ECF Web Server Variables

Table 1. ECF Web Server Variables
Variable	Description
IP Address of the Virtual Unit	Virtual IP address, for information only. Address cannot be changed as it is defined when the virtual unit is created.
Use Windows Authentication for Database Connections	Specify whether Windows authentication should be used for database connections. The selection is on by default, and we recommend using it. With Windows authentication, you can leave database password fields empty. If you de select the option, SQL logon is used, and you must enter database user name and password for each database connection, and they are saved in registry and log files as plain text.
Configuration Database Server Address or Name	By default, the value defined in database installation is used automatically.
Configuration Database Name	By default, the value defined in database installation is used automatically.
Configuration Database User Name	By default, the value defined in database installation is used automatically.
Configuration Database Password	By default, the value defined in database installation is used automatically.
Log File Directory of the Virtual Unit	Software running in the virtual unit uses this directory for their log files
TCP Port Number for HTTP	The HTTP port number for ECF (Tomcat). Note: Only for demo and testing purposes; in real production environment, leave this value empty.
TCP Port Number for HTTPS	The HTTPS port number for ECF (Tomcat). The default value is 443. Note: Change the value if there is IIS installed on the same server as it uses 443 by default.
ECF Web Server's Port for Other Servers	The TCP/TLS port number that ECF Web Server uses to connect to Terminal Server. Note: As of 1608, Terminal Server is included in Agent Server.
Server Connection Security
Internal Server Certificate in Use	Internal Server Certificate can be used to secure server-server connection.
Internal Server Certificate Common Name	Internal Server Common Name part of the Certificate Subject, Issued To.
Internal Server Certificate Issuer	Optional Internal Server Certificate issuer name, Issued By.
Internal Server Certificate Store	Internal Server Certificate store location.
Front End Server Mode	Define if the server is used for agents or customers. The default value is the Agent Facing Mode. If you need communication to both directions, make sure to have at least two ECF Web Servers in the system, and set them to different directions. Agent Facing Mode: The server works towards Terminal Server for internal agents, only. When you use this value, you must choose authentication in Authentication Mode. Visitor Facing Mode: The server works towards Chat Portal Server for visitors, only. Added in SP09. Note: As of 1608, Terminal Server is included in Agent Server.
Authentication Mode	Select the authentication method used in ECF: Authenticate with basic authentication: Use the user name and password for client authentication. Authenticate with OAuth: Use access token from a third party authorization service for client authentication. Sinch Contact Center implements OAuth 2 implicit grant flow. Added in SP09. Authenticate with OAuth or with Basic (prefer OAuth) Choose this option if you use basic authentication and have an integration with SAP Customer Engagement Center. Only oAuth is supported with Cctr Adapter. Basic will be used as fallback option. Added in FP14. Authenticate with OAuth or with Certificates (prefer OAuth) Choose this option if you use certificate-based authentication and have an integration with SAP Customer Engagement Center. Only oAuth is supported with Cctr Adapter. Certificate will be used as fallback option. Added in FP14. Authenticate with client certificate: Use a client certificate for authentication, select the attribute used for authentication with the following variables. Authenticate with basic authentication or certificate (prefer certificate): Use certificate if it is available. If the certificate check fails, server tries to fall back to basic authentication. If a custom logon dialog is in use, the authentication will fail, and in that case, administrator can choose prefer basic option instead (see below). Authenticate with basic authentication or certificate (prefer basic): If the client sends credentials, those will be used even if a certificate is available. If the client does not send credentials (usually first request from the client), server will check the certificate, and if that is not accepted, will request for logon and password.
Tomcat Connector Type	Protocol to be used for Tomcat connector. Java Non Blocking Connector. The default value. When you use this value, you must define the certificate in Keystore Type. APR/Native Connector. To use this option, additional libraries need to be installed. Added in SP09.
Keystore Type	Choose which type you use: Windows Personal Certificate Store or Java Keystore File. Note: Value Windows Personal Certificate Store works only in Windows server 2012, or newer.
CORS Allowed Origins	Enter the URLs that are allowed to use ECF Widgets. Define URLs as a regex string, for example to allow host1 and host2 at the domain customer.com, enter https://(host1\|host2).customer.com.
Realm Name	Define the Tomcat realm name for identifying the users of ECF. The default value is SAP ContactCenter Authentication.
Tomcat Startup Extra Parameters	Enter additional parameters and separate them with a comma. Added in 1608.
Visitor Queue Poll Interval	Define how often Front End Server retrieves visitor queue information (average waiting time and is the queue open or closed) from Chat Server. Enter the value in seconds. Added in 1608.
