source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/attAuthorityClientTest.cfg @ 6570

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/attAuthorityClientTest.cfg@6570
Revision 6570, 5.0 KB checked in by pjkersha, 10 years ago (diff)
  • Refactored classfactory module as a more generic factory for importing any module object
  • Started unit tests with refactored SAML SOAP bindings.
Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2009 Science and Technology Facilities Council
6#
7# BSD - See LICENCE file for details
8
9[setUp]
10# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
11# setting for test6GetMappedAttCert
12uri = http://localhost:5000/AttributeAuthority
13
14# With TCP Mon:
15#uri = http://localhost:4999/AttributeAuthority
16
17# Over SSL with mod_wsgi
18#uri = https://localhost/ndg/AttributeAuthority
19
20# For https connections only.  !Omit ssl* settings if using http!
21# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the
22# same as peer hostname.
23sslPeerCertCN = 
24sslCACertFilePathList = $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
25
26[test02GetTrustedHostInfo]
27role = urn:siteA:security:authz:1.0:attr:postgrad
28
29[test03GetTrustedHostInfoWithNoMatchingRoleFound]
30# Set an alternative role to test no matching role found exception
31role = blah
32 
33[test06GetAttCert]
34# Setup for use by test08GetMappedAttCert test
35attCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml
36
37[test07GetAttCertWithUserIdSet]
38userId = system
39attCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt-test6.xml
40
41[test08GetMappedAttCert]
42uri = http://localhost:5100/AttributeAuthority
43userAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml
44mappedAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/mapped-ac.xml
45
46[test09GetMappedAttCertStressTest]
47uri = http://localhost:5100/AttributeAuthority
48userAttCertFilePathList = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml
49
50# SAML Interface use a separate test case class in the test module and is
51# included here
52[test01SAMLAttributeQuery]
53uri = http://localhost:5000/AttributeAuthority/saml
54subject = https://openid.localhost/philip.kershaw
55siteAttributeName = urn:siteA:security:authz:1.0:attr
56
57[test02SAMLAttributeQueryInvalidIssuer]
58uri = http://localhost:5000/AttributeAuthority/saml
59subject = https://openid.localhost/philip.kershaw
60siteAttributeName = urn:siteA:security:authz:1.0:attr
61
62[test03SAMLAttributeQueryUnknownSubject]
63uri = http://localhost:5000/AttributeAuthority/saml
64subject = https://openid.localhost/unknown
65siteAttributeName = urn:siteA:security:authz:1.0:attr
66
67[test04SAMLAttributeQueryInvalidAttrName]
68uri = http://localhost:5000/AttributeAuthority/saml
69subject = https://openid.localhost/philip.kershaw
70siteAttributeName = invalid-attr
71
72[test05AttributeQuerySOAPBindingInterface]
73uri = http://localhost:5000/AttributeAuthority/saml
74subject = https://openid.localhost/philip.kershaw
75
76[test06AttributeQueryFromConfig]
77uri = http://localhost:5000/AttributeAuthority/saml
78subject = https://openid.localhost/philip.kershaw
79
80attributeQuery.subjectIdFormat = urn:esg:openid
81attributeQuery.clockSkewTolerance = 0.
82attributeQuery.issuerName = /O=Site A/CN=Authorisation Service
83attributeQuery.queryAttributes.0 = urn:esg:first:name, FirstName, http://www.w3.org/2001/XMLSchema#string
84attributeQuery.queryAttributes.roles = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string
85
86[test07AttributeQuerySslSOAPBindingInterface]
87uri = http://localhost:5000/AttributeAuthority/saml
88subject = https://openid.localhost/philip.kershaw
89
90attributeQuery.subjectIdFormat = urn:esg:openid
91attributeQuery.clockSkewTolerance = 0.
92attributeQuery.issuerName = /O=Site A/CN=Authorisation Service
93attributeQuery.queryAttributes.0 = urn:esg:email:address, EmailAddress, http://www.w3.org/2001/XMLSchema#string
94attributeQuery.queryAttributes.roles = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string
95
96# SSL Context Proxy settings
97attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca
98attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/test.crt
99attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/test.key
100attributeQuery.sslValidDNs = /C=UK/ST=Oxfordshire/O=BADC/OU=Security/CN=localhost, /O=Site A/CN=Attribute Authority
101
102[wsse]
103# WS-Security settings for unit test AA clients
104#
105# OUTBOUND MESSAGE CONFIG
106
107# Signature of an outbound message
108
109# Certificate associated with private key used to sign a message.  The sign
110# method will add this to the BinarySecurityToken element of the WSSE header. 
111signingCertFilePath=$NDGSEC_TEST_CONFIG_DIR/pki/wsse-clnt.crt
112
113# PEM encoded private key file
114signingPriKeyFilePath=$NDGSEC_TEST_CONFIG_DIR/pki/wsse-clnt.key
115
116# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
117# signed message.  See __setReqBinSecTokValType method and binSecTokValType
118# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
119# give full namespace to alternative - see
120# ZSI.wstools.Namespaces.OASIS.X509TOKEN
121#
122# binSecTokValType determines whether signingCert or signingCertChain
123# attributes will be used.
124reqBinSecTokValType=X509v3
125
126# Add a timestamp element to an outbound message
127addTimestamp=True
128
129# For WSSE 1.1 - service returns signature confirmation containing signature
130# value sent by client
131applySignatureConfirmation=False
132
133#
134# INBOUND MESSAGE CONFIG
135
136# Provide a space separated list of file paths
137caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
138
Note: See TracBrowser for help on using the repository browser.