source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini @ 6440

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini@6440
Revision 6440, 22.0 KB checked in by pjkersha, 10 years ago (diff)
  • #1088 Important fix to AuthnRedirectResponseMiddleware? to set redirect ONLY when SSL client authentication has just succeeded in the upstream middleware AuthKitSSLAuthnMiddleware. This bug was causing the browser to redirect to the wrong place following OpenID sign in in the case where the user is already logged into their provider and selects a new relying party to sign into.
    • Improvements to Provider decide page interface: leave out messages about attributes that the provider can't retrieve for the RP. Also included NDG style help icon.
Line 
1#
2# NERC DataGrid Security
3#
4# Paste configuration for combined Attribute Authority, OpenID Relying Party
5# and Provider services
6#
7# The %(here)s variable will be replaced with the parent directory of this file
8#
9# Author: P J Kershaw
10# date: 01/07/09
11# Copyright: (C) 2009 Science and Technology Facilities Council
12# license: BSD - see LICENSE file in top-level directory
13# Contact: Philip.Kershaw@stfc.ac.uk
14# Revision: $Id:$
15
16[DEFAULT]
17portNum = 7443
18hostname = localhost
19scheme = https
20baseURI = %(scheme)s://%(hostname)s:%(portNum)s
21openIDProviderIDBase = /openid
22openIDProviderIDSelectURI = %(baseURI)s%(openIDProviderIDBase)s
23testConfigDir = %(here)s/../../config
24beakerSessionKeyName = beaker.session.ndg.security.services
25
26# Global Attribute Authority Settings
27attributeAuthorityEnvironKeyName = ndg.security.server.attributeauthority.AttributeAuthority
28attributeQueryInterfaceEnvironKeyName = ndg.security.server.attributeauthority.attributeQueryInterface
29
30dbConnectionString = sqlite:///%(testConfigDir)s/user.db
31
32[server:main]
33use = egg:Paste#http
34host = 0.0.0.0
35port = %(portNum)s
36
37# Provider borrows content from RP static content dir so the cascade is not
38# needed(!)
39#[filter-app:OpenIDProviderFilterApp]
40#use = egg:Paste#httpexceptions
41#next = cascade
42#
43## Composite for OpenID Provider to enable settings for picking up static
44## content
45#[composit:cascade]
46#use = egg:Paste#cascade
47#app1 = OpenIDProviderStaticContent
48#app2 = OpenIDProviderApp
49#catch = 404
50#
51#[app:OpenIDProviderStaticContent]
52#use = egg:Paste#static
53#document_root = %(here)s/openidprovider
54
55# Ordering of filters and app is critical
56[pipeline:main]
57pipeline = wsseSignatureVerificationFilter
58                   AttributeAuthorityFilter
59                   AttributeAuthorityWsdlSoapBindingFilter
60           wsseSignatureFilter
61           AttributeAuthoritySamlSoapBindingFilter
62                   SessionMiddlewareFilter
63                   SSLCientAuthKitFilter
64                   SSLClientAuthenticationFilter
65                   SSLCientAuthnRedirectResponseFilter
66                   OpenIDRelyingPartyFilter
67                   OpenIDProviderApp
68
69#______________________________________________________________________________
70# Beaker Session Middleware (used by OpenID Provider Filter)
71[filter:SessionMiddlewareFilter]
72paste.filter_app_factory=beaker.middleware:SessionMiddleware
73beaker.session.key = openid
74beaker.session.secret = qKEdQdCr33NE087dRUWX3qUv5r7AsuQU
75
76# If you'd like to fine-tune the individual locations of the cache data dirs
77# for the Cache data, or the Session saves, un-comment the desired settings
78# here:
79beaker.cache.data_dir = %(here)s/openidprovider/beaker/cache
80beaker.session.data_dir = %(here)s/openidprovider/beaker/sessions
81beaker.session.cookie_expires = True
82
83# Key name for keying into environ dictionary
84environ_key = %(beakerSessionKeyName)s
85
86[filter:SSLCientAuthKitFilter]
87paste.filter_app_factory = authkit.authenticate:middleware
88
89# AuthKit Set-up
90setup.method=cookie
91
92# This cookie name and secret MUST agree with the name used by the
93# Authentication Filter used to secure a given app
94cookie.name=ndg.security.auth
95
96cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
97cookie.signoutpath = /logout
98
99# Disable inclusion of client IP address from cookie signature due to
100# suspected problem with AuthKit setting it when a HTTP Proxy is in place
101cookie.includeip = False
102
103# SSL Client Certificate based authentication is invoked if the client passed
104# a certificate with request.  This bypasses OpenID based authn.
