| 1 | # Single Sign On Service Configuration |
|---|
| 2 | |
|---|
| 3 | [DEFAULT] |
|---|
| 4 | layout: /layout/ |
|---|
| 5 | icondir: /layout/icons/ |
|---|
| 6 | disclaimer: |
|---|
| 7 | |
|---|
| 8 | [NDG_SECURITY] |
|---|
| 9 | # Server address for secure connections |
|---|
| 10 | #sslServer: https://localhost |
|---|
| 11 | #server: http://localhost:4000 |
|---|
| 12 | sslServer: https://localhost/sso |
|---|
| 13 | server: http://localhost/sso |
|---|
| 14 | |
|---|
| 15 | # Redirect SOAP output to a file e.g. open(<somefile>, 'w') |
|---|
| 16 | tracefile: None |
|---|
| 17 | #tracefile: sys.stderr |
|---|
| 18 | |
|---|
| 19 | # Service addresses |
|---|
| 20 | sessionMgrURI: https://gabriel.badc.rl.ac.uk/SessionManager |
|---|
| 21 | attAuthorityURI: http://localhost:5000/AttributeAuthority |
|---|
| 22 | |
|---|
| 23 | # WS-Security signature handler |
|---|
| 24 | # This is an application certificate ... (which may be a machine certificate) |
|---|
| 25 | # X.509 certificate sent with outbound signed messages |
|---|
| 26 | wssCertFilePath: certs/clnt.crt |
|---|
| 27 | |
|---|
| 28 | # Private key used to sign messages |
|---|
| 29 | # This is an application certificate ... (which may be a machine certificate) |
|---|
| 30 | wssKeyFilePath: certs/clnt.key |
|---|
| 31 | |
|---|
| 32 | # Password for private key - comment out if the file is not password protected |
|---|
| 33 | wssKeyPwd: |
|---|
| 34 | |
|---|
| 35 | # Space separated list of CA cert. files to validate certs against when |
|---|
| 36 | # verifying responses |
|---|
| 37 | wssCACertFilePathList: certs/ndg-test-ca.crt |
|---|
| 38 | |
|---|
| 39 | # Inclusive namespaces for Exclusive C14N |
|---|
| 40 | #wssRefInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 |
|---|
| 41 | #wssSignedInfoInclNS: xsi xsd SOAP-ENV ds wsse ec |
|---|
| 42 | wssRefInclNS: |
|---|
| 43 | wssSignedInfoInclNS: |
|---|
| 44 | |
|---|
| 45 | # SSL Connections |
|---|
| 46 | # |
|---|
| 47 | # Space separated list of CA cert. files. The peer cert. |
|---|
| 48 | # must verify against at least one of these otherwise the connection is |
|---|
| 49 | # dropped. |
|---|
| 50 | sslCACertFilePathList: certs/ndg-test-ca.crt |
|---|
| 51 | |
|---|
| 52 | # Set an alternate CommonName to match with peer cert for SSL |
|---|
| 53 | # Connections. If the CN=hostname of the peer then this option |
|---|
| 54 | # can be commented out |
|---|
| 55 | sslPeerCertCN: |
|---|
| 56 | |
|---|
| 57 | # Gatekeeper Attribute Certificate check |
|---|
| 58 | # Issuer - should match with the issuer element of the users Attribute |
|---|
| 59 | # Certificate submitted in order to gain access |
|---|
| 60 | acIssuer: /CN=AttributeAuthority/O=NDG/OU=BADC |
|---|
| 61 | #acIssuer: /CN=Junk/O=NDG/OU=Gabriel |
|---|
| 62 | |
|---|
| 63 | # verification of X.509 cert back to CA |
|---|
| 64 | acCACertFilePathList: certs/ndg-test-ca.crt |
|---|
| 65 | |
|---|
| 66 | [layout] |
|---|
| 67 | ###### user customisable: |
|---|
| 68 | localLink: http://ndg.nerc.ac.uk/ |
|---|
| 69 | localImage: %(layout)sndg_logo_circle.gif |
|---|
| 70 | localAlt: visit badc |
|---|
| 71 | ###### ought to be the end of the customisations |
|---|
| 72 | ndgLink: http://ndg.nerc.ac.uk/ |
|---|
| 73 | ndgImage: %(layout)sndg_logo_circle.gif |
|---|
| 74 | ndgAlt: visit ndg |
|---|
| 75 | stfcLink: http://ceda.stfc.ac.uk/ |
|---|
| 76 | stfcImage: %(layout)sstfc-circle-sm.gif |
|---|
| 77 | key: %(icondir)spadlock.png |
|---|
| 78 | keyGrey: %(layout)skeyG.gif |
|---|
| 79 | selectI: %(layout)stick.png |
|---|
| 80 | Xicon: %(icondir)sxml.png |
|---|
| 81 | plot: %(icondir)splot.png |
|---|
| 82 | printer: %(icondir)sprinter.png |
|---|
| 83 | helpIcon: %(icondir)shelp.png |
|---|
| 84 | HdrLeftAlt: %(layout)sNatural Environment Research Council |
|---|
| 85 | HdrLeftLogo: %(layout)sNERC_Logo.gif |
|---|
