mainzelliste.docker.conf

# Template properties for mainzelliste
#
# The configuration listed here provides default values which should be suitable for
# a variety of szenarios. At least, the sections "Database setup" and "xDAT servers"
# should be adjusted to the local environment.

# General format: Key-value pairs, separated by spaces, tabs, "=", ":".
# Lines starting with "#" are comments. Comments appended to a line are not possible!
# See Javadoc for java.util.Properties#load(Reader) for details.

# Property names may contain letters, numbers, underscores and dots. Dots define a hierarchical
# structure on the property names.

# Leading and trailing whitespaces in property values are not allowed and will be removed
# after loading.

# For a comprehensive documentation of configuration parameters see the configuration manual
# ("Konfigurationshandbuch").

# debug mode: If set to true, token handling is disabled (i.e. no tokens are necessary).
debug = false

# Name of this mainzelliste distribution instance.
dist = Mainzelliste

# Database setup
db.driver = ML_DB_DRIVER
db.url = jdbc:ML_DB_TYPE://ML_DB_HOST:ML_DB_PORT/ML_DB_NAME
db.username = ML_DB_USER
db.password = ML_DB_PASS

# Logging
# By default, logs are written to stdout. Uncomment the following values to log to a file
# instead.

#log.filename = /var/log/tomcat6/mainzelliste.log
#log.level = DEBUG

# GCP Features
#
# Institutions in heavily regulated invironments, for example CROs or other facilities
# working in the field of clinical trials, have to fulfill restrictive requirements
# in terms of logging and comprehensibility whenever data is created, modified or simply viewed.
# (WHO Guidlines for GCP, ICH GCP E6 and others)
# A so-called audit trail is a common feature implemented by systems used to access or modify this
# kind of data.
# It typically stores timestamp, user/system identifier, record name, old value, new value, reason for change and the action taken.
#
# This property activates the mainzelliste audit trail feature which creates a new table in the database
# for storing those records. It further extends the token format to include audit trail information in the 'data' field:
#
# auditTrail: {
#   username: "foo_user",
#   remoteSystem: "bar_system",
#   reasonForChange: "reason"
# }
#
# PLEASE NOTE:
# When this option is active, requests to the system without a valid audit trail object
# inside the access token will be denied.

gcp.audittrail = false

# ! EXPERIMENTAL FEATURE ! configuration is subject to change in a future release.
# log client information in IDRequest table: IP-Address, Config reference e.g "Claims" or "Servers"
#idrequest.client = true
## enable logging client ip address
#idrequest.client.ip-address = false

# Field definitions
#
# Every input field must be defined here with field.{fieldname}.type = {fieldtype},
# where fieldname is a unique identifier and fieldtype the name of a subclass of Field.
# Input data from the field will be stored in objects of that class.
#
# Every field defined here must either be contained in the input form
# WEB-INF/jsp/patientFormElements.jsp (with corresponding "name"-Tag) or
# be provided in the createPatient Token

# In order to deactivate fields temporarily, it is sufficient to comment out the field definition.

field.vorname.type = PlainTextField
field.nachname.type = PlainTextField
field.geburtsname.type = PlainTextField
field.geburtstag.type = IntegerField
field.geburtsmonat.type = IntegerField
field.geburtsjahr.type = IntegerField
field.plz.type = PlainTextField
field.ort.type = PlainTextField


# Server-side validation

# validator.field.{fieldname}.required: Whether a field must not be empty
validator.field.vorname.required = true
validator.field.nachname.required = true
validator.field.geburtstag.required = true
validator.field.geburtsmonat.required = true
validator.field.geburtsjahr.required = true