105[filter:SSLClientAuthenticationFilter]
106paste.filter_app_factory = ndg.security.server.wsgi.ssl:AuthKitSSLAuthnMiddleware
107prefix = ssl.
108ssl.caCertFilePathList = %(testConfigDir)s/ca/ndg-test-ca.crt
109#ssl.clientCertDNMatchList = /O=NDG/OU=BADC/CN=mytest /O=gabriel/OU=BADC/CN=test /O=NDG/OU=BADC/CN=test
110
111# 'HTTP_' prefix is set when passed through a proxy
112ssl.sslKeyName = HTTP_HTTPS
113ssl.sslClientCertKeyName = HTTP_SSL_CLIENT_CERT
114
115# Set the URI pattern match here to interrupt a redirect to the OpenID Relying
116# Party from the service running over HTTP and see if a client certificate has
117# been set
118ssl.rePathMatchList = ^/verify.*
119
120[filter:OpenIDRelyingPartyFilter]
121paste.filter_app_factory = 
122        ndg.security.server.wsgi.openid.relyingparty:OpenIDRelyingPartyMiddleware.filter_app_factory
123
124openid.relyingparty.baseURL = %(authkit.openid.baseurl)s
125#openid.relyingparty.idpWhitelistConfigFilePath = %(here)s/openidrelyingparty/ssl-idp-validator.xml
126openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.genshi.GenshiSigninTemplate
127openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public
128openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s
129openid.relyingparty.signinInterface.initialOpenID = %(openIDProviderIDSelectURI)s
130openid.relyingparty.signinInterface.heading = OpenID Sign-in
131#openid.relyingparty.signinInterface.leftLogo = %(openid.relyingparty.signinInterface.baseURL)s/layout/NERC_Logo.gif
132#openid.relyingparty.signinInterface.leftAlt = Natural Environment Research Council
133#openid.relyingparty.signinInterface.leftLink = http://ndg.nerc.ac.uk/
134#openid.relyingparty.signinInterface.leftImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/ndg_logo_circle.gif
135openid.relyingparty.signinInterface.footerText = This site is for test purposes only.   <a class="FooterLink" href="http://openid.net/what/" target="_blank"><small>What is OpenID?</small></a>
136openid.relyingparty.signinInterface.rightLink = http://ceda.ac.uk/
137openid.relyingparty.signinInterface.rightImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/CEDA_RightButton60.png
138openid.relyingparty.signinInterface.rightAlt = Centre for Environmental Data Archival
139openid.relyingparty.signinInterface.helpIcon = %(openid.relyingparty.signinInterface.baseURL)s/layout/icons/help.png
140
141cache_dir = %(here)s/data
142
143# AuthKit Set-up
144authkit.setup.method=openid, cookie
145
146# This cookie name and secret MUST agree with the name used by the
147# Authentication Filter used to secure a given app
148authkit.cookie.name=ndg.security.auth
149
150authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
151authkit.cookie.signoutpath = /logout
152
153# Disable inclusion of client IP address from cookie signature due to
154# suspected problem with AuthKit setting it when a HTTP Proxy is in place
155authkit.cookie.includeip = False
156
157authkit.openid.path.signedin=/
158authkit.openid.store.type=file
159authkit.openid.store.config=%(here)s/openidrelyingparty/store
160authkit.openid.session.key = authkit_openid
161authkit.openid.session.secret = random string
162
163# Key name for dereferencing beaker.session object held in environ
