source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini @ 6575

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini@6575
Revision 6575, 22.5 KB checked in by pjkersha, 11 years ago (diff)

Changes for addition of AuthzDecisionQuery? WSGI interface (Authorisation service)

Line 
1#
2# NERC DataGrid Security
3#
4# Paste configuration for combined Attribute Authority, OpenID Relying Party
5# and Provider services
6#
7# The %(here)s variable will be replaced with the parent directory of this file
8#
9# Author: P J Kershaw
10# date: 01/07/09
11# Copyright: (C) 2009 Science and Technology Facilities Council
12# license: BSD - see LICENSE file in top-level directory
13# Contact: Philip.Kershaw@stfc.ac.uk
14# Revision: $Id:$
15
16[DEFAULT]
17portNum = 7443
18hostname = localhost
19scheme = https
20baseURI = %(scheme)s://%(hostname)s:%(portNum)s
21openIDProviderIDBase = /openid
22openIDProviderIDSelectURI = %(baseURI)s%(openIDProviderIDBase)s
23testConfigDir = %(here)s/../../config
24beakerSessionKeyName = beaker.session.ndg.security.services
25
26# Global Attribute Authority Settings
27attributeAuthorityEnvironKeyName = ndg.security.server.attributeauthority.AttributeAuthority
28attributeQueryInterfaceEnvironKeyName = ndg.security.server.attributeauthority.attributeQueryInterface
29
30dbConnectionString = sqlite:///%(testConfigDir)s/user.db
31
32[server:main]
33use = egg:Paste#http
34host = 0.0.0.0
35port = %(portNum)s
36
37# Uncomment and replace OpenIDProviderApp with OpenIDProviderFilterApp in the
38# pipeline below if the RelyingParty filter is removed.  The RelyingParty
39# provides static content to both it and the Provider in this configuration.
40# See the staticContentDir setting in the OpenIDRelyingPartyFilter section
41#[filter-app:OpenIDProviderFilterApp]
42#use = egg:Paste#httpexceptions
43#next = cascade
44#
45## Composite for OpenID Provider to enable settings for picking up static
46## content
47#[composit:cascade]
48#use = egg:Paste#cascade
49#app1 = OpenIDProviderStaticContent
50#catch = 404
51#
52#[app:OpenIDProviderStaticContent]
53#use = egg:Paste#static
54#document_root = %(here)s/openidprovider
55
56# Ordering of filters and app is critical
57[pipeline:main]
58pipeline = wsseSignatureVerificationFilter
59                   AttributeAuthorityFilter
60                   AttributeAuthorityWsdlSoapBindingFilter
61           wsseSignatureFilter
62           AttributeAuthoritySamlSoapBindingFilter
63                   SessionMiddlewareFilter
64                   SSLCientAuthKitFilter
65                   SSLClientAuthenticationFilter
66                   SSLCientAuthnRedirectResponseFilter
67                   OpenIDRelyingPartyFilter
68                   OpenIDProviderApp
69
70#______________________________________________________________________________
71# Beaker Session Middleware (used by OpenID Provider Filter)
72[filter:SessionMiddlewareFilter]
73paste.filter_app_factory=beaker.middleware:SessionMiddleware
74beaker.session.key = openid
75beaker.session.secret = qKEdQdCr33NE087dRUWX3qUv5r7AsuQU
76
77# If you'd like to fine-tune the individual locations of the cache data dirs
78# for the Cache data, or the Session saves, un-comment the desired settings
79# here:
80beaker.cache.data_dir = %(here)s/openidprovider/beaker/cache
81beaker.session.data_dir = %(here)s/openidprovider/beaker/sessions
82beaker.session.cookie_expires = True
83
84# Key name for keying into environ dictionary
85environ_key = %(beakerSessionKeyName)s
86
87[filter:SSLCientAuthKitFilter]
88paste.filter_app_factory = authkit.authenticate:middleware
89
90# AuthKit Set-up
91setup.method=cookie
92
93# This cookie name and secret MUST agree with the name used by the
94# Authentication Filter used to secure a given app
95cookie.name=ndg.security.auth
96
97cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
98cookie.signoutpath = /logout
99
100# Disable inclusion of client IP address from cookie signature due to
101# suspected problem with AuthKit setting it when a HTTP Proxy is in place
102cookie.includeip = False
103
104# SSL Client Certificate based authentication is invoked if the client passed
105# a certificate with request.  This bypasses OpenID based authn.
