source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml @ 2420

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml@2420
Revision 2420, 1.9 KB checked in by pjkersha, 14 years ago (diff)

ndg.security.server/ndg/security/server/AttAuthority/init.py:

  • improve error messages to include 'X.509' to differentiate with AC errors
  • fixed bug with getAttCert when creating a mapped AC. It now copies over any userId setting from

the original AC input.

was put in to force authors of derived classes to implement an init but it's not necessary.
getRoles and isUserRegistered remain as virtual methods. i.e. they'll raise not NotImplementedError?
if the derived class doesn't overload them.

ndg.security.server/ndg/security/server/conf/attAuthorityProperties.xml: include a default
attCertLifetime as an aid when making settings following an installation.

ndg.security.test/ndg/security/test/AttAuthority/AttAuthorityClientTest.py: enable separate
caCertFilePath setting for test7GetMappedAttCert test. This allows one of the unit test AAs to
run without WS-Security settings and one with.

ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg: custom settings for
DEWS tests but also important some additions:

  • include 'issuingusercertfilepath' for test6GetAttCertWithUserIdSet test otherwise it will fail

on the server side in the case when WS-Security signature settings are not made.

  • include 'cacertfilepathlist' setting for test7GetMappedAttCert test.
  • 'mappedAttCertFilePath' enables issued mapped AC to be saved to file for test7GetMappedAttCert

test.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1<?xml version="1.0" encoding="utf-8"?>
2<AAprop>
3        <!--
4        'name' setting MUST agree with map config file 'thisHost' name
5        attribute
6        -->
7    <name>BADC</name> 
8    <portNum>5000</portNum>
9    <!--
10    PKI settings for transport level encryption
11    -->
12    <useSSL></useSSL> <!-- leave blank to use http -->
13    <sslCertFile></sslCertFile>
14    <sslKeyFile></sslKeyFile>
15    <sslKeyPwd></sslKeyPwd>
16    <!--
17    PKI settings for signature of outbound SOAP messages
18    -->
19    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature -->
20    <certFile></certFile>
21    <keyFile></keyFile>
22    <keyPwd></keyPwd>
23    <caCertFile></caCertFile>
24    <!--
25    Set the certificate used to verify the signature of messages from the
26    client.  This can usually be left blank since the client is expected to
27    include the cert with the signature in the inbound SOAP message
28    -->
29    <clntCertFile></clntCertFile>   
30    <attCertLifetime>86400</attCertLifetime> <!-- Measured in seconds -->
31        <!--
32        Allow an offset for clock skew between servers running
33        security services.  - Use minus sign for time in the past
34        -->
35    <attCertNotBeforeOff>0</attCertNotBeforeOff>
36    <!-- Location of role mapping file -->
37    <mapConfigFile></mapConfigFile>
38    <!-- All Attribute Certificates are recorded in this dir before dispatch
39    to SOAP requestor
40    -->
41    <attCertDir></attCertDir>
42    <!--
43    File prefix and suffix for files stored in attCertDir
44    -->
45    <attCertFilePfx>ac-</attCertFilePfx>
46    <attCertFileSfx>.xml</attCertFileSfx>
47    <dnSeparator>/</dnSeparator>
48    <!--
49    Settings for custom AAUserRoles derived class to get user roles for
50    given user ID
51    -->
52    <userRolesModFilePath></userRolesModFilePath>
53    <userRolesModName></userRolesModName>
54    <userRolesClassName></userRolesClassName>
55    <userRolesPropFile></userRolesPropFile>
56</AAprop>
Note: See TracBrowser for help on using the repository browser.