# validator.field.{fieldname}.format: Regular expresssion which a field must adhere to.

# Default: letters, dots, underscores, apostrophes, spaces; at least one letter.
validator.field.vorname.format = [A-Za-zäÄöÖüÜß\\.\\-' ]*[A-Za-zäÄöÖüÜß]+[A-Za-zäÄöÖüÜß\\.\\-' ]*
validator.field.nachname.format = [A-Za-zäÄöÖüÜß\\.\\-' ]*[A-Za-zäÄöÖüÜß]+[A-Za-zäÄöÖüÜß\\.\\-' ]*
validator.field.geburtsname.format = [A-Za-zäÄöÖüÜß\\.\\-' ]*[A-Za-zäÄöÖüÜß]+[A-Za-zäÄöÖüÜß\\.\\-' ]*

# Date validation:
# validator.date.{i}.fields defines a list of fields, separated by commas.
# The date string is formed by concatenation of these fields.
# validator.date.{i}.format: A format definition (see java.text.SimpleDateFormat) by
# which the date string is interpreted. Validation checks if the parsed date is valid.
# Set fields which form the date and the format (when concatenating the fields).
# Multiple dates can be specified by supplying multiple definitions with consecutive
# numbers as {i}

validator.date.0.fields = geburtstag, geburtsmonat, geburtsjahr
validator.date.0.format = ddMMyyyy



# Exchange groups
#
# An exchange group denotes a set of fields whose values are considered interchangeable.
# The matcher (currently only EpilinkMatcher) compares the fields in each exchange group to
# all of its permutations and uses the best matching combination for final decision.
#
# An exchange group is defined by exchangeGroup.{id} = {fieldlist}, where id is a sequential number
# and fieldlist a comma-separated list of field names
#exchangeGroup.0 = vorname, nachname, geburtsname

# Field transformations
#
# Transformations for a field {fieldname} are defined by
# field.{fieldname}.transformers = {transformerlist}, where
# transformerlist is a comma-separated list of names of subclasses of FieldTransformer.
#
# The first transformer in the list is applied to the input field as defined in the field definition;
# i.e. the type parameter IN of the first transformer must match the class of the field.
# Every subsequent transformer is applied to the output of its predecessor; i.e. its type parameter IN
# must match type parameter OUT of the preceding transformer.

field.vorname.transformers = StringNormalizer, FirstNameDecomposer
field.nachname.transformers = StringNormalizer, GermanLastNameDecomposer
field.geburtsname.transformers = StringNormalizer, GermanLastNameDecomposer

# field comparators
field.vorname.comparator = NGramComparator
field.nachname.comparator = NGramComparator
field.geburtsname.comparator = NGramComparator

field.geburtstag.comparator = BinaryFieldComparator
field.geburtsmonat.comparator = BinaryFieldComparator
field.geburtsjahr.comparator = BinaryFieldComparator

field.plz.comparator = BinaryFieldComparator
field.ort.comparator = NGramComparator

# Use DiceField comparator instead of NGramComparator to apply EpilLink algorithm to hashed fields

# field.vorname.comparator = DiceFieldComparator


# Blocking
# The blocking strategy choice depends on the field types after the transformation.
# If compound fields are passed to the blocker, whether created by a field transformation or as input fields,
# the type of the subfields is the one that is relevant for the blocking.
# If exchange groups are used, only one of the fieldnames should be given here. The blocker is applied to
# the other fields as well.

# Use Soundex for PlainText fields
blocking.soundex.type = Soundex
# With the default exchange group
# blocking.soundex.fields = nachname
# Without an exchange group
blocking.soundex.fields = vorname, nachname, geburtsname


# Use FieldEquality e.g. for birthday based blocking
# This can be combined with Soundex blocking.
# blocking.dob.type = FieldEquality
# blocking.dob.fields = geburtstag, geburtsmonat, geburtsjahr

# FieldEquality can also be used for externally generated blocking keys
# The input field must of course be defined above.
# blocking.ext.type = FieldEquality
# blocking.ext.fields = extBlockingField


# Use HLsh for blocking on hashed fields
# blocking.lsh.type = HLsh
# blocking.lsh.fields = vorname, nachname
# The lengths of the above hashed fields
# blocking.lsh.bfSize = 384, 512, 512
# The lsh method defines the strategy for multiple fields.
# Depending on the expected quality of the fields select one of the following possibilities.
# General advise:
# High values for lshKeys can reduce false negatives, but will have a negative impact on the performance.
# High values for lshHashes can improve the performance, but can lead to more false negatives.