106[filter:SSLClientAuthenticationFilter]
107paste.filter_app_factory = ndg.security.server.wsgi.ssl:AuthKitSSLAuthnMiddleware
108prefix = ssl.
109ssl.caCertFilePathList = %(testConfigDir)s/ca/ndg-test-ca.crt
110#ssl.clientCertDNMatchList = /O=NDG/OU=BADC/CN=mytest /O=gabriel/OU=BADC/CN=test /O=NDG/OU=BADC/CN=test
111
112# 'HTTP_' prefix is set when passed through a proxy
113ssl.sslKeyName = HTTP_HTTPS
114ssl.sslClientCertKeyName = HTTP_SSL_CLIENT_CERT
115
116# Set the URI pattern match here to interrupt a redirect to the OpenID Relying
117# Party from the service running over HTTP and see if a client certificate has
118# been set
119ssl.rePathMatchList = ^/verify.*
120
121[filter:OpenIDRelyingPartyFilter]
122paste.filter_app_factory = 
123        ndg.security.server.wsgi.openid.relyingparty:OpenIDRelyingPartyMiddleware.filter_app_factory
124
125openid.relyingparty.baseURL = %(authkit.openid.baseurl)s
126
127# Uncomment to restrict sign in to a whitelist of trusted OpenID Providers.
128#openid.relyingparty.idpWhitelistConfigFilePath = %(here)s/openidrelyingparty/ssl-idp-validator.xml
129
130openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.genshi.GenshiSigninTemplate
131
132# Nb. in this configuration, this directory is provider static content for both
133# this filter and the OpenID Provider app downstream in the WSGI stack.
134openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/public
135
136openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s
137openid.relyingparty.signinInterface.initialOpenID = %(openIDProviderIDSelectURI)s
138openid.relyingparty.signinInterface.heading = OpenID Sign-in
139#openid.relyingparty.signinInterface.leftLogo = %(openid.relyingparty.signinInterface.baseURL)s/layout/NERC_Logo.gif
140#openid.relyingparty.signinInterface.leftAlt = Natural Environment Research Council
141#openid.relyingparty.signinInterface.leftLink = http://ndg.nerc.ac.uk/
142#openid.relyingparty.signinInterface.leftImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/ndg_logo_circle.gif
143
144# This setting will accept HTML mark-up
145openid.relyingparty.signinInterface.footerText = This site is for test purposes only.   <a class="FooterLink" href="http://openid.net/what/" target="_blank"><small>What is OpenID?</small></a>
146openid.relyingparty.signinInterface.rightLink = http://ceda.ac.uk/
147openid.relyingparty.signinInterface.rightImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/CEDA_RightButton60.png
148openid.relyingparty.signinInterface.rightAlt = Centre for Environmental Data Archival
149openid.relyingparty.signinInterface.helpIcon = %(openid.relyingparty.signinInterface.baseURL)s/layout/icons/help.png
150
151cache_dir = %(here)s/data
152
153# AuthKit Set-up
154authkit.setup.method=openid, cookie
155
156# This cookie name and secret MUST agree with the name used by the
157# Authentication Filter used to secure a given app
158authkit.cookie.name=ndg.security.auth
159
160authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
161authkit.cookie.signoutpath = /logout
162
163# Disable inclusion of client IP address from cookie signature due to
164# suspected problem with AuthKit setting it when a HTTP Proxy is in place
165authkit.cookie.includeip = False
166
167authkit.openid.path.signedin=/
168authkit.openid.store.type=file
169authkit.openid.store.config=%(here)s/openidrelyingparty/store