164authkit.openid.session.middleware = %(beakerSessionKeyName)s
165
166authkit.openid.baseurl = %(baseURI)s
167
168# Template for signin
169#authkit.openid.template.obj =
170
171# Handler for parsing OpenID and creating a session from it
172#authkit.openid.urltouser =
173
174# Attribute Exchange - all are optional unless the relevant ax.required.<name>
175# is set to True.  The alias defers to the parameter name given unless explicity
176# specified - see commented out entry for firstName below.  The number of
177# attributes for each attribute name defaults to 1 unless otherwise set
178#authkit.openid.ax.typeuri.firstName=http://openid.net/schema/namePerson/first
179#authkit.openid.ax.alias.firstName=firstName
180##authkit.openid.ax.count.firstName=1
181#authkit.openid.ax.required.firstName=True
182#authkit.openid.ax.typeuri.lastName=http://openid.net/schema/namePerson/last
183#authkit.openid.ax.alias.lastName=lastName
184#authkit.openid.ax.required.lastName=True
185#authkit.openid.ax.typeuri.emailAddress=http://openid.net/schema/contact/internet/email
186#authkit.openid.ax.alias.emailAddress=emailAddress
187#authkit.openid.ax.required.emailAddress=True
188
189# ESG Gateway requested parameters
190authkit.openid.ax.typeuri.uuid:http://openid.net/schema/person/guid
191authkit.openid.ax.alias.uuid=uuid
192authkit.openid.ax.typeuri.username:http://openid.net/schema/namePerson/friendly
193authkit.openid.ax.alias.username=username
194authkit.openid.ax.typeuri.firstname:http://openid.net/schema/namePerson/first
195authkit.openid.ax.alias.firstname=firstname
196authkit.openid.ax.required.firstname:True
197authkit.openid.ax.typeuri.middlename:http://openid.net/schema/namePerson/middle
198authkit.openid.ax.alias.middlename=middlename
199authkit.openid.ax.typeuri.lastname:http://openid.net/schema/namePerson/last
200authkit.openid.ax.required.lastname:True
201authkit.openid.ax.alias.lastname=lastname
202authkit.openid.ax.typeuri.email:http://openid.net/schema/contact/internet/email
203authkit.openid.ax.required.email:True
204authkit.openid.ax.alias.email=email
205authkit.openid.ax.typeuri.gateway:http://www.earthsystemgrid.org/gateway
206authkit.openid.ax.alias.gateway=gateway
207authkit.openid.ax.typeuri.organization:http://openid.net/schema/company/name
208authkit.openid.ax.alias.organization=organization
209authkit.openid.ax.typeuri.city:http://openid.net/schema/contact/city/home
210authkit.openid.ax.alias.city=city
211authkit.openid.ax.typeuri.state:http://openid.net/schema/contact/state/home
212authkit.openid.ax.alias.state=state
213authkit.openid.ax.typeuri.country:http://openid.net/schema/contact/country/home
214authkit.openid.ax.alias.country=country
215
216[filter:SSLCientAuthnRedirectResponseFilter]
217# Redirect to original requested URI following SSL Client Authentication.  This
218# filter must be placed AFTER the AuthKit cookie setting middleware.  In this
219# case its configured in the OpenIDRelyingPartyMiddleware filter.  If the
220# OpenID Relying Party filter is removed, a separate AuthKit middleware entry
221# would need to be made so that this redirect filter can still function
222paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthKitRedirectResponseMiddleware
223prefix = ssl.