Visitor Chat URLs As of release 17, the Visitor Configurator user interface requires login. Because of this added authentication, the UI is only available from the Agent-Facing ECF Web Server.
ECF Server URL (Agent Facing Mode)	Enter a path that is used to connect to the agent-facing ECF Server. The URL can be of format: https://[host]/ecfs /[subfolder]/ecfs This is the path within the host from which the user interface is downloaded. Added in 2005.
ECF Server URL (Visitor Facing Mode)	Enter a path that is used to connect to the visitor-facing ECF Server.
Visitor Client URL	Enter a path that is used to connect to the Visitor Chat Client.
Allowlist	If you use Communication Panel in an iframe, enter the hosts from where the embedded operation is made. Double quotes are added around each variable if the item is not within double quotes. Using an asterisk (*) in URLs is supported but this is not secure allowing any client from any host to embed the user interface. Added in 2005.
Anonymous RI Allowlist	This is used for listing allowed resources that the anonymous user can access. By default the system adds the following resource allowing access to the reply templates: `^GET /rci/replyTemplates/[0-9a-fA-F]{32}$` If you want to add more resources, use a comma-separated list. If all resources under the URI should be accessible, use an asterisk () at the end: GET /rci/replyTemplates, GET /rci/queues* For more complex resources, use regular expression entries in the list within in the ` character.
Authentication with Certificate
Client Certificate's Subject Attribute Used for Authentication	Select the subject attribute that is used to authenticate a user with client certificate: Subject's common name (CN) E-Mail Address (E): When this option is selected, the e-mail address from the Subject Alternative Name extension of the certificate is used, if present. Otherwise the e-mail address from the Subject Name field is used. Fully Qualified Name (FQN).
Client Certificate's Issuer Attribute Used for Authentication	Select the issuer attribute that is used to authenticate a user with client certificate. the choices are: Issuer's Common Name (CN) E-Mail Address (E): If this option is selected, the e-mail address from the Issuer Alternative Name extension of the certificate is used, if present. Otherwise, the e-mail address from the Issuer Name field is used. Fully qualified name (FQN).
Keystore Settings
Certificate Name for HTTPS	The common name of the certificate. If you have chosen Java Non Blocking Connector in Tomcat Connector Type, the default value is ecf_server. If you have Windows certificate, the name is usually in format server.domain. This certificate must be installed into Personal Certificates of the user who is used when the HAC service is run. Certificate key enhanced usage must contain Server Authentication (1.3.6.1.5.5.7.3.1).
Java Keystore Settings Define these settings if you have chosen Java Keystore File in Keystore Type. Added in 1608.
Certificate File for NIO Connector	The certificate file name that must be in directory [YOUR_VU]\ecf. The default value is ecfs_keystore.
Certificate Key File Password for NIO Connector	The password for the certificate that you have created for Keystore.
Truststore File for NIO Connector	Truststore file name that must be in directory [YOUR_VU]\ecf. The default value is ecfs_trustedstore.
Truststore File Password for NIO Connector	The password for the certificate that you have created for Truststore.
APR/Native Settings Added in 1608.
Certificate File for APR Connector	The certificate file name that must be in directory [YOUR_VU]\ecf. The default value is ecfcert.pem.
Certificate Key File for APR Connector	The certificate key file that must be in directory [YOUR_VU]\ecf. The default value is ecfs_key.pem.
CA Certificate File Location for APR Connector	Truststore CA file name that must be in [YOUR_VU]\ecf.
OAuth Settings
OAuth Authentication URL	If you have chosen Authenticate with OAuth for Authentication Mode, enter the external URL that retrieves the user information with an access token. However, if you have listed allowed issuers in the OAuth Accepted Issuers, the external URL is not needed. Added in SP09.
OAuth Accepted Issuers	Enter a comma-separated list of accepted issuers. This is needed only if you need to support more than one issuer.
OAuth Field Name	If you have chosen Authenticate with OAuth for Authentication Mode, you can enter tenant as the field name for OAuth validation. If this field is empty, the hostname is used as the issuer field. . Added in SP09.
OAuth Proxy IP Address	IP address for the OAuth proxy Added in 1608.
OAuth Proxy Port	Port number for the OAuth proxy Added in 1608.
STUN/TURN Settings
STUN/TURN Server in Use	If you are using STUN/TURN for video chat, select this option and enter the information for STUN/TURN server information below. Added in SP09.
STUN Server Address	Enter the address for the STUN server, for example 52.25.105.202. Added in SP09.
STUN Server Port	Enter the port and optionally the protocol for the STUN server, for example 443?transport=tcp. Added in SP09.
TURN Server Address	Enter the address for the TURN server, for example 52.25.105.202. Added in SP09.
TURN Server Port	Enter the port and optionally the protocol for the TURN server, for example 443?transport=tcp. Added in SP09.
TURN User Name	Enter the user name that has been configured on the TURN server. Added in SP09.
TURN Secret	Enter the secret name that has been configured on the TURN server. Added in SP09.