# Recommended: Fields with missing or dirty values
#blocking.lsh.lshMethod = field
# Number of keys per field
#blocking.lsh.lshKeys = 1
# Number of hash functions per field
#blocking.lsh.lshHashes = 36

# Fields with few errors
# blocking.lsh.lshMethod = record
# Total number of keys
# blocking.lsh.lshKeys = 9
# Number of hash functions per field (can be used as a weight)
# blocking.lsh.lshHashes = 8, 8, 8

# The seed for the hash functions
#blocking.lsh.seed = 42

# The following options can improve the performance by reducing the size of the blocks.
# The ratio of the frequent bit positions to ignore in the blocking keys (Choose 0 to deactivate the optimization)
# blocking.lsh.pruneRatio = 0.25
# Trigger the optimization on each startup of the Mainzelliste
# blocking.lsh.initialOptimization = true



# Matcher definition
# Property matcher defines the class name of the matcher to use, which must be a subclass
# of Matcher. Currently only EpilinkMatcher and NullMatcher are supported.
# Null matcher is used to skip the step of record linkage
matcher = EpilinkMatcher
# matcher = NullMatcher

# Config for Epilink Matcher
#
# matcher.epilink.{fieldname}.frequency: Defines the assumed mean frequency of values
# for field {fieldname}. This corresponds to the u-probability in the Fellegi-Sunter-Model
# and can be estimated by the reciprocal of the number of distinct values (i.e. the
# frequency of "month" is 1 / 12).
matcher.epilink.vorname.frequency = 0.000235
matcher.epilink.nachname.frequency = 0.0000271
matcher.epilink.geburtsname.frequency = 0.0000271

# 1 / 30 (approximate average number of days in a month)
matcher.epilink.geburtstag.frequency = 0.0333
# 1 / 12
matcher.epilink.geburtsmonat.frequency = 0.0833
# example value: birth years for an age range of 35 years (40 - 75).
matcher.epilink.geburtsjahr.frequency = 0.0286

matcher.epilink.plz.frequency = 0.01
matcher.epilink.ort.frequency = 0.01

# matcher.epilink.{fieldname}.error_rate defines the assumed error_rate for
# field {fieldname} (1 - m-probability)
#
# The supplied number stem from the evaluation of a German cancer registry
matcher.epilink.vorname.errorRate = 0.01
matcher.epilink.nachname.errorRate = 0.008
matcher.epilink.geburtsname.errorRate = 0.008
matcher.epilink.geburtstag.errorRate = 0.005
matcher.epilink.geburtsmonat.errorRate = 0.002
matcher.epilink.geburtsjahr.errorRate = 0.004
matcher.epilink.plz.errorRate = 0.04
matcher.epilink.ort.errorRate = 0.04

# matcher.epilink.threshold.match: Defines the minimum weight (in the interval [0,1])
# for which a pair of records is considered a definite match.
#
# matcher.epilink.threshold_non_match: Defines the weight (in the interval [0,1])
# below which a pair of records is considered a definite non-match. Must be less than or equal
# to matcher.epilink.threshold_match.
#
# Record pairs with a weight w with threshold_non_match <= w < threshold_match are
# considered possible matches and lead to a tentative PID.
matcher.epilink.threshold_match = 0.95
matcher.epilink.threshold_non_match = 0.7


# ID-Generators
#
# idgenerators: A comma-seperated list of identifiers of ID-Generators, corresponding to ID types.
# External id types should be also listed here

# For every generator:
# idgenerator.{identifier}: Class which implements the ID generator.
# additional parameters depend on the ID generator used.
#
idgenerators = pid, biobankId, laborExtId, alphaId, clinicExtId

# By default, IDs are generated once they are requested (lazy generation).
# Set the following parameter to true if upon creating a patient, IDs of all
# configured types should be created for this patient eagerly.
idgenerators.eagerGeneration = false

