1 | # Single Sign On Service Configuration |
---|
2 | |
---|
3 | [DEFAULT] |
---|
4 | # Server address for secure connections |
---|
5 | #sslServer: https://localhost |
---|
6 | #server: http://localhost:4000 |
---|
7 | sslServer: https://localhost/sso |
---|
8 | server: http://localhost/sso |
---|
9 | layout: %(server)s/layout/ |
---|
10 | icondir: %(server)s/layout/icons/ |
---|
11 | disclaimer: |
---|
12 | |
---|
13 | # Redirect SOAP output to a file e.g. open(<somefile>, 'w') |
---|
14 | tracefile: None |
---|
15 | #tracefile: sys.stderr |
---|
16 | |
---|
17 | # Service addresses |
---|
18 | #sessionMgrURI: https://gabriel.badc.rl.ac.uk/SessionManager |
---|
19 | sessionMgrURI: http://localhost:8000/SessionManager |
---|
20 | attributeAuthorityURI: http://localhost:8000/AttributeAuthority |
---|
21 | |
---|
22 | # WS-Security signature handler - set a config file with 'wssCfgFilePath' |
---|
23 | # or omit and put the relevant content directly in here under |
---|
24 | # 'NDG_SECURITY.wssecurity' section |
---|
25 | #wssCfgFilePath: wssecurity.cfg |
---|
26 | |
---|
27 | # SSL Connections |
---|
28 | # |
---|
29 | # Space separated list of CA cert. files. The peer cert. |
---|
30 | # must verify against at least one of these otherwise the connection is |
---|
31 | # dropped. |
---|
32 | sslCACertFilePathList: certs/ndg-test-ca.crt |
---|
33 | |
---|
34 | # Web Services HTTP Proxy fine tuning |
---|
35 | # |
---|
36 | # For most situations, these settings can be ignored and instead make use of |
---|
37 | # the http_proxy environment variable. They allow for the case where specific |
---|
38 | # settings are needed just for the security web services calls |
---|
39 | |
---|
40 | # Overrides the http_proxy environment variable setting - may be omitted |
---|
41 | #httpProxyHost: wwwcache.rl.ac.uk:8080 |
---|
42 | |
---|
43 | # Web service clients pick up the http_proxy environment variable setting by |
---|
44 | # default. Set this flag to True to ignore http_proxy for web service |
---|
45 | # connections. To use the http_proxy setting, set this parameter to False or |
---|
46 | # remove it completely from this file. |
---|
47 | ignoreHttpProxyEnv: True |
---|
48 | |
---|
49 | |
---|
50 | # Flag to enable OpenID login |
---|
51 | enableOpenID: True |
---|
52 | |
---|
53 | [WS-Security] |
---|
54 | |
---|
55 | # Settings for signature of an outbound message ... |
---|
56 | |
---|
57 | # Certificate associated with private key used to sign a message. The sign |
---|
58 | # method will add this to the BinarySecurityToken element of the WSSE header. |
---|
59 | # binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. |
---|
60 | # As an alternative, use 'signingCertChain' parameter |
---|
61 | |
---|
62 | # file path PEM encoded cert |
---|
63 | signingCertFilePath=certs/clnt.crt |
---|
64 | |
---|
65 | # file path to PEM encoded private key file |
---|
66 | signingPriKeyFilePath=certs/clnt.key |
---|
67 | |
---|
68 | # Password protecting private key. Leave blank if there is no password. |
---|
69 | signingPriKeyPwd= |
---|
70 | |
---|
71 | # Pass a list of certificates ',' separated PEM encoded certs constituting a |
---|
72 | # chain of trust from the certificate used to verifying the signature backward |
---|
73 | # to the CA cert. The CA cert need not be included. To use this option, |
---|
74 | # reqBinSecTokValType must be set to the X509PKIPathv1 |
---|
75 | signingCertChain= |
---|
76 | |
---|
77 | # Provide a space separated list of file paths. CA Certs should be included |
---|
78 | # for all the sites this installation trusts |
---|
79 | caCertFilePathList=certs/ndg-test-ca.crt |
---|
80 | |
---|
81 | # Set the ValueType for the BinarySecurityToken added to the WSSE header for a |
---|
82 | # signed message. |
---|
83 | reqBinSecTokValType=X509v3 |
---|
84 | |
---|
85 | # Add a timestamp element to an outbound message |
---|
86 | addTimestamp=True |
---|
87 | |
---|
88 | # For WSSE 1.1 - service returns signature confirmation containing signature |
---|
89 | # value sent by client |
---|
90 | applySignatureConfirmation=False |
---|
91 | |
---|
92 | tracefile=sys.stderr |
---|
93 | |
---|
94 | [layout] |
---|
95 | ###### user customisable: |
---|
96 | localLink: http://ndg.nerc.ac.uk/ |
---|
97 | localImage: %(layout)sndg_logo_circle.gif |
---|
98 | localAlt: visit badc |
---|
99 | ###### ought to be the end of the customisations |
---|
100 | ndgLink: http://ndg.nerc.ac.uk/ |
---|
101 | ndgImage: %(layout)sndg_logo_circle.gif |
---|
102 | ndgAlt: visit ndg |
---|
103 | stfcLink: http://ceda.stfc.ac.uk/ |
---|
104 | stfcImage: %(layout)sstfc-circle-sm.gif |
---|
105 | key: %(icondir)spadlock.png |
---|
106 | keyGrey: %(layout)skeyG.gif |
---|
107 | selectI: %(layout)stick.png |
---|
108 | Xicon: %(icondir)sxml.png |
---|
109 | plot: %(icondir)splot.png |
---|
110 | printer: %(icondir)sprinter.png |
---|
111 | helpIcon: %(icondir)shelp.png |
---|
112 | HdrLeftAlt: %(layout)sNatural Environment Research Council |
---|
113 | HdrLeftLogo: %(layout)sNERC_Logo.gif |
---|