170authkit.openid.session.key = authkit_openid
171authkit.openid.session.secret = random string
172
173# Key name for dereferencing beaker.session object held in environ
174authkit.openid.session.middleware = %(beakerSessionKeyName)s
175
176authkit.openid.baseurl = %(baseURI)s
177
178# Template for signin
179#authkit.openid.template.obj =
180
181# Handler for parsing OpenID and creating a session from it
182#authkit.openid.urltouser =
183
184# Attribute Exchange - all are optional unless the relevant ax.required.<name>
185# is set to True.  The alias defers to the parameter name given unless explicity
186# specified - see commented out entry for firstName below.  The number of
187# attributes for each attribute name defaults to 1 unless otherwise set
188#authkit.openid.ax.typeuri.firstName=http://openid.net/schema/namePerson/first
189#authkit.openid.ax.alias.firstName=firstName
190##authkit.openid.ax.count.firstName=1
191#authkit.openid.ax.required.firstName=True
192#authkit.openid.ax.typeuri.lastName=http://openid.net/schema/namePerson/last
193#authkit.openid.ax.alias.lastName=lastName
194#authkit.openid.ax.required.lastName=True
195#authkit.openid.ax.typeuri.emailAddress=http://openid.net/schema/contact/internet/email
196#authkit.openid.ax.alias.emailAddress=emailAddress
197#authkit.openid.ax.required.emailAddress=True
198
199# ESG Gateway requested parameters
200authkit.openid.ax.typeuri.uuid:http://openid.net/schema/person/guid
201authkit.openid.ax.alias.uuid=uuid
202authkit.openid.ax.typeuri.username:http://openid.net/schema/namePerson/friendly
203authkit.openid.ax.alias.username=username
204authkit.openid.ax.typeuri.firstname:http://openid.net/schema/namePerson/first
205authkit.openid.ax.alias.firstname=firstname
206authkit.openid.ax.required.firstname:True
207authkit.openid.ax.typeuri.middlename:http://openid.net/schema/namePerson/middle
208authkit.openid.ax.alias.middlename=middlename
209authkit.openid.ax.typeuri.lastname:http://openid.net/schema/namePerson/last
210authkit.openid.ax.required.lastname:True
211authkit.openid.ax.alias.lastname=lastname
212authkit.openid.ax.typeuri.email:http://openid.net/schema/contact/internet/email
213authkit.openid.ax.required.email:True
214authkit.openid.ax.alias.email=email
215authkit.openid.ax.typeuri.gateway:http://www.earthsystemgrid.org/gateway
216authkit.openid.ax.alias.gateway=gateway
217authkit.openid.ax.typeuri.organization:http://openid.net/schema/company/name
218authkit.openid.ax.alias.organization=organization
219authkit.openid.ax.typeuri.city:http://openid.net/schema/contact/city/home
220authkit.openid.ax.alias.city=city
221authkit.openid.ax.typeuri.state:http://openid.net/schema/contact/state/home
222authkit.openid.ax.alias.state=state
223authkit.openid.ax.typeuri.country:http://openid.net/schema/contact/country/home
224authkit.openid.ax.alias.country=country
225
226[filter:SSLCientAuthnRedirectResponseFilter]
227# Redirect to original requested URI following SSL Client Authentication.  This
228# filter must be placed AFTER the AuthKit cookie setting middleware.  In this
229# case its configured in the OpenIDRelyingPartyMiddleware filter.  If the
230# OpenID Relying Party filter is removed, a separate AuthKit middleware entry
231# would need to be made so that this redirect filter can still function
232paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthKitRedirectResponseMiddleware
233prefix = ssl.