224ssl.sessionKey = %(beakerSessionKeyName)s
225
226#______________________________________________________________________________
227# OpenID Provider WSGI Settings
228[app:OpenIDProviderApp]
229paste.app_factory=ndg.security.server.wsgi.openid.provider:OpenIDProviderMiddleware.app_factory
230
231openid.provider.path.openidserver=/OpenID/Provider/server
232openid.provider.path.login=/OpenID/Provider/login
233openid.provider.path.loginsubmit=/OpenID/Provider/loginsubmit
234
235# Yadis based discovery only - the 'id' path is configured may be set to page
236# with <link rel="openid.server" href="..."> and Yadis
237# <meta http-equiv="x-xrds-location" content="..."> links if required but in
238# this implementation it set to return 404 not found - see
239# ndg.security.server.wsgi.openid.provider.renderinginterface.genshi.GenshiRendering
240# class
241openid.provider.path.id=/OpenID/Provider/id/${userIdentifier}
242openid.provider.path.yadis=%(openIDProviderIDBase)s/${userIdentifier}
243
244# Yadis based discovery for idselect mode - this is where the user has entered
245# a URI at the Relying Party which identifies their Provider only and not their
246# full ID URI.  e.g. https://badc.nerc.ac.uk instead of
247# https://badc.nerc.ac.uk/John
248openid.provider.path.serveryadis=%(openIDProviderIDBase)s
249openid.provider.path.allow=/OpenID/Provider/allow
250openid.provider.path.decide=/OpenID/Provider/decide
251openid.provider.path.mainpage=/OpenID/Provider/home
252
253openid.provider.session_middleware=%(beakerSessionKeyName)s
254openid.provider.base_url=%(baseURI)s
255
256# Enable login to construct an identity URI if IDSelect mode was chosen and
257# no identity URI was passed from the Relying Party.  This value should
258# match openid.provider.path.id and/or openid.provider.path.yadis - see above
259identityUriTemplate=%(baseURI)s%(openIDProviderIDBase)s/${userIdentifier}
260
261openid.provider.trace=False
262openid.provider.consumer_store_dirpath=%(here)s/openidprovider
263openid.provider.renderingClass=ndg.security.server.wsgi.openid.provider.renderinginterface.genshi.GenshiRendering
264#openid.provider.renderingClass=ndg.security.server.wsgi.openid.provider.DemoRenderingInterface
265
266# Layout
267openid.provider.rendering.baseURL = %(openid.provider.base_url)s
268#openid.provider.rendering.leftLogo = %(openid.provider.rendering.baseURL)s/layout/NERC_Logo.gif
269#openid.provider.rendering.leftAlt = Natural Environment Research Council
270#openid.provider.rendering.leftLink = http://ndg.nerc.ac.uk/
271#openid.provider.rendering.leftImage = %(openid.provider.rendering.baseURL)s/layout/ndg_logo_circle.gif
272openid.provider.rendering.helpIcon = %(openid.provider.rendering.baseURL)s/layout/icons/help.png
273openid.provider.rendering.footerText = This site is for test purposes only.
274openid.provider.rendering.rightLink = http://ceda.ac.uk/
275openid.provider.rendering.rightImage = %(openid.provider.rendering.baseURL)s/layout/CEDA_RightButton60.png
276openid.provider.rendering.rightAlt = Centre for Environmental Data Archival
277
278# Basic Authentication interface to demonstrate capabilities
279#openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicAuthNInterface
280openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.sqlalchemy_authn.SQLAlchemyAuthnInterface
281openid.provider.authN.connectionString=%(dbConnectionString)s
282openid.provider.authN.logonSqlQuery=select count(*) from users where username = '${username}' and md5password = '${password}'
283openid.provider.authN.username2UserIdentifierSqlQuery=select openid_identifier from users where username = '${username}'
284openid.provider.authN.isMD5EncodedPwd=True
285
286# user login details format is:
287# <username>:<password>:<OpenID name>, ... <OpenID name N> <username>:... etc
288# Each user entry is delimited by a space. username, password and OpenID name
289# list are delimited by a colon.  The list of OpenID names are delimited by
290# commas.  The OpenID name represents the unique part of the OpenID URL for the
291# individual user.  Each username may have more than one OpenID alias but only
292# alias at a time may be registered with a given Attribute Authority
293openid.provider.authN.userCreds=pjk:testpassword:PhilipKershaw,P.J.Kershaw another:testpassword:A.N.Other
294
295# Basic authentication for testing/admin - comma delimited list of
296# <username>:<password> pairs
297#openid.provider.usercreds=pjk:test
298
299# Attribute Exchange interface
300#openid.provider.axResponse.class=ndg.security.server.wsgi.openid.provider.axinterface.csv.CSVFileAXInterface
301#openid.provider.axResponse.csvFilePath=%(here)s/openidprovider/attributeexchange.csv
302openid.provider.axResponse.class=ndg.security.server.wsgi.openid.provider.axinterface.sqlalchemy_ax.SQLAlchemyAXInterface
303openid.provider.axResponse.connectionString=%(dbConnectionString)s
304openid.provider.axResponse.sqlQuery = select firstname, lastname, emailaddress from users where username = '${username}'
305openid.provider.axResponse.attributeNames=http://openid.net/schema/namePerson/first
306    http://openid.net/schema/namePerson/last
307    http://openid.net/schema/contact/internet/email
308   
309openid.provider.trustedRelyingParties=https://localhost:7443, https://ndg.somewhere.ac.uk,
310        https://badc.somewhere.ac.uk
311
312#______________________________________________________________________________
313# Attribute Authority WSGI settings
314#
315[filter:AttributeAuthorityFilter]
316# This filter publishes an Attribute Authority instance as a key in environ
317# to enable other middleware to access it
318paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthorityMiddleware.filter_app_factory
319prefix = attributeAuthority.
