source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/siteb/site-b.ini @ 6575

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/siteb/site-b.ini@6575
Revision 6575, 6.3 KB checked in by pjkersha, 11 years ago (diff)

Changes for addition of AuthzDecisionQuery? WSGI interface (Authorisation service)

Line 
1#
2# PasteDeploy ini file for Attribute Authority Unit tests Site A Server
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 12/09/08
7#
8# Copyright (C) 2009 Science and Technology Facilities Council
9#
10# BSD - See LICENCE file for details
11
12[DEFAULT]
13attributeAuthorityEnvironKeyName = attribute-authority
14attributeQueryInterfaceEnvironKeyName = attributeQueryInterface
15
16[server:main]
17use = egg:Paste#http
18host = 0.0.0.0
19port = 5100
20
21[app:mainApp]
22paste.app_factory = ndg.security.test.config.attributeauthority.siteb.siteBServerApp:app_factory
23
24# Chain of SOAP Middleware filters
25[pipeline:main]
26pipeline = AttributeAuthorityFilter
27                   wsseSignatureVerificationFilter
28                   AttributeAuthorityWsdlSoapBindingFilter
29                   wsseSignatureFilter
30                   AttributeAuthoritySamlSoapBindingFilter
31                   mainApp
32
33
34
35[filter:AttributeAuthorityFilter]
36paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthorityMiddleware.filter_app_factory
37prefix = attributeAuthority.
38
39# Key name by which the WSDL SOAP based interface may reference this
40# service
41attributeAuthority.environKeyName = %(attributeAuthorityEnvironKeyName)s
42
43# Key name for the SAML SOAP binding based interface to reference this
44# service's attribute query method
45attributeAuthority.environKeyNameAttributeQueryInterface: %(attributeQueryInterfaceEnvironKeyName)s
46
47# Attribute Authority settings
48# 'name' setting MUST agree with map config file 'thisHost' name attribute
49attributeAuthority.name: Site B
50
51# Lifetime is measured in seconds
52attributeAuthority.attCertLifetime: 28800 
53
54# Allow an offset for clock skew between servers running
55# security services. NB, measured in seconds - use a minus sign for time in the
56# past
57attributeAuthority.attCertNotBeforeOff: 0
58
59# All Attribute Certificates issued are recorded in this dir
60attributeAuthority.attCertDir: %(here)s/attributeCertificateLog
61
62# Files in attCertDir are stored using a rotating file handler
63# attCertFileLogCnt sets the max number of files created before the first is
64# overwritten
65attributeAuthority.attCertFileName: ac.xml
66attributeAuthority.attCertFileLogCnt: 16
67attributeAuthority.dnSeparator:/
68
69# Location of role mapping file
70attributeAuthority.mapConfigFilePath: %(here)s/siteBMapConfig.xml
71
72# Settings for custom AttributeInterface derived class to get user roles for given
73# user ID
74attributeAuthority.attributeInterface.modFilePath: %(here)s
75attributeAuthority.attributeInterface.modName: siteBUserRoles
76attributeAuthority.attributeInterface.className: TestUserRoles
77
78# Config for XML signature of Attribute Certificate
79attributeAuthority.signingPriKeyFilePath: %(here)s/siteB-aa.key
80attributeAuthority.signingCertFilePath: %(here)s/siteB-aa.crt
81attributeAuthority.caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
82
83
84# SOAP WSDL Based Binding to the Attribute Authority
85[filter:AttributeAuthorityWsdlSoapBindingFilter]
86paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthoritySOAPBindingMiddleware.filter_app_factory
87prefix = service.soap.binding.
88attributeAuthoritySOAPBindingPrefix = attributeauthority.service.soap.binding.
89
90service.soap.binding.referencedFilters = wsseSignatureVerificationFilter01
91service.soap.binding.path = /AttributeAuthority
92service.soap.binding.enableWSDLQuery = True
93service.soap.binding.charset = utf-8
94service.soap.binding.serviceSOAPBindingEnvironKeyName = ndg.security.server.wsgi.attributeauthority.AttributeAuthoritySOAPBindingMiddleware
95
96attributeauthority.service.soap.binding.attributeAuthorityEnvironKeyName = %(attributeAuthorityEnvironKeyName)s
97attributeauthority.service.soap.binding.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
98
99
100# SAML SOAP Binding to the Attribute Authority
101[filter:AttributeAuthoritySamlSoapBindingFilter]
102paste.filter_app_factory = ndg.security.server.wsgi.saml.attributeinterface:SOAPAttributeInterfaceMiddleware.filter_app_factory
103prefix = saml.soapbinding.
104
105saml.soapbinding.pathMatchList = /attributeauthority/saml
106saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s
107
108
109[filter:wsseSignatureVerificationFilter]
110paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter.filter_app_factory
111filterID = wsseSignatureVerificationFilter01
112
113# Settings for WS-Security SignatureHandler class used by this filter
114wsseCfgFilePrefix = wssecurity
115
116# Verify against known CAs - Provide a space separated list of file paths
117wssecurity.caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
118
119[filter:wsseSignatureFilter]
120paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter.filter_app_factory
121
122# Reference the verification filter in order to be able to apply signature
123# confirmation
124referencedFilters = wsseSignatureVerificationFilter01
125wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
126
127# Last filter in chain SOAP handlers writes the response
128writeResponse = True
129
130# Settings for WS-Security SignatureHandler class used by this filter
131wsseCfgFilePrefix = wssecurity
132
133# Certificate associated with private key used to sign a message.  The sign
134# method will add this to the BinarySecurityToken element of the WSSE header. 
135wssecurity.signingCertFilePath=%(here)s/siteB-aa.crt
136
137# PEM encoded private key file
138wssecurity.signingPriKeyFilePath=%(here)s/siteB-aa.key
139
140# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
141# signed message.  See __setReqBinSecTokValType method and binSecTokValType
142# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
143# give full namespace to alternative - see
144# ZSI.wstools.Namespaces.OASIS.X509TOKEN
145#
146# binSecTokValType determines whether signingCert or signingCertChain
147# attributes will be used.
148wssecurity.reqBinSecTokValType=X509v3
149
150# Add a timestamp element to an outbound message
151wssecurity.addTimestamp=True
152
153# For WSSE 1.1 - service returns signature confirmation containing signature
154# value sent by client
155wssecurity.applySignatureConfirmation=True
156
157
158# Logging configuration
159[loggers]
160keys = root, ndg
161
162[handlers]
163keys = console
164
165[formatters]
166keys = generic
167
168[logger_root]
169level = INFO
170handlers = console
171
172[logger_ndg]
173level = DEBUG
174handlers =
175qualname = ndg
176
177[handler_console]
178class = StreamHandler
179args = (sys.stderr,)
180level = NOTSET
181formatter = generic
182
183[formatter_generic]
184format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
185datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.