source: TI12-security/trunk/NDGSecurity/python/Tests/etreewss/server/wssecurity.cfg @ 7155

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/Tests/etreewss/server/wssecurity.cfg@7155
Revision 7155, 3.2 KB checked in by pjkersha, 9 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • migrating to ndg.saml and ndg.soap imports now that SAML WSGI middleware has moved to ndg.saml egg.
  • Property svn:keywords set to Id
Line 
1# Configuration file for WS-Security settings
2#
3# NERC Data Grid Project
4#
5# P J Kershaw 01/04/08
6#
7# Copyright (C) 2009 Science and Technology Facilities Council
8#
9# This software may be distributed under the terms of the Q Public License,
10# version 1.0 or later.
11#
12# TODO: Refactor option names - put into inbound and outbound sections / apply
13# namespace prefixes to better categorise
14[DEFAULT]
15
16#
17# OUTBOUND MESSAGE CONFIG
18
19# Signature of an outbound message
20
21# Certificate associated with private key used to sign a message.  The sign
22# method will add this to the BinarySecurityToken element of the WSSE header. 
23# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
24# As an alternative, use signingCertChain - see below...
25
26# Provide the PEM encoded content here
27signingCert=
28
29# ... or provide file path PEM encode cert here
30signingCertFilePath=$NDGSEC_WSSESRV_UNITTEST_DIR/server.crt
31
32# Pass a list of certificates ',' separated PEM encoded certs constituting a
33# chain of trust from the certificate used to verifying the signature backward
34# to the CA cert.  The CA cert need not be included.  To use this option,
35# reqBinSecTokValType must be set to the X509PKIPathv1
36signingCertChain=
37
38# PEM encoded content of private key file used by sign method to sign message
39signingPriKey=
40
41# ... or provide file path to PEM encoded private key file
42signingPriKeyFilePath=$NDGSEC_WSSESRV_UNITTEST_DIR/server.key
43
44# Password protecting private key.  Leave blank if there is no password.
45signingPriKeyPwd=
46
47# Set CA certificates for verification of chain of trust for inbound messages
48# Set a directory from which to pick up CA cert files or ...
49caCertDirPath=
50
51# Provide a space separated list of file paths
52caCertFilePathList=$NDGSEC_WSSESRV_UNITTEST_DIR/d573507a.0
53
54# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
55# signed message.  See __setReqBinSecTokValType method and binSecTokValType
56# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
57# give full namespace to alternative - see
58# ZSI.wstools.Namespaces.OASIS.X509TOKEN
59#
60# binSecTokValType determines whether signingCert or signingCertChain
61# attributes will be used.
62reqBinSecTokValType=X509v3
63
64# Add a timestamp element to an outbound message
65addTimestamp=True
66
67# For WSSE 1.1 - service returns signature confirmation containing signature
68# value sent by client
69applySignatureConfirmation=False
70
71# Inclusive namespace prefixes - for Exclusive Canonicalisation only
72# TODO: include option to set C14N algorithm - C14N currently set to Exclusive
73
74# Inclusive namespace prefixes Canonicalisation of reference elements -
75# space separated list e.g. refC14nInclNS=wsse ds ns1
76refC14nInclNS=
77
78# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element -
79# same format as the above
80signedInfoC14nInclNS=
81
82#
83# INBOUND MESSAGE CONFIG
84
85# X.509 certificate used by verify method to verify a message.  This argument
86# can be omitted if the message to be verified contains the X.509 certificate
87# in the BinarySecurityToken element.  In this case, the cert read from the
88# message will be assigned to the verifyingCert attribute.
89
90# Provide the PEM encoded content here
91verifyingCert=
92
93# ... or provide file path PEM encode cert here
94verifyingCertFilePath=
Note: See TracBrowser for help on using the repository browser.