320
321# Key name by which the WSDL SOAP based interface may reference this
322# service
323attributeAuthority.environKeyName = %(attributeAuthorityEnvironKeyName)s
324
325# Key name for the SAML SOAP binding based interface to reference this
326# service's attribute query method
327attributeAuthority.environKeyNameAttributeQueryInterface: %(attributeQueryInterfaceEnvironKeyName)s
328
329# Attribute Authority settings
330# 'name' setting MUST agree with map config file 'thisHost' name attribute
331attributeAuthority.name: Site A
332
333# Lifetime is measured in seconds
334attributeAuthority.attCertLifetime: 28800 
335
336# Allow an offset for clock skew between servers running
337# security services. NB, measured in seconds - use a minus sign for time in the
338# past
339attributeAuthority.attCertNotBeforeOff: 0
340
341# All Attribute Certificates issued are recorded in this dir
342attributeAuthority.attCertDir: %(testConfigDir)s/attributeauthority/sitea/attributeCertificateLog
343
344# Files in attCertDir are stored using a rotating file handler
345# attCertFileLogCnt sets the max number of files created before the first is
346# overwritten
347attributeAuthority.attCertFileName: ac.xml
348attributeAuthority.attCertFileLogCnt: 16
349attributeAuthority.dnSeparator:/
350
351# Location of role mapping file
352attributeAuthority.mapConfigFilePath: %(testConfigDir)s/attributeauthority/sitea/siteAMapConfig.xml
353
354# Settings for custom AttributeInterface derived class to get user roles for given
355# user ID
356#attributeAuthority.attributeInterface.modFilePath: %(testConfigDir)s/attributeauthority/sitea
357#attributeAuthority.attributeInterface.modName: siteAUserRoles
358#attributeAuthority.attributeInterface.className: TestUserRoles
359
360# SQLAlchemy Attribute Interface
361attributeAuthority.attributeInterface.connectionString: %(dbConnectionString)s
362attributeAuthority.attributeInterface.modName: ndg.security.server.attributeauthority
363attributeAuthority.attributeInterface.className: SQLAlchemyAttributeInterface
364attributeAuthority.attributeInterface.issuerName = /O=Site A/CN=Attribute Authority
365attributeAuthority.attributeInterface.samlSubjectSqlQuery = select count(*) from users where openid = '${userId}'
366attributeAuthority.attributeInterface.samlAttribute2SqlQuery.1 = "urn:esg:first:name" "select firstname from users where openid = '${userId}'"
367attributeAuthority.attributeInterface.samlAttribute2SqlQuery.lastName = "urn:esg:last:name" "select lastname from users where openid = '${userId}'"
368attributeAuthority.attributeInterface.samlAttribute2SqlQuery.emailAddress = "urn:esg:email:address" "select emailaddress from users where openid = '${userId}'"
369attributeAuthority.attributeInterface.samlAttribute2SqlQuery.4 = "urn:siteA:security:authz:1.0:attr" "select attributename from attributes where openid = '${userId}'"
370attributeAuthority.attributeInterface.samlValidRequestorDNs = /O=Site A/CN=Authorisation Service,/O=Site A/CN=Attribute Authority,
371                                                           /O=Site B/CN=Authorisation Service,
372                                                           /CN=test/O=NDG/OU=BADC
373
374# Config for XML signature of Attribute Certificate
375attributeAuthority.signingPriKeyFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.key
376attributeAuthority.signingCertFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.crt
377attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt
378
379
380# SOAP WSDL Based Binding to the Attribute Authority
381[filter:AttributeAuthorityWsdlSoapBindingFilter]
382paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthoritySOAPBindingMiddleware.filter_app_factory
383prefix = service.soap.binding.
