source: TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/full_deployment/sso/sso.cfg_tmpl @ 7077

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/full_deployment/sso/sso.cfg_tmpl@7077
Revision 7077, 4.8 KB checked in by pjkersha, 9 years ago (diff)
  • Property svn:keywords set to Id
Line 
1#
2# NERC DataGrid Security
3#
4# Single Sign On Service Configuration
5#
6# The %(here)s variable will be replaced with the parent directory of this file
7#
8# Author: P J Kershaw
9# date: 09/01/09
10# Copyright: (C) 2008 STFC
11# license: BSD
12# Contact: Philip.Kershaw@stfc.ac.uk
13# Revision: $$Id$$
14
15[DEFAULT]
16# Server address for secure connections
17#sslServer: https://localhost
18#server:    http://localhost:4000
19sslServer: https://localhost/sso
20server:    http://localhost/sso
21layout:         %(server)s/layout/
22icondir:        %(server)s/layout/icons/
23disclaimer:
24
25# Example of set-up for alternative site graphics...
26
27# Switch to alternative location to pick up public/ dir containing static
28# content such as graphics and stylesheets
29#configDir=%(here)s
30
31# Switch from default templates package to templates/ in alternative directory
32#templatesPackage: ndg.security.server.sso.sso.badc_site.templates
33
34# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
35tracefile: None
36#tracefile: sys.stderr
37
38# WS-Security signature handler - set a config file with 'wssCfgFilePath'
39# or omit and put the relevant content directly in here under
40# 'NDG_SECURITY.wssecurity' section
41#wssCfgFilePath: wssecurity.cfg
42
43# SSL Connections
44#
45# Space separated list of CA cert. files.  The peer cert.
46# must verify against at least one of these otherwise the connection is
47# dropped.
48sslCACertFilePathList: ${installDir}/ca/ndg-test-ca.crt
49
50# Web Services HTTP Proxy fine tuning
51#
52# For most situations, these settings can be ignored and instead make use of
53# the http_proxy environment variable.  They allow for the case where specific
54# settings are needed just for the security web services calls
55
56# Overrides the http_proxy environment variable setting - may be omitted
57#httpProxyHost: wwwcache.rl.ac.uk:8080
58
59# Web service clients pick up the http_proxy environment variable setting by
60# default.  Set this flag to True to ignore http_proxy for web service
61# connections.  To use the http_proxy setting, set this parameter to False or
62# remove it completely from this file.
63ignoreHttpProxyEnv: True
64
65# Flag to enable OpenID login from the Where Are You From? interface - disabled
66# by default
67#enableOpenID: True
68
69# Service addresses - connect to a remote service or provide a key to WSGI
70# environ for a service running locally.  See services.ini to get the key
71# names from the filterID options set
72#sessionMgrURI: http://localhost:8000/SessionManager
73sessionManagerEnvironKey = filter:SessionManagerFilter
74
75# If the Attribute Authority URI is commented out the service will try to
76# connect to an Attribute Authority instance in the local WSG stack
77#attributeAuthorityURI: http://localhost:8000/AttributeAuthority
78attributeAuthorityEnvironKey = filter:AttributeAuthorityFilter
79
80
81[WS-Security]
82
83# Settings for signature of an outbound message ...
84
85# Certificate associated with private key used to sign a message.  The sign
86# method will add this to the BinarySecurityToken element of the WSSE header. 
87# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
88# As an alternative, use 'signingCertChain' parameter
89
90# file path PEM encoded cert
91signingCertFilePath=${installDir}/pki/wsse-clnt.crt
92
93# file path to PEM encoded private key file
94signingPriKeyFilePath=${installDir}/pki/wsse-clnt.key
95
96# Password protecting private key.  Leave blank if there is no password.
97signingPriKeyPwd=
98
99# Pass a list of certificates ',' separated PEM encoded certs constituting a
100# chain of trust from the certificate used to verifying the signature backward
101# to the CA cert.  The CA cert need not be included.  To use this option,
102# reqBinSecTokValType must be set to the X509PKIPathv1
103signingCertChain=
104
105# Provide a space separated list of file paths.  CA Certs should be included
106# for all the sites this installation trusts
107caCertFilePathList=${installDir}/ca/ndg-test-ca.crt
108
109# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
110# signed message. 
111reqBinSecTokValType=X509v3
112
113# Add a timestamp element to an outbound message
114addTimestamp=True
115
116# For WSSE 1.1 - service returns signature confirmation containing signature
117# value sent by client
118applySignatureConfirmation=False
119
120tracefile=sys.stderr
121
122[layout]
123###### user customisable:
124localLink:      http://ndg.nerc.ac.uk/
125localImage:     %(layout)sndg_logo_circle.gif
126localAlt:       visit badc
127###### ought to be the end of the customisations
128ndgLink:        http://ndg.nerc.ac.uk/
129ndgImage:       %(layout)sndg_logo_circle.gif
130ndgAlt:         visit ndg
131stfcLink:       http://ceda.stfc.ac.uk/
132stfcImage:      %(layout)sstfc-circle-sm.gif
133key:            %(icondir)spadlock.png
134keyGrey:        %(layout)skeyG.gif
135selectI:        %(layout)stick.png
136Xicon:          %(icondir)sxml.png
137plot:           %(icondir)splot.png
138printer:        %(icondir)sprinter.png
139helpIcon:       %(icondir)shelp.png
140HdrLeftAlt:     %(layout)sNatural Environment Research Council
141HdrLeftLogo:    %(layout)sNERC_Logo.gif
Note: See TracBrowser for help on using the repository browser.