# Additional params for PIDGenerator (k1, k2, k3, rndwidth) are defined here.
idgenerator.pid = PIDGenerator
idgenerator.pid.k1 = 1
idgenerator.pid.k2 = 2
idgenerator.pid.k3 = 3
# rndwidth is optional (default 0)
idgenerator.pid.rndwidth = 0

idgenerator.clinicExtId = ExternalIDGenerator

idgenerator.biobankId = PIDGenerator
idgenerator.biobankId.k1 = 4
idgenerator.biobankId.k2 = 5
idgenerator.biobankId.k3 = 6

idgenerator.laborExtId = ExternalIDGenerator
#idgenerator.laborExtId.format = [1-9][0-9][0-9][0-9][0-9]

idgenerator.alphaId = PIDGenerator
idgenerator.alphaId.k1 = 8
idgenerator.alphaId.k2 = 9
idgenerator.alphaId.k3 = 10

# Output of result

associatedids.visit.idgenerators = extVisitId, intVisitId
# these three IDGenerators are used for testing purposes
idgenerator.extVisitId = ExternalIDGenerator
idgenerator.intVisitId = SimpleIDGenerator

# ! EXPERIMENTAL FEATURE ! configuration is subject to change in a future release.
# allows dynamic configuration of id types
# projectidgeneratorv1.type = persisted

# Whether to show a result page (defaults to true)
# Set to false if you use a redirect address with "addPatient"-Tokens
# and want the user to be immediately redirected to the calling application.
# Only applicable if a redirect address is defined in a token
result.show = true

# Whether to include Idat in the result page.
result.printIdat = true

# Set a fixed language for the user interface. Must be a language code for which a
# MessageBundle exists in the application. Current valid values are "en" and "de"
# language =

# xDAT servers
#
# Known Permissions / Token Types:
#
# - showSessionIds: see own sessions via GET /sessions
# - createSession: create session via POST /sessions
# - manageSessionPatients: manage the set of patients related to a session
# - callback: the permission to allow callbacks
#	(operations on /sessions/{sessionid}/patients)
#
#   - createToken: create tokens -- in addition, permission "tt_x" is req'd, where x is one of these TOKEN TYPES:
#  - tt_addPatient: allows to generate one (1) ID. Token is invalidated afterwards even if an existing ID was returned.
#  - tt_addPatients: allows to add multiple patients.
#  - tt_readPatients: allows to read IDAT or pseudonyms of patients
#  - tt_editPatient: allows to change identifying data of one (1) patient. Token is invalidated afterwards.
#  - tt_addConsent: allows to add new consent resource
#  - tt_readConsent: allows to read a consent resource.
#  - tt_searchConsents: allows to find consent resources
#  - tt_editConsent: allows to change a consent resource. Token is invalidated afterwards.
#  - tt_deleteConsent: allows to delete a consent. Token is invalidated afterwards.
#  - tt_addConsentTemplate: allows to add new consent template
#  - tt_readConsentTemplate: allows to read a consent template.
#  - tt_searchConsentTemplates: allows to find consent templates
#  - tt_addConsentPolicySet: allows to add new consent policy set
#  - tt_readConsentPolicySet: allows to read a consent policy set.
#  - tt_searchConsentPolicySets: allows to find consent policy sets.
#  - tt_addConsentPolicy: allows to add new consent policy.
#  - tt_readConsentPolicy: allows to read a consent policy.
#  - tt_searchConsentPolicies: allows to find consent policies.
#
# readAllPatientIdTypes: allows to read all IdTypes of a patient
# readAllPatientIds: allows to read all Ids of a patient
#

# Allows refined permissions
# example if activated: ;tt_readPatients{|data.searchIds.idType:pid|data.searchIds.idString:*|data.resultFields:geburtsname&vorname|data.resultIds:pid|data.resultIds:intid|data.callback:*};tt_addPatient{data.idtypes:pid}
extendedPermissionCheck = true
#If failed auth message should not send back to requester
#extendedPermissionCheck.failedAuthMessage = deactivated
#extendedPermissionCheck.caseSensitive = true