234ssl.sessionKey = %(beakerSessionKeyName)s
235
236#______________________________________________________________________________
237# OpenID Provider WSGI Settings
238[app:OpenIDProviderApp]
239paste.app_factory=ndg.security.server.wsgi.openid.provider:OpenIDProviderMiddleware.app_factory
240
241openid.provider.path.openidserver=/OpenID/Provider/server
242openid.provider.path.login=/OpenID/Provider/login
243openid.provider.path.loginsubmit=/OpenID/Provider/loginsubmit
244
245# Yadis based discovery only - the 'id' path is configured may be set to page
246# with <link rel="openid.server" href="..."> and Yadis
247# <meta http-equiv="x-xrds-location" content="..."> links if required but in
248# this implementation it set to return 404 not found - see
249# ndg.security.server.wsgi.openid.provider.renderinginterface.genshi.GenshiRendering
250# class
251openid.provider.path.id=/OpenID/Provider/id/${userIdentifier}
252openid.provider.path.yadis=%(openIDProviderIDBase)s/${userIdentifier}
253
254# Yadis based discovery for idselect mode - this is where the user has entered
255# a URI at the Relying Party which identifies their Provider only and not their
256# full ID URI.  e.g. https://badc.nerc.ac.uk instead of
257# https://badc.nerc.ac.uk/John
258openid.provider.path.serveryadis=%(openIDProviderIDBase)s
259openid.provider.path.allow=/OpenID/Provider/allow
260openid.provider.path.decide=/OpenID/Provider/decide
261openid.provider.path.mainpage=/OpenID/Provider/home
262
263openid.provider.session_middleware=%(beakerSessionKeyName)s
264openid.provider.base_url=%(baseURI)s
265
266# Enable login to construct an identity URI if IDSelect mode was chosen and
267# no identity URI was passed from the Relying Party.  This value should
268# match openid.provider.path.id and/or openid.provider.path.yadis - see above
269identityUriTemplate=%(baseURI)s%(openIDProviderIDBase)s/${userIdentifier}
270
271openid.provider.trace=False
272openid.provider.consumer_store_dirpath=%(here)s/openidprovider
273openid.provider.renderingClass=ndg.security.server.wsgi.openid.provider.renderinginterface.genshi.GenshiRendering
274#openid.provider.renderingClass=ndg.security.server.wsgi.openid.provider.DemoRenderingInterface
275
276# Layout
277openid.provider.rendering.baseURL = %(openid.provider.base_url)s
278#openid.provider.rendering.leftLogo = %(openid.provider.rendering.baseURL)s/layout/NERC_Logo.gif
279#openid.provider.rendering.leftAlt = Natural Environment Research Council
280#openid.provider.rendering.leftLink = http://ndg.nerc.ac.uk/
281#openid.provider.rendering.leftImage = %(openid.provider.rendering.baseURL)s/layout/ndg_logo_circle.gif
282openid.provider.rendering.helpIcon = %(openid.provider.rendering.baseURL)s/layout/icons/help.png
283openid.provider.rendering.footerText = This site is for test purposes only.
284openid.provider.rendering.rightLink = http://ceda.ac.uk/
285openid.provider.rendering.rightImage = %(openid.provider.rendering.baseURL)s/layout/CEDA_RightButton60.png
286openid.provider.rendering.rightAlt = Centre for Environmental Data Archival
287
288# Basic Authentication interface to demonstrate capabilities
289#openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicAuthNInterface
290openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.sqlalchemy_authn.SQLAlchemyAuthnInterface
291openid.provider.authN.connectionString=%(dbConnectionString)s
292openid.provider.authN.logonSqlQuery=select count(*) from users where username = '${username}' and md5password = '${password}'
293openid.provider.authN.username2UserIdentifierSqlQuery=select openid_identifier from users where username = '${username}'
294openid.provider.authN.isMD5EncodedPwd=True
295
296# user login details format is:
297# <username>:<password>:<OpenID name>, ... <OpenID name N> <username>:... etc
298# Each user entry is delimited by a space. username, password and OpenID name
299# list are delimited by a colon.  The list of OpenID names are delimited by
300# commas.  The OpenID name represents the unique part of the OpenID URL for the
301# individual user.  Each username may have more than one OpenID alias but only
302# alias at a time may be registered with a given Attribute Authority
303openid.provider.authN.userCreds=pjk:testpassword:PhilipKershaw,P.J.Kershaw another:testpassword:A.N.Other
304
305# Basic authentication for testing/admin - comma delimited list of
306# <username>:<password> pairs
307#openid.provider.usercreds=pjk:test
308
309# Attribute Exchange interface
310#openid.provider.axResponse.class=ndg.security.server.wsgi.openid.provider.axinterface.csv.CSVFileAXInterface
311#openid.provider.axResponse.csvFilePath=%(here)s/openidprovider/attributeexchange.csv
312openid.provider.axResponse.class=ndg.security.server.wsgi.openid.provider.axinterface.sqlalchemy_ax.SQLAlchemyAXInterface
313openid.provider.axResponse.connectionString=%(dbConnectionString)s
314openid.provider.axResponse.sqlQuery = select firstname, lastname, emailaddress from users where username = '${username}'
315openid.provider.axResponse.attributeNames=http://openid.net/schema/namePerson/first
316    http://openid.net/schema/namePerson/last
317    http://openid.net/schema/contact/internet/email
318   
319openid.provider.trustedRelyingParties=https://localhost:7443, https://ndg.somewhere.ac.uk,
320        https://badc.somewhere.ac.uk
321
322#______________________________________________________________________________
323# Attribute Authority WSGI settings
324#
325[filter:AttributeAuthorityFilter]
326# This filter publishes an Attribute Authority instance as a key in environ
327# to enable other middleware to access it
328paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthorityMiddleware.filter_app_factory
329prefix = attributeAuthority.