384attributeAuthoritySOAPBindingPrefix = attributeauthority.service.soap.binding.
385
386service.soap.binding.referencedFilters = filter:wsseSignatureVerificationFilter
387service.soap.binding.path = /AttributeAuthority
388service.soap.binding.enableWSDLQuery = True
389service.soap.binding.charset = utf-8
390service.soap.binding.serviceSOAPBindingEnvironKeyName = ndg.security.server.wsgi.attributeauthority.AttributeAuthoritySOAPBindingMiddleware
391
392attributeauthority.service.soap.binding.attributeAuthorityEnvironKeyName = %(attributeAuthorityEnvironKeyName)s
393attributeauthority.service.soap.binding.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter
394
395
396# SAML SOAP Binding to the Attribute Authority
397[filter:AttributeAuthoritySamlSoapBindingFilter]
398paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPAttributeInterfaceMiddleware.filter_app_factory
399prefix = saml.soapbinding.
400
401saml.soapbinding.pathMatchList = /AttributeAuthority/saml
402saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s
403
404
405#______________________________________________________________________________
406# WS-Security Signature Verification
407[filter:wsseSignatureVerificationFilter]
408paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter.filter_app_factory
409filterID = %(__name__)s
410
411# Settings for WS-Security SignatureHandler class used by this filter
412wsseCfgFilePrefix = wssecurity
413
414# Verify against known CAs - Provide a space separated list of file paths
415wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
416
417
418#______________________________________________________________________________
419# Apply WS-Security Signature
420[filter:wsseSignatureFilter]
421paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter.filter_app_factory
422
423# Reference the verification filter in order to be able to apply signature
424# confirmation
425referencedFilters = filter:wsseSignatureVerificationFilter
426wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter
427
428# Last filter in chain of SOAP handlers writes the response
429writeResponse = True
430
431# Settings for WS-Security SignatureHandler class used by this filter
432wsseCfgFilePrefix = wssecurity
433
434# Certificate associated with private key used to sign a message.  The sign
435# method will add this to the BinarySecurityToken element of the WSSE header. 
436wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
437
438# PEM encoded private key file
439wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
440
441# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
442# signed message.  See __setReqBinSecTokValType method and binSecTokValType
443# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
444# give full namespace to alternative - see
445# ZSI.wstools.Namespaces.OASIS.X509TOKEN
446#
447# binSecTokValType determines whether signingCert or signingCertChain
448# attributes will be used.
449wssecurity.reqBinSecTokValType=X509v3
450
451# Add a timestamp element to an outbound message
452wssecurity.addTimestamp=True
453
454# For WSSE 1.1 - service returns signature confirmation containing signature
455# value sent by client
456wssecurity.applySignatureConfirmation=True
457
458# Logging configuration
459[loggers]
460keys = root, ndg
461
462[handlers]
463keys = console
464
465[formatters]
466keys = generic
467
468[logger_root]
469level = INFO
470handlers = console
471
472[logger_ndg]
473level = DEBUG
474handlers =
475qualname = ndg
476
477[handler_console]
478class = StreamHandler
479args = (sys.stderr,)
480level = NOTSET
481formatter = generic
482
483[formatter_generic]
484format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s:%(lineno)s] %(message)s
485datefmt = %Y-%m-%d %H:%M:%S
486
Note: See TracBrowser for help on using the repository browser.