# A passphrase used for authentication
servers.0.apiKey = ML_API_KEY
# Monitoring permissions: getPatientCount;getTentativePatientCount;getIDRequestCount;getCpuInfo;getMemoryInfo
servers.0.permissions = readConfiguration;tt_editConfiguration;createSession;deleteSession;showSessionIds;createToken;tt_addPatient;tt_addPatients;tt_createIds;tt_readPatients;tt_editPatient;tt_deletePatient;tt_createIds;tt_addConsent;tt_searchConsents;tt_readConsent;tt_editConsent;tt_addConsentTemplate;tt_readConsentTemplate;tt_searchConsentTemplates;tt_addConsentPolicySet;tt_readConsentPolicySet;tt_searchConsentPolicySets;tt_addConsentPolicy;tt_readConsentPolicy;tt_searchConsentPolicies
servers.0.allowedRemoteAdresses = ML_ALLOWEDREMOTEADDRESSES

servers.1.apiKey = ML_API_1
servers.1.allowedRemoteAdresses = ML_ALLOWEDREMOTEADDRESSES
servers.1.permissions.tenant = projectBiobank
servers.1.permissions.patient.operations = C, R, U, D
servers.1.permissions.patient.ids.biobankId.operations = C, R
servers.1.permissions.patient.externalIds.laborExtId.operations = C, R, U
servers.1.permissions.patient.externalIds.clinicExtId.operations = C, R, U
servers.1.permissions.patient.fields.*.operations = U, R
servers.1.permissions.patient.consent.operations = C, R, U, D
servers.1.permissions.consentTemplate.operations = R
servers.1.permissions.miscellaneous = readConfiguration;tt_editConfiguration,createSession;createToken;readAllPatients

servers.2.apiKey = ML_API_KEY2
servers.2.allowedRemoteAdresses = ML_ALLOWEDREMOTEADDRESSES
servers.2.permissions.tenant = projectAlpha
servers.2.permissions.patient.operations = C, R, U, D
servers.2.permissions.patient.ids.alphaId.operations = C, R
servers.2.permissions.patient.externalIds.clinicExtId.operations = C, R, U
servers.2.permissions.patient.fields.*.operations = U, R
servers.2.permissions.patient.consent.operations = C, R, U, D
servers.2.permissions.consentTemplate.operations = C, R
servers.2.permissions.miscellaneous = readConfiguration;createSession;createToken;readAllPatients

# ! EXPERIMENTAL FEATURE ! configuration is subject to change in a future release.
# Multitenancy :
#
# Tenant can be a group of users who share a common subset of patients.
# specify a tenant name
# tenant.{identifier}.name = study
# we use idtypes to filter patients belonging to the same tenant. external id type not allowed.
# tenant.{identifier}.idTypes = {idTypes ...}

# 1. Project
tenant.projectBiobank.name = Biobank EU
tenant.projectBiobank.idTypes = biobankId

# 2. Project
tenant.projectAlpha.name = Project Alpha
tenant.projectAlpha.idTypes = alphaId

# OAuth configuration:
#
# Set issuer identifier {iss-id} and authorization server url {iss-url}
# oidc.{iss-id}.iss={iss-url}
#oidc.keycloak.iss=https://organization.com/auth
#
# Set authorization server internal url {iss-url}
# oidc.{iss-id}.iss.internalBaseUrl={iss-internal-url}
#oidc.keycloak.iss.internalBaseUrl=http://keycloak-container:8034


