1 | # Single Sign On Service Configuration |
---|
2 | |
---|
3 | [DEFAULT] |
---|
4 | layout: /layout/ |
---|
5 | icondir: /layout/icons/ |
---|
6 | disclaimer: |
---|
7 | |
---|
8 | [NDG_SECURITY] |
---|
9 | # Server address for secure connections |
---|
10 | #sslServer: https://localhost |
---|
11 | #server: http://localhost:4000 |
---|
12 | sslServer: https://localhost/sso |
---|
13 | server: http://localhost/sso |
---|
14 | |
---|
15 | # Redirect SOAP output to a file e.g. open(<somefile>, 'w') |
---|
16 | tracefile: None |
---|
17 | #tracefile: sys.stderr |
---|
18 | |
---|
19 | # Service addresses |
---|
20 | sessionMgrURI: https://gabriel.badc.rl.ac.uk/SessionManager |
---|
21 | attAuthorityURI: http://localhost:5000/AttributeAuthority |
---|
22 | |
---|
23 | # WS-Security signature handler |
---|
24 | # This is an application certificate ... (which may be a machine certificate) |
---|
25 | # X.509 certificate sent with outbound signed messages |
---|
26 | wssCertFilePath: certs/clnt.crt |
---|
27 | |
---|
28 | # Private key used to sign messages |
---|
29 | # This is an application certificate ... (which may be a machine certificate) |
---|
30 | wssKeyFilePath: certs/clnt.key |
---|
31 | |
---|
32 | # Password for private key - comment out if the file is not password protected |
---|
33 | wssKeyPwd: |
---|
34 | |
---|
35 | # Space separated list of CA cert. files to validate certs against when |
---|
36 | # verifying responses |
---|
37 | wssCACertFilePathList: certs/ndg-test-ca.crt |
---|
38 | |
---|
39 | # Inclusive namespaces for Exclusive C14N |
---|
40 | #wssRefInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1 |
---|
41 | #wssSignedInfoInclNS: xsi xsd SOAP-ENV ds wsse ec |
---|
42 | wssRefInclNS: |
---|
43 | wssSignedInfoInclNS: |
---|
44 | |
---|
45 | # SSL Connections |
---|
46 | # |
---|
47 | # Space separated list of CA cert. files. The peer cert. |
---|
48 | # must verify against at least one of these otherwise the connection is |
---|
49 | # dropped. |
---|
50 | sslCACertFilePathList: certs/ndg-test-ca.crt |
---|
51 | |
---|
52 | # Set an alternate CommonName to match with peer cert for SSL |
---|
53 | # Connections. If the CN=hostname of the peer then this option |
---|
54 | # can be commented out |
---|
55 | sslPeerCertCN: |
---|
56 | |
---|
57 | # Gatekeeper Attribute Certificate check |
---|
58 | # Issuer - should match with the issuer element of the users Attribute |
---|
59 | # Certificate submitted in order to gain access |
---|
60 | acIssuer: /CN=AttributeAuthority/O=NDG/OU=BADC |
---|
61 | #acIssuer: /CN=Junk/O=NDG/OU=Gabriel |
---|
62 | |
---|
63 | # verification of X.509 cert back to CA |
---|
64 | acCACertFilePathList: certs/ndg-test-ca.crt |
---|
65 | |
---|
66 | [layout] |
---|
67 | ###### user customisable: |
---|
68 | localLink: http://ndg.nerc.ac.uk/ |
---|
69 | localImage: %(layout)sndg_logo_circle.gif |
---|
70 | localAlt: visit badc |
---|
71 | ###### ought to be the end of the customisations |
---|
72 | ndgLink: http://ndg.nerc.ac.uk/ |
---|
73 | ndgImage: %(layout)sndg_logo_circle.gif |
---|
74 | ndgAlt: visit ndg |
---|
75 | stfcLink: http://ceda.stfc.ac.uk/ |
---|
76 | stfcImage: %(layout)sstfc-circle-sm.gif |
---|
77 | key: %(icondir)spadlock.png |
---|
78 | keyGrey: %(layout)skeyG.gif |
---|
79 | selectI: %(layout)stick.png |
---|
80 | Xicon: %(icondir)sxml.png |
---|
81 | plot: %(icondir)splot.png |
---|
82 | printer: %(icondir)sprinter.png |
---|
83 | helpIcon: %(icondir)shelp.png |
---|
84 | HdrLeftAlt: %(layout)sNatural Environment Research Council |
---|
85 | HdrLeftLogo: %(layout)sNERC_Logo.gif |
---|