330
331# Key name by which the WSDL SOAP based interface may reference this
332# service
333attributeAuthority.environKeyName = %(attributeAuthorityEnvironKeyName)s
334
335# Key name for the SAML SOAP binding based interface to reference this
336# service's attribute query method
337attributeAuthority.environKeyNameAttributeQueryInterface: %(attributeQueryInterfaceEnvironKeyName)s
338
339# Attribute Authority settings
340# 'name' setting MUST agree with map config file 'thisHost' name attribute
341attributeAuthority.name: Site A
342
343# Lifetime is measured in seconds
344attributeAuthority.attCertLifetime: 28800 
345
346# Allow an offset for clock skew between servers running
347# security services. NB, measured in seconds - use a minus sign for time in the
348# past
349attributeAuthority.attCertNotBeforeOff: 0
350
351# All Attribute Certificates issued are recorded in this dir
352attributeAuthority.attCertDir: %(testConfigDir)s/attributeauthority/sitea/attributeCertificateLog
353
354# Files in attCertDir are stored using a rotating file handler
355# attCertFileLogCnt sets the max number of files created before the first is
356# overwritten
357attributeAuthority.attCertFileName: ac.xml
358attributeAuthority.attCertFileLogCnt: 16
359attributeAuthority.dnSeparator:/
360
361# Location of role mapping file
362attributeAuthority.mapConfigFilePath: %(testConfigDir)s/attributeauthority/sitea/siteAMapConfig.xml
363
364# Settings for custom AttributeInterface derived class to get user roles for given
365# user ID
366#attributeAuthority.attributeInterface.modFilePath: %(testConfigDir)s/attributeauthority/sitea
367#attributeAuthority.attributeInterface.modName: siteAUserRoles
368#attributeAuthority.attributeInterface.className: TestUserRoles
369
370# SQLAlchemy Attribute Interface
371attributeAuthority.attributeInterface.connectionString: %(dbConnectionString)s
372attributeAuthority.attributeInterface.modName: ndg.security.server.attributeauthority
373attributeAuthority.attributeInterface.className: SQLAlchemyAttributeInterface
374attributeAuthority.attributeInterface.issuerName = /O=Site A/CN=Attribute Authority
375attributeAuthority.attributeInterface.samlSubjectSqlQuery = select count(*) from users where openid = '${userId}'
376attributeAuthority.attributeInterface.samlAttribute2SqlQuery.1 = "urn:esg:first:name" "select firstname from users where openid = '${userId}'"
377attributeAuthority.attributeInterface.samlAttribute2SqlQuery.lastName = "urn:esg:last:name" "select lastname from users where openid = '${userId}'"
378attributeAuthority.attributeInterface.samlAttribute2SqlQuery.emailAddress = "urn:esg:email:address" "select emailaddress from users where openid = '${userId}'"
379attributeAuthority.attributeInterface.samlAttribute2SqlQuery.4 = "urn:siteA:security:authz:1.0:attr" "select attributename from attributes where openid = '${userId}'"
380attributeAuthority.attributeInterface.samlValidRequestorDNs = /O=Site A/CN=Authorisation Service,/O=Site A/CN=Attribute Authority,
381                                                           /O=Site B/CN=Authorisation Service,
382                                                           /CN=test/O=NDG/OU=BADC
383
384# Config for XML signature of Attribute Certificate
385attributeAuthority.signingPriKeyFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.key
386attributeAuthority.signingCertFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.crt
387attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt
388
389
390# SOAP WSDL Based Binding to the Attribute Authority
391[filter:AttributeAuthorityWsdlSoapBindingFilter]
392paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthoritySOAPBindingMiddleware.filter_app_factory
393prefix = service.soap.binding.