# Define Claims:
#
# Specify claim id {id} and the authentication protocol. Allowed values : OIDC (OpenID Connect)
# claims.{id}.auth={authentication-protocol}
#claims.0.auth=OIDC
#
# Specify issuer identifier
# claims.{id}.oidc.iss={iss-id}
#claims.0.oidc.iss=keycloak
#
# how to validate multiple claims. Allowed values : 'OR' or 'AND'
# default: AND
# claims.{id}.oidc.operator={operator}
#claims.0.oidc.operator=OR
#
# set claim and values. Claim values separated by , or ;
# Note: Mainzelliste UI support only the claim-name "roles"
# claims.{id}.oidc.{claim-name}={claim-values}
#claims.0.oidc.roles=admin
#
# ANY or ALL subset tells how to validate claims value list defined in "claims.{id}.oidc.{claim-name}={claim-values}"
# default: ANY
# claims.{id}.oidc.{claim-name}.subset={subset-operator}
#claims.0.oidc.roles.subset=ANY
#
# Define mainzelliste permissions seperated by , or ;
# Not: refined permission not support in the Mainzelliste UI use instead the shorthand configuration below
# claims.{id}.permissions = {values}
#claims.{id}.permissions = readConfiguration;createSession;deleteSession;createToken;tt_addPatient;
#
# ! EXPERIMENTAL FEATURE ! configuration is subject to change in a future release.
# A shorthand for efficiently configuring a grained "permissions"
# (optional) As described above a tenant restrict access to a subset of patients with specific ids
# servers.{i}.permissions.tenants = {comma separated tenant names}
#
# specify allowed patient operations. Allowed values are "C, R, U, D" or "*".
# servers.{i}.permissions.patient.operations = C, R, U, D
#
# {idType} must be configured in "idgenerators". Wildcard "*" is allowed
# specify allowed patient non-external ids operations. Allowed values are "C, R" or "*". Note: create "D" not supported yet
# servers.{i}.permissions.patient.ids.{idType}.operations = C, R
#
# specify allowed patient external ids operations. Allowed values are "U, R" or "*". Note: create "C" and "D" not supported yet
# servers.{i}.permissions.patient.externalIds.{idType}.operations = U, R
#
# {fieldName} must be configured in "field.". Wildcard "*" is allowed otherwise provide all required fields
# specify allowed patient fields operations. Allowed values are "U, R" or "*". Note: create "C" and "D" not supported yet
# servers.{i}.permissions.patient.fields.{fieldName}.operations = R, U
#
# servers.{i}.permissions.miscellaneous = createSession, createToken, manageSessionPatients, callback, readAllPatients, readAllPatientIds, readAllPatientIdTypes

oidc.keycloak.iss=ML_OIDC_ISS
oidc.keycloak.iss.internalBaseUrl=ML_OIDC_INTERNAL_ISS_BASE_URL

# UI basic permissions
claims.0.permissions = readConfiguration;createSession;createToken;readAllPatients
claims.0.auth=OIDC
claims.0.oidc.iss=keycloak
claims.0.oidc.roles=admin,biobank-admin,biobank-study-nurse,alpha-admin,alpha-study-nurse
claims.0.oidc.roles.subset=ANY

## TTP Admin
#claims.5.auth = OIDC
#claims.5.oidc.iss = keycloak
#claims.5.oidc.roles = admin
#claims.5.permissions.patient.operations = C, R, U, D
#claims.5.permissions.patient.ids.*.operations = C, R
#claims.5.permissions.patient.externalIds.*.operations = C, R, U
#claims.5.permissions.patient.fields.*.operations = C, R, U

# 1. Project Biobank: Admin
claims.1.auth = OIDC
claims.1.oidc.iss = keycloak
claims.1.oidc.roles = biobank-admin,admin
claims.1.permissions.tenant = projectBiobank
claims.1.permissions.patient.operations = C, R, U, D
claims.1.permissions.patient.ids.biobankId.operations = C, R
claims.1.permissions.patient.ids.intVisitId.operations = C, R
claims.1.permissions.patient.externalIds.extVisitId.operations = C, R, U
claims.1.permissions.patient.externalIds.laborExtId.operations = C, R, U
claims.1.permissions.patient.externalIds.clinicExtId.operations = C, R, U
claims.1.permissions.patient.fields.*.operations = U, R
claims.1.permissions.patient.consent.operations = C, R, U, D
claims.1.permissions.patient.consent.provenance.operations = C, R
claims.1.permissions.patient.consent.scans.operations = C, R
claims.1.permissions.consentTemplate.operations = C, R, D
claims.1.permissions.miscellaneous = tt_editConfiguration;tt_addPatients

