source: MILK/trunk/milk_server/ndgDiscovery.config @ 4477

#
# NDG Configuration File
# At deployment time the only pieces that a user ought to need to customise
# will be 
#    - the server address
#    - it might be necessary to customise the location of the layout directory 
#    - the localLink, localImage and localAlt in the [layout] section
#
[DEFAULT]
#
# the following is the server on which this browse/discovery instance runs!
server:         http://localhost
#server:       http://superglue.badc.rl.ac.uk:8083
## This is the proxied server root
#server: http://superglue.badc.rl.ac.uk/ndg-test

#
# the following is the server on which the NDG discovery service is running! (Not to be confused with
# the server on which the NDG discovery web service is running). This can and probably should be the local
# server (i.e. don't change it!)
#
ndgServer:      %(server)s
#
##!NOTE: These are changed to  reflect the proxy prefix
#layout:         /ndg-test/layout/
#icondir:        /ndg-test/layout/icons/
layout:          /layout/
icondir:         /layout/icons/

#
mailserver:       xxxoutbox.rl.ac.uk
metadataMaintainer: b.n.lawrence@rl.ac.uk
repository:        %(server)s
tbrecipient:      b.n.lawrence@rl.ac.uk

# The following should only be needed for debugging some parts of the code when running on sandboxes behind a firewall
proxyServer:      http://wwwcache3.rl.ac.uk:8080/
disclaimer:       

[SEARCH]
advancedURL:        %(ndgServer)s/discovery
discoveryURL:       %(ndgServer)s/discovery
helpURL:            %(ndgServer)s/discovery?help=1

[logging]
debuglog:        discovery.log

[layout]
###### user customisable:
localLink:      %(ndgServer)s/layout/
localImage:     %(icondir)sndg_logo_circle.gif
localAlt:       visit badc
###### ought to be the end of the customisations
ndgLink:        http://ndg.nerc.ac.uk/
ndgImage:       %(icondir)sndg_logo_circle.gif
ndgAlt:         visit ndg
stfcLink:       http://ceda.stfc.ac.uk/
stfcImage:      %(icondir)sstfc-circle-sm.gif
key:            %(icondir)spadlock.png
Xicon:          %(icondir)sxml.png
plot:           %(icondir)splot.png
printer:        %(icondir)sprinter.png
helpIcon:       %(icondir)shelp.png
HdrLeftAlt:     %(icondir)s Natural Environment Research Council
HdrLeftLogo:    %(icondir)sNERC_Logo.gif
navMinus:       %(icondir)snavigate_minus.png
navPlus:                %(icondir)snavigate_plus.png

pageLogo:       %(layout)s20050502_albert-park_silhouetted-trees-and-clouds_02_cropped.jpg

[HELP]
helpFile:       %(layout)shelp.html

[ATOM_EDITOR]
# if set to True, the editor will be available
enabled: True
# if set to True, errors output with stacktrace to templates
debug: True             

[NDG_A_SERVICE]
badc.nerc.ac.uk: http://glue.badc.rl.ac.uk/cgi-bin/dxui
icon: %(icondir)splot.png
#%(icondir)sdata_aservice.png
icon_alt: A Service
service_name: A
icon_title: LINKS to a DATA BROWSE view of this dataset
instance: datasetURI_%s

[NDG_B_SERVICE]
#
#These are the hosts which are publicly available on which the browse
#service is running. The list should be of the form repository: hostname
#where repository is the NDG identifier ....
#
neodc.nerc.ac.uk: %(server)s
badc.nerc.ac.uk: %(server)s
www.npm.ac.uk: http://wwwdev.neodaas.ac.uk/projects/ndg
grid.bodc.nerc.ac.uk: http://grid.bodc.nerc.ac.uk
ndg.noc.soton.ac.uk: http://ndg.noc.soton.ac.uk:8001
icon: %(icondir)sbrowse_bservice.png
icon_alt: B Service
icon_title: Links to a METADATA BROWSE view of this dataset
service_name: B
instance: SERVICEHOST/view/URI

