source: TI05-delivery/ows_framework/trunk/ows_server/ndgDiscovery.config @ 3919

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI05-delivery/ows_framework/trunk/ows_server/ndgDiscovery.config@3919
Revision 3919, 10.8 KB checked in by pjkersha, 12 years ago (diff)

Initial Integration of Single Sign On Service with OpenID and Pylons AuthKit?:

  • WAYF now contains an OpenID textbox for sign in
  • No role integration carried out yet - OpenID has no better privileges than an anonymous user(!)
  • Integrated into Authkit - requires lots of config settings in pylons ini file
  • HTTP 401 error get redirected automatically to WAYF
  • Need to create an AuthKit? egg from SVN 151 checkout - will put on NDG dist

SWITCH OFF security by setting standalone = False in ndgDiscovery.

Line 
1#
2# NDG Configuration File
3# At deployment time the only pieces that a user ought to need to customise
4# will be
5#    - the server address
6#    - it might be necessary to customise the location of the layout directory
7#    - the localLink, localImage and localAlt in the [layout] section
8#
9[DEFAULT]
10#
11# the following is the server on which this browse/discovery instance runs!
12server:         http://localhost
13#server:       http://superglue.badc.rl.ac.uk:8083
14## This is the proxied server root
15#server: http://superglue.badc.rl.ac.uk/ndg-test
16
17#
18# the following is the server on which the NDG discovery service is running! (Not to be confused with
19# the server on which the NDG discovery web service is running). This can and probably should be the local
20# server (i.e. don't change it!)
21#
22ndgServer:      %(server)s
23#
24# this is the physical file location of the layout directory on this machine
25#
26layoutdir:
27#
28# this should never be changed
29#
30##!NOTE: These are changed to  reflect the proxy prefix
31#layout:         /ndg-test/layout/
32#icondir:        /ndg-test/layout/icons/
33layout:          /layout/
34icondir:         /layout/icons/
35
36#
37mailserver:       xxxoutbox.rl.ac.uk
38metadataMaintainer: b.n.lawrence@rl.ac.uk
39repository:        %(server)s
40tbrecipient:      b.n.lawrence@rl.ac.uk
41
42# The following should only be needed for debugging some parts of the code when running on sandboxes behind a firewall
43proxyServer:      http://wwwcache3.rl.ac.uk:8080/
44disclaimer:       
45
46[SEARCH]
47advancedURL:        %(ndgServer)s/discovery
48discoveryURL:       %(ndgServer)s/discovery
49helpURL:            %(ndgServer)s/discovery?help=1
50
51[logging]
52debuglog:        discovery.log
53
54[layout]
55###### user customisable:
56localLink:      %(ndgServer)s/layout/
57localImage:     %(layout)sndg_logo_circle.gif
58localAlt:       visit badc
59###### ought to be the end of the customisations
60ndgLink:        http://ndg.nerc.ac.uk/
61ndgImage:       %(layout)sndg_logo_circle.gif
62ndgAlt:         visit ndg
63stfcLink:       http://ceda.stfc.ac.uk/
64stfcImage:      %(layout)sstfc-circle-sm.gif
65key:            %(icondir)spadlock.png
66keyGrey:        %(layout)skeyG.gif
67selectI:        %(layout)stick.png
68Xicon:          %(icondir)sxml.png
69plot:           %(icondir)splot.png
70printer:        %(icondir)sprinter.png
71helpIcon:       %(icondir)shelp.png
72HdrLeftAlt:     %(layout)s Natural Environment Research Council
73HdrLeftLogo:    %(layout)sNERC_Logo.gif
74
75pageLogo:       %(layout)s20050502_albert-park_silhouetted-trees-and-clouds_02_cropped.jpg
76
77ndgJavascript:  %(layout)sndgJavascript.js
78
79[HELP]
80helpFile:       %(layoutdir)s%(layout)shelp.html
81
82[NDG_A_SERVICE]
83badc.nerc.ac.uk: http://glue.badc.rl.ac.uk/cgi-bin/dxui
84icon: %(icondir)splot.png
85#%(icondir)sdata_aservice.png
86icon_alt: A Service
87service_name: A
88icon_title: LINKS to a DATA BROWSE view of this dataset
89instance: datasetURI_%s
90
91[NDG_B_SERVICE]
92#
93#These are the hosts which are publicly available on which the browse
94#service is running. The list should be of the form repository: hostname
95#where repository is the NDG identifier ....
96#
97neodc.nerc.ac.uk: %(server)s
98badc.nerc.ac.uk: %(server)s
99www.npm.ac.uk: http://wwwdev.neodaas.ac.uk/projects/ndg
100grid.bodc.nerc.ac.uk: http://grid.bodc.nerc.ac.uk
101ndg.noc.soton.ac.uk: http://ndg.noc.soton.ac.uk:8001