# 1. Project Biobank: study-nurse
claims.2.auth=OIDC
claims.2.oidc.iss=keycloak
claims.2.oidc.roles=biobank-study-nurse
claims.2.permissions.tenant = projectBiobank
claims.2.permissions.patient.operations = C, R, U
claims.2.permissions.patient.ids.biobankId.operations = C, R
claims.2.permissions.patient.externalIds.laborExtId.operations = C, R
claims.2.permissions.patient.externalIds.clinicExtId.operations = R
claims.2.permissions.patient.fields.*.operations = R, U

# 2. Project Alpha: Admin
claims.3.auth=OIDC
claims.3.oidc.iss=keycloak
claims.3.oidc.roles=alpha-admin,admin
claims.3.permissions.tenant = projectAlpha
claims.3.permissions.patient.operations = C, R, U, D
claims.3.permissions.patient.ids.alphaId.operations = C, R
claims.3.permissions.patient.externalIds.clinicExtId.operations = C, R, U
claims.3.permissions.patient.fields.*.operations = U, R
claims.3.permissions.patient.consent.operations = C, R, U, D
claims.3.permissions.consentTemplate.operations = C, R, D
claims.3.permissions.policySet.operations = R
claims.3.permissions.policy.operations = R
claims.3.permissions.miscellaneous = tt_editConfiguration;tt_addPatients

# 2. Project Alpha: study-nurse
claims.4.auth=OIDC
claims.4.oidc.iss=keycloak
claims.4.oidc.roles=alpha-study-nurse
claims.4.permissions.tenant = projectAlpha
claims.4.permissions.patient.operations = C, R, U
claims.4.permissions.patient.ids.alphaId.operations = C, R
claims.4.permissions.patient.externalIds.clinicExtId.operations = R
claims.4.permissions.patient.fields.*.operations = C, R, U

# Accepted origin addresses (IPv4 and/or IPv6) or address ranges in CIDR notation (IPv4 only)
# Allow requests from a typical private network
# servers.0.allowedRemoteAdresses = 192.168.56.0/24

# Allow combination of both
# servers.0.allowedRemoteAdresses = 127.0.0.1;0:0:0:0:0:0:0:1;192.168.56.0/24

# Allowed origins for cross origin resource sharing (CORS), multiple values separated by ";"

servers.allowedOrigins = ML_ALLOWED_ORIGINS
servers.allowedHeaders = mainzellisteApiKey;mainzellisteApiVersion;Content-Type;Authorization
servers.allowedMethods = OPTIONS;GET;POST;PUT;DELETE
#servers.allowedMaxAge = 0



# Allowed Format of callback
callback.allowedFormat = https://.*
callback.allowSelfsigned = false

# Session timeout
# A session will be deleted if not accessed for this amount of time, specified in minutes
# Default value if not specified: 10
# sessionTimeout = 10

# Operator information of the Mainzelliste operator to display around user forms
# (defaults to empty/invisible):
# - Contact: Text to be displayed below all forms
# - Logo: Path to image to be displayed in the upper right corner. This can either be an absolute path
#         in the file system, a path within the .war file or a path relative to META-INF/resource
#         within a .jar file on the class path (e.g. a dependency).

# operator.contact =

# Logo file: example for absolute path
# operator.logo = /etc/mainzelliste/logo.png

# Logo file: example for relative path in .war file
# operator.logo = /WEB-INF/classes/logo.png

# Logo file: example for file in META-INF/resources within a .jar file on the classpath
# operator.logo = /logo.png

# custom configuration
# subConfiguration.{n}.uri = https://www.example.org/mainzelliste.sub.conf
# subConfiguration.{n}.uri = file:///etc/mainzelliste/mainzelliste.sub.conf