[NDG_EXIST]
#
# following is a list of repository servers, actually only one is needed,
# at any one location running browse, and that is the local one. The 
# entire purpose of the rest of the list is to simplify updates. These
# hosts do not need to be visible outside of corporate firewalls.
# The list should be of the form repository: hostname where repository
# is the NDG identifier.
# 
local: chinook.badc.rl.ac.uk
badc.nerc.ac.uk: chinook.badc.rl.ac.uk
neodc.nerc.ac.uk: chinook.badc.rl.ac.uk
grid.bodc.nerc.ac.uk: grid.bodc.nerc.ac.uk
ndg.noc.soton.ac.uk: ndg.noc.soton.ac.uk
www.npm.ac.uk: pgsql.npm.ac.uk
passwordFile: ./passwords.txt

#
# NDG Security
#

# Security settings for configuration as a client to a Single Sign On Service
# i.e. Where Are You From, login and logout operations are handled by a 
# separate standalone paster instance
#[NDG_SECURITY.ssoClient]
## THIS service's address for secure connections - the Single Sign On service
## returns security parameters to this service along this channel
#sslServer: https://localhost
##sslServer: https://ndgbeta.badc.rl.ac.uk
#
## THIS service's address for unencrypted connections - when login is complete,
## the BaseController redirects to an equivalent address under this host name.
## sslServer and server settings must match for the sharing of cookies.
#server: http://localhost
#
## WAYF running on Single Sign On Service - omit to default to WAYF running on
## THIS paster instance
#wayfURI:               https://localhost/sso/wayf
#
## Logout URI running on Single Sign On Service - omit to default to logout 
## running on THIS paster instance
#logoutURI:             https://localhost/sso/logout

# Security settings for running a Single Sign On Service from this paster
# instance.  Either NDG_SECURITY.ssoClient or NDG_SECURITY.ssoService sections
# should be set but NOT both

# Single Sign On Service Settings
[NDG_SECURITY.ssoService]

# THIS service's address for secure connections - the Single Sign On service
# returns security parameters to this service along this channel
sslServer: https://localhost
#sslServer: https://ndgbeta.badc.rl.ac.uk

# THIS service's address for unencrypted connections - when login is complete,
# the BaseController redirects to an equivalent address under this host name.
# sslServer and server settings must match for the sharing of cookies.
server: http://localhost

enableOpenID: True

# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
tracefile: None
#tracefile: sys.stderr

# Service addresses
sessionMgrURI: https://localhost/SessionManager
#sessionMgrURI: https://ndgbeta.badc.rl.ac.uk/SessionManager
attAuthorityURI: http://localhost:5000/AttributeAuthority
#attAuthorityURI: http://aa.ceda.rl.ac.uk

# SSL Connections
#
# Space separated list of CA cert. files.  The peer cert.
# must verify against at least one of these otherwise the connection is 
# dropped.  Include CA certs for all the sites trusted
sslCACertFilePathList: certs/ndg-test-ca.crt

# Web Services HTTP Proxy fine tuning 
#
# For most situations, these settings can be ignored and instead make use of 
# the http_proxy environment variable.  They allow for the case where specific 
# settings are needed just for the security web services calls

# Overrides the http_proxy environment variable setting - may be omitted
#httpProxyHost: wwwcache.rl.ac.uk:8080

# Web service clients pick up the no_proxy environment variable setting by
# default.  Set this parameter to override no_proxy for web service 
# connections.  
#noHttpProxyList: localhost, 127.0.0.1

# WS-Security signature handler - set a config file with 'wssCfgFilePath'
# or omit and put the relevant content directly in here under 
# 'NDG_SECURITY.wssecurity' section
#wssCfgFilePath: wssecurity.cfg

[NDG_SECURITY.wssecurity]

