file'} `
501+ - ** Default:** ` {:} `
502+
503+
504+ ### DEV_DSF_BPE_PROCESS_API_ALLOWED_BPE_RESOURCE
505+ - ** Property:** dev.dsf.bpe.process.api.allowed.bpe.resource
506+ - ** Required:** No
507+ - ** Description:** Map with files containing resources allowed to be loaded by plugins for api versions; map key must match v([ 1-9] +[ 0-9] * )
508+ - ** Recommendation:** Change only during development
509+ - ** Example:** ` {v1: 'some/example.file', v2: 'other.file'} `
510+ - ** Default:** ` {:} `
511+
512+
513+ ### DEV_DSF_BPE_PROCESS_API_DIRECTORY
514+ - ** Property:** dev.dsf.bpe.process.api.directory
515+ - ** Required:** No
516+ - ** Description:** Directory containing the DSF BPE process plugin api jar files
517+ - ** Recommendation:** Change only during development
518+ - ** Default:** ` api `
519+
520+
521+ ### DEV_DSF_BPE_PROCESS_API_RESOURCES_WITH_PRIORITY
522+ - ** Property:** dev.dsf.bpe.process.api.resources.with.priority
523+ - ** Required:** No
524+ - ** Description:** Map with files containing api/plugin resource with priority over bpe resources for plugins for api versions; map key must match v([ 1-9] +[ 0-9] * )
525+ - ** Recommendation:** Change only during development
526+ - ** Example:** ` {v1: 'some/example.file', v2: 'other.file'} `
527+ - ** Default:** ` {:} `
528+
529+
400530### DEV_DSF_BPE_PROCESS_ENGINE_COREPOOLSIZE
401531- ** Property:** dev.dsf.bpe.process.engine.corePoolSize
402532- ** Required:** No
@@ -436,18 +566,32 @@ icon: config
436566### DEV_DSF_BPE_PROCESS_FHIR_SERVER_RETRY_SLEEP
437567- ** Property:** dev.dsf.bpe.process.fhir.server.retry.sleep
438568- ** Required:** No
439- - ** Description:** Milliseconds between two retries to establish a connection with the local DSF FHIR server during process deployment
440- - ** Default:** ` 5000 `
569+ - ** Description:** Time between two retries to establish a connection with the local DSF FHIR server during process deployment
570+ - ** Default:** ` PT5S `
441571
442572
443- ### DEV_DSF_BPE_PROCESS_PLUGIN_DIRECTROY
444- - ** Property:** dev.dsf.bpe.process.plugin.directroy
573+ ### DEV_DSF_BPE_PROCESS_FHIR_VALIDATION_ENABLED
574+ - ** Property:** dev.dsf.bpe.process.fhir.validation.enabled
575+ - ** Required:** No
576+ - ** Description:** Set to true to enable FHIR validation feature for process plugins, not implemented for DSF version 2.0.x
577+ - ** Default:** ` false `
578+
579+
580+ ### DEV_DSF_BPE_PROCESS_PLUGIN_DIRECTORY
581+ - ** Property:** dev.dsf.bpe.process.plugin.directory
445582- ** Required:** No
446583- ** Description:** Directory containing the DSF BPE process plugins for deployment on startup of the DSF BPE server
447584- ** Recommendation:** Change only if you don't use the provided directory structure from the installation guide or made changes to tit
448585- ** Default:** ` process `
449586
450587
588+ ### DEV_DSF_BPE_PROCESS_PLUGIN_EXPLODED
589+ - ** Property:** dev.dsf.bpe.process.plugin.exploded
590+ - ** Required:** No
591+ - ** Description:** Directories containing exploded DSF BPE process plugins for deployment on startup of the DSF BPE server; comma or space separated list, YAML block scalars supported
592+ - ** Recommendation:** Only for testing
593+
594+
451595### DEV_DSF_BPE_PROCESS_RETIRED
452596- ** Property:** dev.dsf.bpe.process.retired
453597- ** Required:** No
@@ -570,6 +714,13 @@ icon: config
570714- ** Default:** ` false `
571715
572716
717+ ### DEV_DSF_SERVER_AUTH_OIDC_BEARER_TOKEN_AUDIENCE
718+ - ** Property:** dev.dsf.server.auth.oidc.bearer.token.audience
719+ - ** Required:** No
720+ - ** Description:** Audience (aud) value to verify before accepting OIDC bearer tokens, uses value from ` DEV_DSF_SERVER_AUTH_OIDC_CLIENT_ID ` by default, set blank string e.g. ` '' ` to disable
721+ - ** Recommendation:** Requires * DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL* to be specified and * DEV_DSF_SERVER_AUTH_OIDC_BEARER_TOKEN* set tor ` true `
722+
723+
573724### DEV_DSF_SERVER_AUTH_OIDC_CLIENT_ID
574725- ** Property:** dev.dsf.server.auth.oidc.client.id
