source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso.cfg @ 4692

# Single Sign On Service Configuration

[DEFAULT]
# Server address for secure connections
#sslServer: https://localhost
#server:    http://localhost:4000
sslServer: https://localhost/sso
server:    http://localhost/sso
layout:         %(server)s/layout/
icondir:        %(server)s/layout/icons/
disclaimer:

# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
tracefile: None
#tracefile: sys.stderr

# Service addresses
#sessionMgrURI: https://gabriel.badc.rl.ac.uk/SessionManager
sessionMgrURI: http://localhost:8000/SessionManager
attributeAuthorityURI: http://localhost:8000/AttributeAuthority

# WS-Security signature handler - set a config file with 'wssCfgFilePath'
# or omit and put the relevant content directly in here under 
# 'NDG_SECURITY.wssecurity' section
#wssCfgFilePath: wssecurity.cfg

# SSL Connections
#
# Space separated list of CA cert. files.  The peer cert.
# must verify against at least one of these otherwise the connection is 
# dropped.
sslCACertFilePathList: certs/ndg-test-ca.crt

# Web Services HTTP Proxy fine tuning 
#
# For most situations, these settings can be ignored and instead make use of 
# the http_proxy environment variable.  They allow for the case where specific 
# settings are needed just for the security web services calls

# Overrides the http_proxy environment variable setting - may be omitted
#httpProxyHost: wwwcache.rl.ac.uk:8080

# Web service clients pick up the http_proxy environment variable setting by
# default.  Set this flag to True to ignore http_proxy for web service 
# connections.  To use the http_proxy setting, set this parameter to False or 
# remove it completely from this file.
ignoreHttpProxyEnv: True


# Flag to enable OpenID login
enableOpenID: True

[WS-Security]

# Settings for signature of an outbound message ...

# Certificate associated with private key used to sign a message.  The sign 
# method will add this to the BinarySecurityToken element of the WSSE header.  
# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.  
# As an alternative, use 'signingCertChain' parameter

# file path PEM encoded cert 
signingCertFilePath=certs/clnt.crt

# file path to PEM encoded private key file
signingPriKeyFilePath=certs/clnt.key

# Password protecting private key.  Leave blank if there is no password.
signingPriKeyPwd=

# Pass a list of certificates ',' separated PEM encoded certs constituting a 
# chain of trust from the certificate used to verifying the signature backward 
# to the CA cert.  The CA cert need not be included.  To use this option, 
# reqBinSecTokValType must be set to the X509PKIPathv1
signingCertChain=

# Provide a space separated list of file paths.  CA Certs should be included 
# for all the sites this installation trusts
caCertFilePathList=certs/ndg-test-ca.crt

# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
# signed message.  
reqBinSecTokValType=X509v3

# Add a timestamp element to an outbound message
addTimestamp=True

# For WSSE 1.1 - service returns signature confirmation containing signature 
# value sent by client
applySignatureConfirmation=False

tracefile=sys.stderr

[layout]
###### user customisable:
localLink:      http://ndg.nerc.ac.uk/
localImage:     %(layout)sndg_logo_circle.gif
localAlt:       visit badc
###### ought to be the end of the customisations
ndgLink:        http://ndg.nerc.ac.uk/
ndgImage:       %(layout)sndg_logo_circle.gif
ndgAlt:         visit ndg
stfcLink:       http://ceda.stfc.ac.uk/
stfcImage:      %(layout)sstfc-circle-sm.gif
key:            %(icondir)spadlock.png
keyGrey:        %(layout)skeyG.gif
selectI:        %(layout)stick.png
Xicon:          %(icondir)sxml.png
plot:           %(icondir)splot.png
printer:        %(icondir)sprinter.png
helpIcon:       %(icondir)shelp.png
HdrLeftAlt:     %(layout)sNatural Environment Research Council
HdrLeftLogo:    %(layout)sNERC_Logo.gif