102icon: %(icondir)sbrowse_bservice.png
103icon_alt: B Service
104icon_title: Links to a METADATA BROWSE view of this dataset
105service_name: B
106instance: SERVICEHOST/view/URI
107
108[NDG_EXIST]
109#
110# following is a list of repository servers, actually only one is needed,
111# at any one location running browse, and that is the local one. The
112# entire purpose of the rest of the list is to simplify updates. These
113# hosts do not need to be visible outside of corporate firewalls.
114# The list should be of the form repository: hostname where repository
115# is the NDG identifier.
116#
117local: chinook.badc.rl.ac.uk
118badc.nerc.ac.uk: chinook.badc.rl.ac.uk
119neodc.nerc.ac.uk: chinook.badc.rl.ac.uk
120grid.bodc.nerc.ac.uk: grid.bodc.nerc.ac.uk
121ndg.noc.soton.ac.uk: ndg.noc.soton.ac.uk
122www.npm.ac.uk: pgsql.npm.ac.uk
123#passwordFile: /home/bnl/sandboxes/ndg/TI05-delivery/ows_framework/trunk/ows_server/passwords.txt
124passwordFile: ./passwords.txt
125
126#
127# NDG Security
128#
129
130# Security settings for configuration as a client to a Single Sign On Service
131# i.e. Where Are You From, login and logout operations are handled by a
132# separate standalone paster instance
133#[NDG_SECURITY.ssoClient]
134## THIS service's address for secure connections - the Single Sign On service
135## returns security parameters to this service along this channel
136#sslServer: https://localhost
137##sslServer: https://ndgbeta.badc.rl.ac.uk
138#
139## THIS service's address for unencrypted connections - when login is complete,
140## the BaseController redirects to an equivalent address under this host name.
141## sslServer and server settings must match for the sharing of cookies.
142#server: http://localhost
143#
144## WAYF running on Single Sign On Service - omit to default to WAYF running on
145## THIS paster instance
146#wayfURI:               https://localhost/sso/wayf
147#
148## Logout URI running on Single Sign On Service - omit to default to logout
149## running on THIS paster instance
150#logoutURI:             https://localhost/sso/logout
151
152# Security settings for running a Single Sign On Service from this paster
153# instance.  Either NDG_SECURITY.ssoClient or NDG_SECURITY.ssoService sections
154# should be set but NOT both
155
156# Single Sign On Service Settings
157[NDG_SECURITY.ssoService]
158
159# THIS service's address for secure connections - the Single Sign On service
160# returns security parameters to this service along this channel
161sslServer: https://localhost
162#sslServer: https://ndgbeta.badc.rl.ac.uk
163
164# THIS service's address for unencrypted connections - when login is complete,
165# the BaseController redirects to an equivalent address under this host name.
166# sslServer and server settings must match for the sharing of cookies.
167server: http://localhost
168
169enableOpenID: True
170
171# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
172tracefile: None
173#tracefile: sys.stderr
174
175# Service addresses
176sessionMgrURI: https://localhost/SessionManager
177#sessionMgrURI: https://ndgbeta.badc.rl.ac.uk/SessionManager
178attAuthorityURI: http://localhost:5000/AttributeAuthority
179#attAuthorityURI: http://aa.ceda.rl.ac.uk
180
181# SSL Connections
182#
183# Space separated list of CA cert. files.  The peer cert.
184# must verify against at least one of these otherwise the connection is
185# dropped.  Include CA certs for all the sites trusted
186sslCACertFilePathList: certs/ndg-test-ca.crt
187
188# Web Services HTTP Proxy fine tuning
189#
190# For most situations, these settings can be ignored and instead make use of
191# the http_proxy environment variable.  They allow for the case where specific
192# settings are needed just for the security web services calls
193
194# Overrides the http_proxy environment variable setting - may be omitted
195#httpProxyHost: wwwcache.rl.ac.uk:8080
196
197# Web service clients pick up the http_proxy environment variable setting by
198# default.  Set this flag to True to ignore http_proxy for web service
199# connections.  To use the http_proxy setting, set this parameter to False or
200# remove it completely from this file.
201ignoreHttpProxyEnv: True
202
