source: TI12-security/trunk/python/conf/sessionMgrProperties.xml @ 2063

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/conf/sessionMgrProperties.xml@2063
Revision 2063, 2.4 KB checked in by pjkersha, 12 years ago (diff)

python/ndg.security.server/ndg/security/server/AttAuthority/init.py:
Include additional checks for loadCredUserRolesInterface.

python/ndg.security.server/ndg/security/server/SessionMgr/server-config.tac:

  • updated soap_connect to wire up to SessionMgr?.connect
  • use of SSL is configurable from useSSL properties file element
  • likewise pick up port number from properties file

python/ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • move lambda functions outside SessionMgr? class - easier to reference.
  • added extra elements to properties file - port num, use SSL flag, SSL cert/private key settings. Simple CA client settings
  • Include additional checks for loadCredReposInterface.
  • update connect method to return proxy cert, proxy private key, user cert and cookie as separate tuple elements.

python/www/html/sessionMgr.wsdl,
python/ndg.security.server/ndg/security/server/SessionMgr/SessionMgr_services_server.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services.py,
python/ndg.security.common/ndg/security/common/SessionMgr/SessionMgr_services_types.py:

  • connect response has separate elements for proxy cert, proxy private key and user cert.
  • disconnect proxyCert -> userCert. proxy is set in signature in SOAP header.

python/ndg.security.server/ndg/security/server/MyProxy.py: fixes to readProperties method.

python/conf/sessionMgrProperties.xml,
python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrProperties.xml:
added additional elements for SSL connection.

python/ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:
updates to connect method.

python/ndg.security.test/ndg/security/test/SessionMgr/server.sh: update to header

python/ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:
modified PKI config settings.

python/ndg.security.common/ndg/security/common/wsSecurity.py: catch exceptions explicitly
for cert and private key file reading errors.

python/ndg.security.common/ndg/security/common/SessionMgr/init.py: SM client ...

  • 'smCertFilePath' refs changed to 'srvCertFilePath'
  • fixes to connect method
  • renamed 'reqAuthorisation' -> 'getAttCert'

python/ndg.security.common/ndg/security/common/CredWallet.py: added NullCredRepos? class.
Its allows for the case where a deployment doesn't require a Credential Repository. It
implements a class with empty stubs.

Line 
1<?xml version="1.0" encoding="utf-8"?>
2<sessMgrProp>
3    <caCertFile></caCertFile>
4    <certFile></certFile>
5    <keyFile></keyFile>
6    <keyPwd></keyPwd>
7    <useSSL>Yes</useSSL> <!-- leave blank to use http -->
8    <sslCertFile></sslCertFile>
9    <sslKeyFile></sslKeyFile>
10    <portNum></portNum>
11    <sessMgrEncrKey></sessMgrEncrKey>
12    <sessMgrURI></sessMgrURI>
13    <cookieDomain></cookieDomain>
14        <myProxyProp>
15                <!--
16                Delete this element and take setting from MYPROXY_SERVER environment
17                variable if required
18                <hostname>localhost</hostname>
19                -->
20                <!--
21                Delete this element to take default setting 7512 or read
22                MYPROXY_SERVER_PORT setting
23                -->
24                <port>7512</port>
25                <!--
26                Useful if hostname and certificate CN don't match correctly.  Globus
27                host DN is set to "host/<fqdn>".  Delete this element and set from
28                MYPROXY_SERVER_DN environment variable if prefered
29                <serverDN></serverDN>
30                -->
31                <!--
32                Set "host/" prefix to host cert CN as is default with globus
33                -->
34                <serverCNprefix>host/</serverCNprefix> 
35                <!--
36                Nb. GRID_SECURITY_DIR environment variable if set, overrides this
37                setting
38               
39                This directory path is used to locate the OpenSSL configuration file
40                -->
41                <gridSecurityDir>$GLOBUS_LOCATION/etc</gridSecurityDir>
42                <!-- Open SSL Configuration settings -->
43                <openSSLConfFileName>globus-user-ssl.conf</openSSLConfFileName>
44                <tmpDir>/tmp</tmpDir>
45                <!--
46                        Limit on maximum lifetime any proxy certificate can have -
47                        specified when a certificate is first created by store() method
48                -->
49                <proxyCertMaxLifetime></proxyCertMaxLifetime> <!-- in hours -->
50                <!--
51                        Life time of a proxy certificate when issued from the Proxy Server
52                        with getDelegation() method
53                        -->
54                <proxyCertLifetime></proxyCertLifetime> <!-- in hours -->
55                <caCertFile></caCertFile>
56        </myProxyProp>
57        <simpleCACltProp>
58            <uri></uri>
59        <xmlSigKeyFile></xmlSigKeyFile>
60        <xmlSigCertFile></xmlSigCertFile>
61        <xmlSigCertPPhrase></xmlSigCertPPhrase>
62    </simpleCACltProp>
63        <!--
64        <simpleCASrvProp>
65            <certExpiryDate></certExpiryDate>
66            <certLifetimeDays></certLifetimeDays>
67            <certTmpDir></certTmpDir>
68            <caCertFile></caCertFile>
69            <signExe></signExe>
70            <path></path>
71        </simpleCASrvProp>
72        -->
73    <credReposProp>
74            <modFilePath></modFilePath>
75            <modName></modName>
76            <className></className>
77            <propFile></propFile>
78    </credReposProp>
79</sessMgrProp>
Note: See TracBrowser for help on using the repository browser.