# Settings for signature of an outbound message ...

# Certificate associated with private key used to sign a message.  The sign 
# method will add this to the BinarySecurityToken element of the WSSE header.  
# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.  
# As an alternative, use 'signingCertChain' parameter

# file path PEM encoded cert 
signingCertFilePath=certs/clnt.crt

# file path to PEM encoded private key file
signingPriKeyFilePath=certs/clnt.key

# Password protecting private key.  Leave blank if there is no password.
signingPriKeyPwd=

# Provide a space separated list of file paths.  CA Certs should be included 
# for all the sites this installation trusts
caCertFilePathList=certs/ndg-test-ca.crt

# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
# signed message.  
reqBinSecTokValType=X509v3

# Add a timestamp element to an outbound message
addTimestamp=True

# For WSSE 1.1 - service returns signature confirmation containing signature 
# value sent by client
applySignatureConfirmation=False

#
# Gatekeeper settings
#
[NDG_SECURITY.gatekeeper]
#
# Policy Enforcement Point calls a Policy Decision Point interface:

# File path to Python module containing the PDP class - leave blank if the 
# module is in PYTHONPATH env var
pdpModFilePath: 

# Name of PDP Python module
pdpModName: ndg.security.common.authz.pdp.browse

# Name of PDP class used
pdpClassName: BrowsePDP

# File Path to configuration file used by PDP class (environment variables
# can be used in this path e.g. $PDP_CONFIG_DIR/pdp.cfg.  Omit this parameter
# to make the PEP read the PDP settings from THIS config file
#pdpCfgFilePath:

# Read PDP params from THIS section
pdpCfgSection: NDG_SECURITY.gatekeeper

#
# Settings for Policy Decision Point called by the PEP 

# Address of Attribute Authority for Data Provider
#aaURI: http://aa.ceda.rl.ac.uk
aaURI: http://localhost:5000/AttributeAuthority

# Verify peer cert for SSL connections to Session Manager
sslCACertFilePathList: certs/ndg-test-ca.crt

# Set to file object to dump SOAP message output for debugging
tracefile:

# CA certificates used to verify the signature of user Attribute Certificates
# - space delimited list but note that currently only the CA of this site
# is needed because only mapped Attribute Certificates may be accepted.
acCACertFilePathList: certs/ndg-test-ca.crt

# X.509 Distinguished Name for Attribute Certificate issuer - should match with
# the issuer element of the users Attribute Certificate submitted in order to 
# gain access
acIssuer: /CN=AttributeAuthority/O=NDG Security Test/OU=Site A
#acIssuer: /CN=AttributeAuthority/O=NDG/OU=BADC

# WS-Security signature handler - set a config file with 'wssCfgFilePath'
# or omit and put the relevant content directly in here under the section name
# specified by 'wssCfgSection' below
#wssCfgFilePath: wssecurity.cfg

# Config file section for WS-Security settings - Nb. the gatekeeper shares the
# same settings as the Single Sign On Service.
wssCfgSection: NDG_SECURITY.wssecurity

[RELATED]
icon: %(icondir)srelated_link.png
icon_alt: Related
service_name: Related
icon_title: Links to a RELATED URL
instance: uri

[DISCOVERY]
icon: %(icondir)scatalogue_dservice.png
icon_alt: Catalogue
service_name: Catalogue
default: %(server)s
formatDefault=DIF
icon_title: Links to the DISCOVERY RECORD for this dataset
#standalone: True
standalone: False
#NB, if unset, this will default to the discovery service at ndg.badc.rl.ac.uk
#discoveryServiceURL:http://localhost:8080/axis2/services/DiscoveryService

[MILK_SERVER]
#
# Configure the MILK_SERVER framework here
#

# exception_type: whether OGC servers should send a valid ExceptionReport on errors
#     or use pylon's debugger.  Very useful for debugging OWS controllers.  Default is ogc
#exception_type: ogc
#exception_type: pylons