source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini @ 6615

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini@6615
Revision 6615, 7.0 KB checked in by pjkersha, 10 years ago (diff)

AuthzService? unit test wiht ndg.security.server.wsgi.authzservice.AuthzServiceMiddleware? near complete. Fixes required to PIP callout to Attribute Authority.

Line 
1#
2# PasteDeploy ini file for Attribute Authority Unit tests Site A Server
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 12/09/08
7#
8# Copyright (C) 2009 Science and Technology Facilities Council
9#
10# BSD - See LICENCE file for details
11
12[DEFAULT]
13attributeAuthorityEnvironKeyName = attribute-authority
14attributeQueryInterfaceEnvironKeyName = attributeQueryInterface
15attributeAuthoritySoapWsdlServicePath = /AttributeAuthority
16
17[server:main]
18use = egg:Paste#http
19host = 0.0.0.0
20port = 5000
21
22[app:mainApp]
23paste.app_factory = ndg.security.test.config.attributeauthority.sitea.siteAServerApp:app_factory
24
25# Chain of SOAP Middleware filters - Nb. WS-Security filters apply to the SOAP
26# Binding filter only.
27[pipeline:main]
28pipeline = AttributeAuthorityFilter
29                   wsseSignatureVerificationFilter
30                   AttributeAuthorityWsdlSoapBindingFilter
31                   wsseSignatureFilter
32                   AttributeAuthoritySamlSoapBindingFilter
33                   mainApp
34
35
36[filter:AttributeAuthorityFilter]
37paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthorityMiddleware.filter_app_factory
38prefix = attributeAuthority.
39
40# Key name by which the WSDL SOAP based interface may reference this
41# service
42attributeAuthority.environKeyName = %(attributeAuthorityEnvironKeyName)s
43
44# Key name for the SAML SOAP binding based interface to reference this
45# service's attribute query method
46attributeAuthority.environKeyNameAttributeQueryInterface: %(attributeQueryInterfaceEnvironKeyName)s
47
48# Attribute Authority settings
49# 'name' setting MUST agree with map config file 'thisHost' name attribute
50attributeAuthority.name: Site A
51
52# Lifetime is measured in seconds
53attributeAuthority.attCertLifetime: 28800 
54
55# Allow an offset for clock skew between servers running
56# security services. NB, measured in seconds - use a minus sign for time in the
57# past
58attributeAuthority.attCertNotBeforeOff: 0
59
60# Clock skew for SAML Attribute Queries - allow clockSkew number of seconds
61# tolerance for query issueInstant parameter. Set here to 3 minutes
62attributeAuthority.clockSkew: 180.0
63
64# All Attribute Certificates issued are recorded in this dir
65attributeAuthority.attCertDir: %(here)s/attributeCertificateLog
66
67# Files in attCertDir are stored using a rotating file handler
68# attCertFileLogCnt sets the max number of files created before the first is
69# overwritten
70attributeAuthority.attCertFileName: ac.xml
71attributeAuthority.attCertFileLogCnt: 16
72attributeAuthority.dnSeparator:/
73
74# Location of role mapping file
75attributeAuthority.mapConfigFilePath: %(here)s/siteAMapConfig.xml
76
77# Settings for custom AttributeInterface derived class to get user roles for given
78# user ID
79attributeAuthority.attributeInterface.modFilePath: %(here)s
80attributeAuthority.attributeInterface.modName: siteAUserRoles
81attributeAuthority.attributeInterface.className: TestUserRoles
82
83# Config for XML signature of Attribute Certificate
84attributeAuthority.signingPriKeyFilePath: %(here)s/siteA-aa.key
85attributeAuthority.signingCertFilePath: %(here)s/siteA-aa.crt
86attributeAuthority.caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
87
88
89# SOAP WSDL Based Binding to the Attribute Authority
90[filter:AttributeAuthorityWsdlSoapBindingFilter]
91paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthoritySOAPBindingMiddleware.filter_app_factory
92prefix = service.soap.binding.
