source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml @ 2746

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml@2746
Revision 2746, 2.8 KB checked in by pjkersha, 13 years ago (diff)

ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml:

  • don't comment out hostname instead include by default

ndg.security.server/ndg/security/server/SessionMgr/init.py:

  • fixed comment typo

ndg.security.server/ndg/security/server/MyProxy.py:

to prevent setting of OpenSSL config file without the required file name and
directory path.

ndg.security.test/ndg/security/test/AttCert/attCertTest.cfg,
ndg.security.test/ndg/security/test/AttCert/AttCertTest.py:

  • fixed unit tests for AC signature verification. certFilePathList can now

be set to include CA certs. to verify the X.509 cert. used in the signature

ndg.security.test/ndg/security/test/SessionMgr/SessionMgrClientTest.py:

  • fix: extAttCertList is no longer returned in getAttCert calls to SM client.

ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • tests with services on glue

ndg.security.common/ndg/security/common/XMLSec.py:

  • fixed verifyEnvelopedSignature so that it is now possible to verify the

X.509 cert. in the signature against it's issuing CA cert.

ndg.security.common/ndg/security/common/SessionMgr/init.py:

  • modified getAttCert call so that extAttCertList is no longer passed back in

the returned tuple but is instead included as an attribute of the
AttributeRequestDenied? exception type.

  • updated pydoc for getAttCert method

ndg.security.common/ndg/security/common/AttAuthority/init.py:

  • typo fix - doesn't affect execution

ndg.security.common/ndg/security/common/CredWallet.py:

  • updates to getAttCert call pydoc
  • and getAttCert exception handling
Line 
1<?xml version="1.0" encoding="utf-8"?>
2<sessMgrProp>
3    <portNum></portNum>
4    <useSSL>Yes</useSSL> <!-- leave blank to use http -->
5    <sslCertFile></sslCertFile>
6    <sslKeyFile></sslKeyFile>
7    <!--
8    PKI settings for signature of outbound SOAP messages
9    -->
10    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature -->
11    <certFile></certFile>
12    <keyFile></keyFile>
13    <keyPwd></keyPwd>
14    <caCertFile></caCertFile>
15    <!--
16    Set the certificate used to verify the signature of messages from the
17    client.  This can usually be left blank since the client is expected to
18    include the cert with the signature in the inbound SOAP message
19    -->
20    <clntCertFile></clntCertFile>   
21    <sessMgrEncrKey></sessMgrEncrKey>
22    <sessMgrURI></sessMgrURI>
23    <cookieDomain></cookieDomain>
24        <myProxyProp>
25                <!--
26                Delete this element and take setting from MYPROXY_SERVER environment
27                variable if required
28                -->
29                <hostname>localhost</hostname>
30                <!--
31                Delete this element to take default setting 7512 or read
32                MYPROXY_SERVER_PORT setting
33                -->
34                <port>7512</port>
35                <!--
36                Useful if hostname and certificate CN don't match correctly.  Globus
37                host DN is set to "host/<fqdn>".  Delete this element and set from
38                MYPROXY_SERVER_DN environment variable if prefered
39                <serverDN></serverDN>
40                -->
41                <!--
42                Set "host/" prefix to host cert CN as is default with globus
43                -->
44                <serverCNprefix>host/</serverCNprefix> 
45                <!--
46                Nb. GRID_SECURITY_DIR environment variable if set, overrides this
47                setting
48               
49                This directory path is used to locate the OpenSSL configuration file
50                -->
51                <gridSecurityDir>$GLOBUS_LOCATION/etc</gridSecurityDir>
52                <!-- Open SSL Configuration settings -->
53                <openSSLConfFileName>globus-user-ssl.conf</openSSLConfFileName>
54                <tmpDir>/tmp</tmpDir>
55                <!--
56                        Limit on maximum lifetime any proxy certificate can have -
57                        specified when a certificate is first created by store() method
58                -->
59                <proxyCertMaxLifetime></proxyCertMaxLifetime> <!-- in hours -->
60                <!--
61                        Life time of a proxy certificate when issued from the Proxy Server
62                        with getDelegation() method
63                        -->
64                <proxyCertLifetime></proxyCertLifetime> <!-- in hours -->
65                <caCertFile></caCertFile>
66        </myProxyProp>
67        <simpleCACltProp>
68            <uri></uri>
69        <xmlSigKeyFile></xmlSigKeyFile>
70        <xmlSigCertFile></xmlSigCertFile>
71        <xmlSigCertPwd></xmlSigCertPwd>
72    </simpleCACltProp>
73        <!--
74        <simpleCASrvProp>
75            <certExpiryDate></certExpiryDate>
76            <certLifetimeDays></certLifetimeDays>
77            <certTmpDir></certTmpDir>
78            <caCertFile></caCertFile>
79            <signExe></signExe>
80            <path></path>
81        </simpleCASrvProp>
82        -->
83    <credReposProp>
84            <modFilePath></modFilePath>
85            <modName>ndg.security.common.CredWallet</modName>
86            <className>NullCredRepos</className>
87            <propFile></propFile>
88    </credReposProp>
89</sessMgrProp>
Note: See TracBrowser for help on using the repository browser.