Backend configuration

securiCAD Enterprise has a configuration file that affects various factors of how the backend works. It's found under /home/es/bin/enterprise_suite/backend/apps/es/configs/config.json.

After installing securiCAD Enterprise with local database your configuration file might look something like this, below we'll go through the sections you might want to change.

[email protected]:~$ cat bin/enterprise_suite/backend/apps/es/configs/config.json 
  "version": 8,
  "api": {
    "prefix": "/api/<version>",
    "version": 1,
    "allowed_origin": "*"
  "rabbit": {
    "worker": {
      "username": "esWorker",
      "password": "<redacted>"
    "api": {
      "username": "esAPI",
      "password": "<redacted>"
  "ssl": {
    "cert": "/home/es/ssl/client/cert.pem",
    "key": "/home/es/ssl/client/key.pem",
    "cacert": "/home/es/ssl/localCA/cacert.pem"
  "flask": {
    "password": "<redacted>",
    "security": {
      "algorithm": "pbkdf2_sha512",
      "salt": "<redacted>",
      "trackable": true,
      "require_password_reset": false
    "jwt": {
      "minutes_valid": 120,
      "header": "JWT",
      "blacklist": true,
      "blacklist_checks": [
    "sqlalchemy": {
      "database": "sqlite:////home/es/data/data.db",
      "upgrade_fail_lock": "db_upgrade_failed.lock",
      "track_modifications": false
    "max_content_length": 134217728
  "sso": {
    "oidc": {
      "enabled": false,
      "client_secrets_path": "...path.../enterprise_suite/backend/apps/es/configs/client_secrets.json"
    "saml": {
      "enabled": false,
      "idp_name": "idp_name",
      "entity_id": "entity_id",
      "metadata_path": "...path.../enterprise_suite/backend/apps/es/configs/metadata"
    "organization": "default_sso_org",
    "redirect_url": "http://localhost:8080/auth"
  "server": {
    "ip": "",
    "port": 8070
  "coordinator": {
    "ip": "",
    "port": 8060
  "parser": {
    "store_input": false,
    "path": "...path.../enterprise_suite/parser_input",
    "custom_parsers_path": "/home/es/custom_parsers"
  "slow_mode": {
    "enabled": false,
    "seconds": 2
  "proxy": {
    "num_trusted_proxies": 1
  "debug": false,
  "language": "SECURILANG",
  "xserver": "Enterprise Suite"

Here we'll go through these section by section.

Some fields are not mentioned below, if you change them securiCAD Enterprise might break right then, or when you attempt to upgrade to a new version. If you contact [email protected] we might instruct you to change some of the non-listed values to help with troubleshooting.


Change these paths, or replace these files, if you want to set a particular HTTP certificate.


Settings related to the main backend service.

  • password This is used to change JWT tokens, if you change it all current tokens will no longer be valid.


  • require_password_reset Specifies whether new users has to set a password the first time they log in.


  • minutes_valid How long the JWT tokens are valid for
  • blacklist whether to check for token revocation on backend access.


  • database path to database file, or complete URI to remote database.

max_content_length Maximum size of content for received requests.


Please see Single Sign-On for details on how to set up Single Sign-On.

server & coordinator

This specifies interface ip and port backend services listen on. If you change these remember to change the nginx configs too.


  • custom_parsers_path path to folder containing securiCAD Enterprise Language Pack files.


  • num_trrusted_proxies Set the number of trusted proxies, this number is including the nginx server set up on the enterprise machine.

If you want to set up a load balancer in front of the enterprise instance you will need to increase the number by one more.

Note if you set this number too high securiCAD Enterprise will trust content from the end user browser, which might lead to security issues.