IP Address of the Virtual Unit

Virtual IP address, for information only. Address cannot be changed as it is defined when the virtual unit is created.

Use Windows Authentication for Database Connections

Specify whether Windows authentication should be used for database connections. The selection is on by default, and we recommend using it. With Windows authentication, you can leave database password fields empty. If you de select the option, SQL logon is used, and you must enter database user name and password for each database connection, and they are saved in registry and log files as plain text.

Configuration Database Server Address or Name

By default, the value defined in database installation is used automatically.

Configuration Database Name

By default, the value defined in database installation is used automatically.

Configuration Database User Name

By default, the value defined in database installation is used automatically.

Configuration Database Password

By default, the value defined in database installation is used automatically.

Log File Directory of the Virtual Unit

Software running in the virtual unit uses this directory for their log files

TCP Port Number for HTTP

The HTTP port number for ECF (Tomcat).

Note:

Only for demo and testing purposes; in real production environment, leave this value empty.

TCP Port Number for HTTPS

The HTTPS port number for ECF (Tomcat). The default value is 443.

Note:

Change the value if there is IIS installed on the same server as it uses 443 by default.

ECF Web Server's Port for Other Servers

The TCP/TLS port number that ECF Web Server uses to connect to Terminal Server.

Note:

As of 1608, Terminal Server is included in Agent Server.

Server Connection Security

Internal Server Certificate in Use

Internal Server Certificate can be used to secure server-server connection.

Internal Server Certificate Common Name

Internal Server Common Name part of the Certificate Subject, Issued To.

Internal Server Certificate Issuer

Optional Internal Server Certificate issuer name, Issued By.

Internal Server Certificate Store

Internal Server Certificate store location.

Front End Server Mode

Define if the server is used for agents or customers. The default value is the Agent Facing Mode. If you need communication to both directions, make sure to have at least two ECF Web Servers in the system, and set them to different directions.

Agent Facing Mode: The server works towards Terminal Server for internal agents, only.