203# WS-Security signature handler - set a config file with 'wssCfgFilePath'
204# or omit and put the relevant content directly in here under
205# 'NDG_SECURITY.wssecurity' section
206#wssCfgFilePath: wssecurity.cfg
207
208[NDG_SECURITY.wssecurity]
209
210# Settings for signature of an outbound message ...
211
212# Certificate associated with private key used to sign a message.  The sign
213# method will add this to the BinarySecurityToken element of the WSSE header. 
214# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
215# As an alternative, use 'signingCertChain' parameter
216
217# file path PEM encoded cert
218signingCertFilePath=certs/clnt.crt
219
220# file path to PEM encoded private key file
221signingPriKeyFilePath=certs/clnt.key
222
223# Password protecting private key.  Leave blank if there is no password.
224signingPriKeyPwd=
225
226# Provide a space separated list of file paths.  CA Certs should be included
227# for all the sites this installation trusts
228caCertFilePathList=certs/ndg-test-ca.crt
229
230# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
231# signed message. 
232reqBinSecTokValType=X509v3
233
234# Add a timestamp element to an outbound message
235addTimestamp=True
236
237# For WSSE 1.1 - service returns signature confirmation containing signature
238# value sent by client
239applySignatureConfirmation=False
240
241#
242# Gatekeeper settings
243#
244[NDG_SECURITY.gatekeeper]
245#
246# Policy Enforcement Point calls a Policy Decision Point interface:
247
248# File path to Python module containing the PDP class - leave blank if the
249# module is in PYTHONPATH env var
250pdpModFilePath:
251
252# Name of PDP Python module
253pdpModName: ndg.security.common.authz.pdp.browse
254
255# Name of PDP class used
256pdpClassName: BrowsePDP
257
258# File Path to configuration file used by PDP class (environment variables
259# can be used in this path e.g. $PDP_CONFIG_DIR/pdp.cfg.  Omit this parameter
260# to make the PEP read the PDP settings from THIS config file
261#pdpCfgFilePath:
262
263# Read PDP params from THIS section
264pdpCfgSection: NDG_SECURITY.gatekeeper
265
266#
267# Settings for Policy Decision Point called by the PEP
268
269# Address of Attribute Authority for Data Provider
270aaURI:
271
272# CA certificates used to verify peer certs from Session Manager SSL
273# connections - space delimited list
274sslCACertFilePathList:
275
276# Set to file object to dump SOAP message output for debugging
277tracefile:
278
279# CA certificates used to verify the signature of user Attribute Certificates
280# - space delimited list but note that currently only the CA of this site
281# is needed because only mapped Attribute Certificates may be accepted.
282acCACertFilePathList: certs/ndg-test-ca.crt
283
284# X.509 Distinguished Name for Attribute Certificate issuer - should match with
285# the issuer element of the users Attribute Certificate submitted in order to
286# gain access
287acIssuer: /CN=AttributeAuthority/O=NDG Security Test/OU=Site A
288#acIssuer: /CN=AttributeAuthority/O=NDG/OU=BADC
289
290# WS-Security signature handler - set a config file with 'wssCfgFilePath'
291# or omit and put the relevant content directly in here under the section name
292# specified by 'wssCfgSection' below
293#wssCfgFilePath: wssecurity.cfg
294
295# Config file section for WS-Security settings - Nb. the gatekeeper shares the
296# same settings as the Single Sign On Service.
297wssCfgSection: NDG_SECURITY.wssecurity
298
299[RELATED]
300icon: %(icondir)srelated_link.png
301icon_alt: Related
302service_name: Related
303icon_title: Links to a RELATED URL
304instance: uri
305
306[DISCOVERY]
307icon: %(icondir)scatalogue_dservice.png
308icon_alt: Catalogue
309service_name: Catalogue
310default: %(server)s
311formatDefault=DIF
312icon_title: Links to the DISCOVERY RECORD for this dataset
313#standalone: True
314standalone: False
315
316[OWS_SERVER]
317#
318# Configure the OWS_SERVER framework here
319#
320
321# exception_type: whether OGC servers should send a valid ExceptionReport on errors
322#     or use pylon's debugger.  Very useful for debugging OWS controllers.  Default is ogc
323#exception_type: ogc
324#exception_type: pylons
325
Note: See TracBrowser for help on using the repository browser.