source: TI12-security/trunk/NDGSecurity/python/Tests/ndgsecuredpylons/secured.ini @ 7080

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/Tests/ndgsecuredpylons/secured.ini@7080
Revision 7080, 4.1 KB checked in by pjkersha, 9 years ago (diff)
  • Property svn:keywords set to Id
Line 
1#
2# ndg-secured-pylons - Pylons development environment configuration
3#
4# The %(here)s variable will be replaced with the parent directory of this file
5#
6[DEFAULT]
7#debug = True
8# Uncomment and replace with the address which should receive any error reports
9#email_to = you@yourdomain.com
10smtp_server = localhost
11error_email_from = paste@localhost
12testConfigDir = ../../ndg.security.test/ndg/security/test/config
13
14[server:main]
15use = egg:Paste#http
16host = 0.0.0.0
17port = 5000
18
19[pipeline:main]
20pipeline = AuthenticationFilter AuthorizationFilter pylonsApp
21
22[app:pylonsApp]
23use = egg:ndgsecuredpylons
24full_stack = true
25cache_dir = %(here)s/data
26beaker.session.key = ndgsecuredpylons
27beaker.session.secret = somesecret
28full_stack=False
29
30# If you'd like to fine-tune the individual locations of the cache data dirs
31# for the Cache data, or the Session saves, un-comment the desired settings
32# here:
33#beaker.cache.data_dir = %(here)s/data/cache
34#beaker.session.data_dir = %(here)s/data/sessions
35
36# WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*
37# Debug mode will enable the interactive debugging tool, allowing ANYONE to
38# execute malicious code after an exception is raised.
39#set debug = false
40
41[filter:AuthenticationFilter]
42paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
43prefix = authN.
44
45# Set redirect for OpenID Relying Party in the Security Services app instance
46authN.redirectURI = http://localhost:7443/verify
47
48# Beaker Session set-up
49beaker.session.key = ndg.security.session
50beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
51beaker.cache.data_dir = %(here)s/authn/beaker/cache
52beaker.session.data_dir = %(here)s/authn/beaker/sessions
53
54# AuthKit Set-up
55authkit.setup.method=cookie
56
57# This cookie name and secret MUST agree with the name used by the security web
58# services app
59authkit.cookie.name=ndg.security.auth
60authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
61authkit.cookie.signoutpath = /logout
62
63# Disable inclusion of client IP address from cookie signature due to
64# suspected problem with AuthKit setting it when a HTTP Proxy is in place
65authkit.cookie.includeip = False
66
67[filter:AuthorizationFilter]
68paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
69prefix = authz.
70policy.filePath = %(here)s/policy.xml
71
72# Settings for Policy Information Point used by the Policy Decision Point to
73# retrieve subject attributes from the Attribute Authority associated with the
74# resource to be accessed
75pip.sslCACertFilePathList=
76
77# List of CA certificates used to verify the signatures of
78# Attribute Certificates retrieved
79pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
80
81#
82# WS-Security Settings for call to Session Manager
83
84# Signature of an outbound message
85
86# Certificate associated with private key used to sign a message.  The sign
87# method will add this to the BinarySecurityToken element of the WSSE header. 
88# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
89# As an alternative, use signingCertChain - see below...
90
91# PEM encode cert
92pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
93
94# PEM encoded private key file
95pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
96
97# Password protecting private key.  Leave blank if there is no password.
98pip.wssecurity.signingPriKeyPwd=
99
100# For signature verification.  Provide a space separated list of file paths
101pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
102
103# ValueType for the BinarySecurityToken added to the WSSE header
104pip.wssecurity.reqBinSecTokValType=X509v3
105
106# Add a timestamp element to an outbound message
107pip.wssecurity.addTimestamp=True
108
109# Logging configuration
110[loggers]
111keys = root, ndgsecuredpylons
112
113[handlers]
114keys = console
115
116[formatters]
117keys = generic
118
119[logger_root]
120level = INFO
121handlers = console
122
123[logger_ndgsecuredpylons]
124level = DEBUG
125handlers =
126qualname = ndgsecuredpylons
127
128[handler_console]
129class = StreamHandler
130args = (sys.stderr,)
131level = NOTSET
132formatter = generic
133
134[formatter_generic]
135format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
136datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.