93attributeAuthoritySOAPBindingPrefix = attributeauthority.service.soap.binding.
94
95service.soap.binding.referencedFilters = wsseSignatureVerificationFilter01
96service.soap.binding.path = %(attributeAuthoritySoapWsdlServicePath)s
97service.soap.binding.enableWSDLQuery = True
98service.soap.binding.charset = utf-8
99service.soap.binding.serviceSOAPBindingEnvironKeyName = ndg.security.server.wsgi.attributeauthority.AttributeAuthoritySOAPBindingMiddleware
100
101attributeauthority.service.soap.binding.attributeAuthorityEnvironKeyName = %(attributeAuthorityEnvironKeyName)s
102attributeauthority.service.soap.binding.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
103
104
105# SAML SOAP Binding to the Attribute Authority
106[filter:AttributeAuthoritySamlSoapBindingFilter]
107paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPQueryInterfaceMiddleware.filter_app_factory
108prefix = saml.soapbinding.
109
110saml.soapbinding.deserialise = ndg.saml.xml.etree:AttributeQueryElementTree.fromXML
111
112# Specialisation to incorporate ESG Group/Role type
113saml.soapbinding.serialise = ndg.security.common.saml_utils.esg.xml.etree:EsgResponseElementTree.toXML
114
115saml.soapbinding.pathMatchList = /AttributeAuthority/saml
116saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s
117
118
119[filter:wsseSignatureVerificationFilter]
120paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter.filter_app_factory
121filterID = wsseSignatureVerificationFilter01
122path = %(attributeAuthoritySoapWsdlServicePath)s
123
124# Settings for WS-Security SignatureHandler class used by this filter
125wsseCfgFilePrefix = wssecurity
126
127# Verify against known CAs - Provide a space separated list of file paths
128wssecurity.caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
129
130[filter:wsseSignatureFilter]
131paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter.filter_app_factory
132path = %(attributeAuthoritySoapWsdlServicePath)s
133
134# Reference the verification filter in order to be able to apply signature
135# confirmation
136referencedFilters = wsseSignatureVerificationFilter01
137wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
138
139# Last filter in chain SOAP handlers writes the response
140writeResponse = True
141
142# Settings for WS-Security SignatureHandler class used by this filter
143wsseCfgFilePrefix = wssecurity
144
145# Certificate associated with private key used to sign a message.  The sign
146# method will add this to the BinarySecurityToken element of the WSSE header. 
147wssecurity.signingCertFilePath=%(here)s/siteA-aa.crt
148
149# PEM encoded private key file
150wssecurity.signingPriKeyFilePath=%(here)s/siteA-aa.key
151
152# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
153# signed message.  See __setReqBinSecTokValType method and binSecTokValType
154# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
155# give full namespace to alternative - see
156# ZSI.wstools.Namespaces.OASIS.X509TOKEN
157#
158# binSecTokValType determines whether signingCert or signingCertChain
159# attributes will be used.
160wssecurity.reqBinSecTokValType=X509v3
161
162# Add a timestamp element to an outbound message
163wssecurity.addTimestamp=True
164
165# For WSSE 1.1 - service returns signature confirmation containing signature
166# value sent by client
167wssecurity.applySignatureConfirmation=True
168
169
170# Logging configuration
171[loggers]
172keys = root, ndg
173
174[handlers]
175keys = console
176
177[formatters]
178keys = generic
179
180[logger_root]
181level = INFO
182handlers = console
183
184[logger_ndg]
185level = DEBUG
186handlers = 
187qualname = ndg
188
189[handler_console]
190class = StreamHandler
191args = (sys.stderr,)
192level = NOTSET
193formatter = generic
194
195[formatter_generic]
196format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
197datefmt = %Y/%m/%d %H:%M:%S
Note: See TracBrowser for help on using the repository browser.