575726- ** Required:** No
@@ -580,8 +731,6 @@ icon: config
580731- ** Property:** dev.dsf.server.auth.oidc.client.secret
581732- ** Required:** No
582733- ** Description:** OIDC provider client_secret, must be specified if * DEV_DSF_SERVER_AUTH_OIDC_AUTHORIZATION_CODE_FLOW* is enabled
583- - ** Recommendation:** Use docker secret file to configure
584- - ** Example:** ` /run/secrets/oidc_provider_client.secret `
585734
586735
587736### DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_CERTIFICATE
@@ -608,27 +757,34 @@ icon: config
608757- ** Example:** ` /run/secrets/oidc_provider_client_certificate_private_key.pem.password `
609758
610759
611- ### DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_CONNECTTIMEOUT
612- - ** Property:** dev.dsf.server.auth.oidc.provider.client.connectTimeout
760+ ### DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_TIMEOUT_CONNECT
761+ - ** Property:** dev.dsf.server.auth.oidc.provider.client.timeout.connect
613762- ** Required:** No
614- - ** Description:** OIDC provider client connect timeout in milliseconds
615- - ** Default:** ` 5000 `
763+ - ** Description:** OIDC provider client connect timeout
764+ - ** Default:** ` PT5S `
616765
617766
618- ### DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_IDLETIMEOUT
619- - ** Property:** dev.dsf.server.auth.oidc.provider.client.idleTimeout
767+ ### DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_TIMEOUT_READ
768+ - ** Property:** dev.dsf.server.auth.oidc.provider.client.timeout.read
620769- ** Required:** No
621- - ** Description:** OIDC provider client idle timeout in milliseconds
622- - ** Default:** ` 30000 `
770+ - ** Description:** OIDC provider client read timeout
771+ - ** Default:** ` PT30S `
623772
624773
625774### DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_TRUST_SERVER_CERTIFICATE_CAS
626775- ** Property:** dev.dsf.server.auth.oidc.provider.client.trust.server.certificate.cas
627776- ** Required:** No
628- - ** Description:** PEM encoded file with one or more trusted root certificates to validate server certificates for https connections to the OIDC provider
629- - ** Recommendation:** Use docker secret file to configure
777+ - ** Description:** Folder with PEM encoded files ( * .crt, * .pem) or a single PEM encoded file with one or more trusted root certificates to validate server certificates for https connections to the OIDC provider
778+ - ** Recommendation:** Add file to default folder via bind mount or use docker secret file to configure
630779- ** Example:** ` /run/secrets/oidc_provider_trust_certificates.pem `
631- - ** Default:** ` ca/server_cert_root_cas.pem `
780+ - ** Default:** ` ca/server_root_cas `
781+
782+
783+ ### DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_DISCOVERY_PATH
784+ - ** Property:** dev.dsf.server.auth.oidc.provider.discovery.path
785+ - ** Required:** No
786+ - ** Description:** OIDC provider dicovery path
787+ - ** Default:** ` /.well-known/openid-configuration `
632788
633789
634790### DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_REALM_BASE_URL
@@ -641,10 +797,10 @@ icon: config
641797### DEV_DSF_SERVER_AUTH_TRUST_CLIENT_CERTIFICATE_CAS
642798- ** Property:** dev.dsf.server.auth.trust.client.certificate.cas
643799- ** Required:** No
644- - ** Description:** PEM encoded file with one or more trusted full CA chains to validate client certificates for https connections from local and remote clients
645- - ** Recommendation:** Use docker secret file to configure
800+ - ** Description:** Folder with PEM encoded files ( * .crt, * .pem) or a single PEM encoded file with one or more trusted full CA chains to validate client certificates for https connections from local and remote clients
801+ - ** Recommendation:** Add file to default folder via bind mount or use docker secret file to configure
646802- ** Example:** ` /run/secrets/app_client_trust_certificates.pem `
647- - ** Default:** ` ca/client_cert_ca_chains.pem `
803+ - ** Default:** ` ca/client_ca_chains `
648804
649805
650806### DEV_DSF_SERVER_CERTIFICATE
0 commit comments