When you use this value, you must choose authentication in Authentication Mode.
Visitor Facing Mode: The server works towards Chat Portal Server for visitors, only.

Added in SP09.

Note:

As of 1608, Terminal Server is included in Agent Server.

Authentication Mode

Select the authentication method used in ECF:

Authenticate with basic authentication: Use the user name and password for client authentication.
Authenticate with OAuth:

Use access token from a third party authorization service for client authentication. Sinch Contact Center implements OAuth 2 implicit grant flow.

Added in SP09.
Authenticate with OAuth or with Basic (prefer OAuth)

Choose this option if you use basic authentication and have an integration with SAP Customer Engagement Center. Only oAuth is supported with Cctr Adapter. Basic will be used as fallback option.

Added in FP14.
Authenticate with OAuth or with Certificates (prefer OAuth)

Choose this option if you use certificate-based authentication and have an integration with SAP Customer Engagement Center. Only oAuth is supported with Cctr Adapter. Certificate will be used as fallback option.

Added in FP14.
Authenticate with client certificate: Use a client certificate for authentication, select the attribute used for authentication with the following variables.
Authenticate with basic authentication or certificate (prefer certificate):
- Use certificate if it is available.
- If the certificate check fails, server tries to fall back to basic authentication. If a custom logon dialog is in use, the authentication will fail, and in that case, administrator can choose prefer basic option instead (see below).
Authenticate with basic authentication or certificate (prefer basic):
- If the client sends credentials, those will be used even if a certificate is available.
- If the client does not send credentials (usually first request from the client), server will check the certificate, and if that is not accepted, will request for logon and password.

Tomcat Connector Type

Protocol to be used for Tomcat connector.

Java Non Blocking Connector. The default value.

When you use this value, you must define the certificate in Keystore Type.
APR/Native Connector. To use this option, additional libraries need to be installed.

Added in SP09.

Keystore Type

Choose which type you use: Windows Personal Certificate Store or Java Keystore File.

Note:

Value Windows Personal Certificate Store works only in Windows server 2012, or newer.

CORS Allowed Origins

Enter the URLs that are allowed to use ECF Widgets. Define URLs as a regex string, for example to allow host1 and host2 at the domain customer.com, enter https://(host1|host2).customer.com.

Realm Name

Define the Tomcat realm name for identifying the users of ECF. The default value is SAP ContactCenter Authentication.

Tomcat Startup Extra Parameters

Enter additional parameters and separate them with a comma.

Added in 1608.

Visitor Queue Poll Interval

Define how often Front End Server retrieves visitor queue information (average waiting time and is the queue open or closed) from Chat Server.

Enter the value in seconds.

Added in 1608.

Visitor Chat URLs

As of release 17, the Visitor Configurator user interface requires login. Because of this added authentication, the UI is only available from the Agent-Facing ECF Web Server.

ECF Server URL (Agent Facing Mode)

Enter a path that is used to connect to the agent-facing ECF Server. The URL can be of format:

https://[host]/ecfs
/[subfolder]/ecfs

This is the path within the host from which the user interface is downloaded.

Added in 2005.

ECF Server URL (Visitor Facing Mode)

Enter a path that is used to connect to the visitor-facing ECF Server.

Visitor Client URL

Enter a path that is used to connect to the Visitor Chat Client.

Allowlist

If you use Communication Panel in an iframe, enter the hosts from where the embedded operation is made. Double quotes are added around each variable if the item is not within double quotes.

Using an asterisk (*) in URLs is supported but this is not secure allowing any client from any host to embed the user interface.

Added in 2005.

Anonymous RI Allowlist

This is used for listing allowed resources that the anonymous user can access. By default the system adds the following resource allowing access to the reply templates:

`^GET /rci/replyTemplates/[0-9a-fA-F]{32}$`

If you want to add more resources, use a comma-separated list. If all resources under the URI should be accessible, use an asterisk (*) at the end:

GET /rci/replyTemplates*, GET /rci/queues*

For more complex resources, use regular expression entries in the list within in the ` character.