394attributeAuthoritySOAPBindingPrefix = attributeauthority.service.soap.binding.
395
396service.soap.binding.referencedFilters = filter:wsseSignatureVerificationFilter
397service.soap.binding.path = /AttributeAuthority
398service.soap.binding.enableWSDLQuery = True
399service.soap.binding.charset = utf-8
400service.soap.binding.serviceSOAPBindingEnvironKeyName = ndg.security.server.wsgi.attributeauthority.AttributeAuthoritySOAPBindingMiddleware
401
402attributeauthority.service.soap.binding.attributeAuthorityEnvironKeyName = %(attributeAuthorityEnvironKeyName)s
403attributeauthority.service.soap.binding.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter
404
405
406# SAML SOAP Binding to the Attribute Authority
407[filter:AttributeAuthoritySamlSoapBindingFilter]
408paste.filter_app_factory = ndg.security.server.wsgi.saml.attributeinterface:SOAPAttributeInterfaceMiddleware.filter_app_factory
409prefix = saml.soapbinding.
410
411saml.soapbinding.pathMatchList = /AttributeAuthority/saml
412saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s
413
414
415#______________________________________________________________________________
416# WS-Security Signature Verification
417[filter:wsseSignatureVerificationFilter]
418paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter.filter_app_factory
419filterID = %(__name__)s
420
421# Settings for WS-Security SignatureHandler class used by this filter
422wsseCfgFilePrefix = wssecurity
423
424# Verify against known CAs - Provide a space separated list of file paths
425wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
426
427
428#______________________________________________________________________________
429# Apply WS-Security Signature
430[filter:wsseSignatureFilter]
431paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter.filter_app_factory
432
433# Reference the verification filter in order to be able to apply signature
434# confirmation
435referencedFilters = filter:wsseSignatureVerificationFilter
436wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter
437
438# Last filter in chain of SOAP handlers writes the response
439writeResponse = True
440
441# Settings for WS-Security SignatureHandler class used by this filter
442wsseCfgFilePrefix = wssecurity
443
444# Certificate associated with private key used to sign a message.  The sign
445# method will add this to the BinarySecurityToken element of the WSSE header. 
446wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
447
448# PEM encoded private key file
449wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
450
451# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
452# signed message.  See __setReqBinSecTokValType method and binSecTokValType
453# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
454# give full namespace to alternative - see
455# ZSI.wstools.Namespaces.OASIS.X509TOKEN
456#
457# binSecTokValType determines whether signingCert or signingCertChain
458# attributes will be used.
459wssecurity.reqBinSecTokValType=X509v3
460
461# Add a timestamp element to an outbound message
462wssecurity.addTimestamp=True
463
464# For WSSE 1.1 - service returns signature confirmation containing signature
465# value sent by client
466wssecurity.applySignatureConfirmation=True
467
468# Logging configuration
469[loggers]
470keys = root, ndg
471
472[handlers]
473keys = console
474
475[formatters]
476keys = generic
477
478[logger_root]
479level = INFO
480handlers = console
481
482[logger_ndg]
483level = DEBUG
484handlers =
485qualname = ndg
486
487[handler_console]
488class = StreamHandler
489args = (sys.stderr,)
490level = NOTSET
491formatter = generic
492
493[formatter_generic]
494format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s:%(lineno)s] %(message)s
495datefmt = %Y-%m-%d %H:%M:%S
496
Note: See TracBrowser for help on using the repository browser.