source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini @ 6575

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini@6575
Revision 6575, 6.6 KB checked in by pjkersha, 11 years ago (diff)

Changes for addition of AuthzDecisionQuery? WSGI interface (Authorisation service)

Line 
1#
2# PasteDeploy ini file for Attribute Authority Unit tests Site A Server
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 12/09/08
7#
8# Copyright (C) 2009 Science and Technology Facilities Council
9#
10# BSD - See LICENCE file for details
11
12[DEFAULT]
13attributeAuthorityEnvironKeyName = attribute-authority
14attributeQueryInterfaceEnvironKeyName = attributeQueryInterface
15
16[server:main]
17use = egg:Paste#http
18host = 0.0.0.0
19port = 5000
20
21[app:mainApp]
22paste.app_factory = ndg.security.test.config.attributeauthority.sitea.siteAServerApp:app_factory
23
24# Chain of SOAP Middleware filters - Nb. WS-Security filters apply to the SOAP
25# Binding filter only.
26[pipeline:main]
27pipeline = AttributeAuthorityFilter
28                   wsseSignatureVerificationFilter
29                   AttributeAuthorityWsdlSoapBindingFilter
30                   wsseSignatureFilter
31                   AttributeAuthoritySamlSoapBindingFilter
32                   mainApp
33
34
35[filter:AttributeAuthorityFilter]
36paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthorityMiddleware.filter_app_factory
37prefix = attributeAuthority.
38
39# Key name by which the WSDL SOAP based interface may reference this
40# service
41attributeAuthority.environKeyName = %(attributeAuthorityEnvironKeyName)s
42
43# Key name for the SAML SOAP binding based interface to reference this
44# service's attribute query method
45attributeAuthority.environKeyNameAttributeQueryInterface: %(attributeQueryInterfaceEnvironKeyName)s
46
47# Attribute Authority settings
48# 'name' setting MUST agree with map config file 'thisHost' name attribute
49attributeAuthority.name: Site A
50
51# Lifetime is measured in seconds
52attributeAuthority.attCertLifetime: 28800 
53
54# Allow an offset for clock skew between servers running
55# security services. NB, measured in seconds - use a minus sign for time in the
56# past
57attributeAuthority.attCertNotBeforeOff: 0
58
59# Clock skew for SAML Attribute Queries - allow clockSkew number of seconds
60# tolerance for query issueInstant parameter. Set here to 3 minutes
61attributeAuthority.clockSkew: 180.0
62
63# All Attribute Certificates issued are recorded in this dir
64attributeAuthority.attCertDir: %(here)s/attributeCertificateLog
65
66# Files in attCertDir are stored using a rotating file handler
67# attCertFileLogCnt sets the max number of files created before the first is
68# overwritten
69attributeAuthority.attCertFileName: ac.xml
70attributeAuthority.attCertFileLogCnt: 16
71attributeAuthority.dnSeparator:/
72
73# Location of role mapping file
74attributeAuthority.mapConfigFilePath: %(here)s/siteAMapConfig.xml
75
76# Settings for custom AttributeInterface derived class to get user roles for given
77# user ID
78attributeAuthority.attributeInterface.modFilePath: %(here)s
79attributeAuthority.attributeInterface.modName: siteAUserRoles
80attributeAuthority.attributeInterface.className: TestUserRoles
81
82# Config for XML signature of Attribute Certificate
83attributeAuthority.signingPriKeyFilePath: %(here)s/siteA-aa.key
84attributeAuthority.signingCertFilePath: %(here)s/siteA-aa.crt
85attributeAuthority.caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
86
87
88# SOAP WSDL Based Binding to the Attribute Authority
89[filter:AttributeAuthorityWsdlSoapBindingFilter]
90paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthoritySOAPBindingMiddleware.filter_app_factory
91prefix = service.soap.binding.
92attributeAuthoritySOAPBindingPrefix = attributeauthority.service.soap.binding.
93
94service.soap.binding.referencedFilters = wsseSignatureVerificationFilter01
95service.soap.binding.path = /AttributeAuthority
96service.soap.binding.enableWSDLQuery = True
97service.soap.binding.charset = utf-8
98service.soap.binding.serviceSOAPBindingEnvironKeyName = ndg.security.server.wsgi.attributeauthority.AttributeAuthoritySOAPBindingMiddleware
99
100attributeauthority.service.soap.binding.attributeAuthorityEnvironKeyName = %(attributeAuthorityEnvironKeyName)s
101attributeauthority.service.soap.binding.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
102
103
104# SAML SOAP Binding to the Attribute Authority
105[filter:AttributeAuthoritySamlSoapBindingFilter]
106paste.filter_app_factory = ndg.security.server.wsgi.saml.attributeinterface:SOAPAttributeInterfaceMiddleware.filter_app_factory
107prefix = saml.soapbinding.
108
109saml.soapbinding.pathMatchList = /AttributeAuthority/saml
110saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s
111
112
113[filter:wsseSignatureVerificationFilter]
114paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter.filter_app_factory
115filterID = wsseSignatureVerificationFilter01
116
117# Settings for WS-Security SignatureHandler class used by this filter
118wsseCfgFilePrefix = wssecurity
119
120# Verify against known CAs - Provide a space separated list of file paths
121wssecurity.caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
122
123[filter:wsseSignatureFilter]
124paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter.filter_app_factory
125
126# Reference the verification filter in order to be able to apply signature
127# confirmation
128referencedFilters = wsseSignatureVerificationFilter01
129wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
130
131# Last filter in chain SOAP handlers writes the response
132writeResponse = True
133
134# Settings for WS-Security SignatureHandler class used by this filter
135wsseCfgFilePrefix = wssecurity
136
137# Certificate associated with private key used to sign a message.  The sign
138# method will add this to the BinarySecurityToken element of the WSSE header. 
139wssecurity.signingCertFilePath=%(here)s/siteA-aa.crt
140
141# PEM encoded private key file
142wssecurity.signingPriKeyFilePath=%(here)s/siteA-aa.key
143
144# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
145# signed message.  See __setReqBinSecTokValType method and binSecTokValType
146# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
147# give full namespace to alternative - see
148# ZSI.wstools.Namespaces.OASIS.X509TOKEN
149#
150# binSecTokValType determines whether signingCert or signingCertChain
151# attributes will be used.
152wssecurity.reqBinSecTokValType=X509v3
153
154# Add a timestamp element to an outbound message
155wssecurity.addTimestamp=True
156
157# For WSSE 1.1 - service returns signature confirmation containing signature
158# value sent by client
159wssecurity.applySignatureConfirmation=True
160
161
162# Logging configuration
163[loggers]
164keys = root, ndg
165
166[handlers]
167keys = console
168
169[formatters]
170keys = generic
171
172[logger_root]
173level = INFO
174handlers = console
175
176[logger_ndg]
177level = DEBUG
178handlers = 
179qualname = ndg
180
181[handler_console]
182class = StreamHandler
183args = (sys.stderr,)
184level = NOTSET
185formatter = generic
186
187[formatter_generic]
188format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
189datefmt = %Y/%m/%d %H:%M:%S
Note: See TracBrowser for help on using the repository browser.