Authentication with Certificate

Client Certificate's Subject Attribute Used for Authentication

Select the subject attribute that is used to authenticate a user with client certificate:

Subject's common name (CN)
E-Mail Address (E): When this option is selected, the e-mail address from the Subject Alternative Name extension of the certificate is used, if present. Otherwise the e-mail address from the Subject Name field is used.
Fully Qualified Name (FQN).

Client Certificate's Issuer Attribute Used for Authentication

Select the issuer attribute that is used to authenticate a user with client certificate. the choices are:

Issuer's Common Name (CN)
E-Mail Address (E): If this option is selected, the e-mail address from the Issuer Alternative Name extension of the certificate is used, if present. Otherwise, the e-mail address from the Issuer Name field is used.
Fully qualified name (FQN).

Keystore Settings

Certificate Name for HTTPS

The common name of the certificate.

If you have chosen Java Non Blocking Connector in Tomcat Connector Type, the default value is ecf_server.

If you have Windows certificate, the name is usually in format server.domain. This certificate must be installed into Personal Certificates of the user who is used when the HAC service is run. Certificate key enhanced usage must contain Server Authentication (1.3.6.1.5.5.7.3.1).

Java Keystore Settings

Define these settings if you have chosen Java Keystore File in Keystore Type.

Added in 1608.

Certificate File for NIO Connector

The certificate file name that must be in directory [YOUR_VU]\ecf.

The default value is ecfs_keystore.

Certificate Key File Password for NIO Connector

The password for the certificate that you have created for Keystore.

Truststore File for NIO Connector

Truststore file name that must be in directory [YOUR_VU]\ecf.

The default value is ecfs_trustedstore.

Truststore File Password for NIO Connector

The password for the certificate that you have created for Truststore.

APR/Native Settings

Added in 1608.

Certificate File for APR Connector

The certificate file name that must be in directory [YOUR_VU]\ecf.

The default value is ecfcert.pem.

Certificate Key File for APR Connector

The certificate key file that must be in directory [YOUR_VU]\ecf.

The default value is ecfs_key.pem.

CA Certificate File Location for APR Connector

Truststore CA file name that must be in [YOUR_VU]\ecf.

OAuth Settings

OAuth Authentication URL

If you have chosen Authenticate with OAuth for Authentication Mode, enter the external URL that retrieves the user information with an access token. However, if you have listed allowed issuers in the OAuth Accepted Issuers, the external URL is not needed.

Added in SP09.

OAuth Accepted Issuers

Enter a comma-separated list of accepted issuers. This is needed only if you need to support more than one issuer.

OAuth Field Name

If you have chosen Authenticate with OAuth for Authentication Mode, you can enter tenant as the field name for OAuth validation.

If this field is empty, the hostname is used as the issuer field.

.

Added in SP09.

OAuth Proxy IP Address

IP address for the OAuth proxy

Added in 1608.

OAuth Proxy Port

Port number for the OAuth proxy

Added in 1608.

STUN/TURN Settings

STUN/TURN Server in Use

If you are using STUN/TURN for video chat, select this option and enter the information for STUN/TURN server information below.

Added in SP09.

STUN Server Address

Enter the address for the STUN server, for example 52.25.105.202.

Added in SP09.

STUN Server Port

Enter the port and optionally the protocol for the STUN server, for example 443?transport=tcp.

Added in SP09.

TURN Server Address

Enter the address for the TURN server, for example 52.25.105.202.

Added in SP09.

TURN Server Port

Enter the port and optionally the protocol for the TURN server, for example 443?transport=tcp.

Added in SP09.

TURN User Name

Enter the user name that has been configured on the TURN server.

Added in SP09.

TURN Secret

Enter the secret name that has been configured on the TURN server.

Added in SP09.