source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso.cfg @ 4692

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso.cfg@4692
Revision 4692, 3.8 KB checked in by pjkersha, 11 years ago (diff)

Refactoring of SSO service to enable use of local AA and SM instances via keys to environ.

Line 
1# Single Sign On Service Configuration
2
3[DEFAULT]
4# Server address for secure connections
5#sslServer: https://localhost
6#server:    http://localhost:4000
7sslServer: https://localhost/sso
8server:    http://localhost/sso
9layout:         %(server)s/layout/
10icondir:        %(server)s/layout/icons/
11disclaimer:
12
13# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
14tracefile: None
15#tracefile: sys.stderr
16
17# Service addresses
18#sessionMgrURI: https://gabriel.badc.rl.ac.uk/SessionManager
19sessionMgrURI: http://localhost:8000/SessionManager
20attributeAuthorityURI: http://localhost:8000/AttributeAuthority
21
22# WS-Security signature handler - set a config file with 'wssCfgFilePath'
23# or omit and put the relevant content directly in here under
24# 'NDG_SECURITY.wssecurity' section
25#wssCfgFilePath: wssecurity.cfg
26
27# SSL Connections
28#
29# Space separated list of CA cert. files.  The peer cert.
30# must verify against at least one of these otherwise the connection is
31# dropped.
32sslCACertFilePathList: certs/ndg-test-ca.crt
33
34# Web Services HTTP Proxy fine tuning
35#
36# For most situations, these settings can be ignored and instead make use of
37# the http_proxy environment variable.  They allow for the case where specific
38# settings are needed just for the security web services calls
39
40# Overrides the http_proxy environment variable setting - may be omitted
41#httpProxyHost: wwwcache.rl.ac.uk:8080
42
43# Web service clients pick up the http_proxy environment variable setting by
44# default.  Set this flag to True to ignore http_proxy for web service
45# connections.  To use the http_proxy setting, set this parameter to False or
46# remove it completely from this file.
47ignoreHttpProxyEnv: True
48
49
50# Flag to enable OpenID login
51enableOpenID: True
52
53[WS-Security]
54
55# Settings for signature of an outbound message ...
56
57# Certificate associated with private key used to sign a message.  The sign
58# method will add this to the BinarySecurityToken element of the WSSE header. 
59# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
60# As an alternative, use 'signingCertChain' parameter
61
62# file path PEM encoded cert
63signingCertFilePath=certs/clnt.crt
64
65# file path to PEM encoded private key file
66signingPriKeyFilePath=certs/clnt.key
67
68# Password protecting private key.  Leave blank if there is no password.
69signingPriKeyPwd=
70
71# Pass a list of certificates ',' separated PEM encoded certs constituting a
72# chain of trust from the certificate used to verifying the signature backward
73# to the CA cert.  The CA cert need not be included.  To use this option,
74# reqBinSecTokValType must be set to the X509PKIPathv1
75signingCertChain=
76
77# Provide a space separated list of file paths.  CA Certs should be included
78# for all the sites this installation trusts
79caCertFilePathList=certs/ndg-test-ca.crt
80
81# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
82# signed message. 
83reqBinSecTokValType=X509v3
84
85# Add a timestamp element to an outbound message
86addTimestamp=True
87
88# For WSSE 1.1 - service returns signature confirmation containing signature
89# value sent by client
90applySignatureConfirmation=False
91
92tracefile=sys.stderr
93
94[layout]
95###### user customisable:
96localLink:      http://ndg.nerc.ac.uk/
97localImage:     %(layout)sndg_logo_circle.gif
98localAlt:       visit badc
99###### ought to be the end of the customisations
100ndgLink:        http://ndg.nerc.ac.uk/
101ndgImage:       %(layout)sndg_logo_circle.gif
102ndgAlt:         visit ndg
103stfcLink:       http://ceda.stfc.ac.uk/
104stfcImage:      %(layout)sstfc-circle-sm.gif
105key:            %(icondir)spadlock.png
106keyGrey:        %(layout)skeyG.gif
107selectI:        %(layout)stick.png
108Xicon:          %(icondir)sxml.png
109plot:           %(icondir)splot.png
110printer:        %(icondir)sprinter.png
111helpIcon:       %(icondir)shelp.png
112HdrLeftAlt:     %(layout)sNatural Environment Research Council
113HdrLeftLogo:    %(layout)sNERC_Logo.gif
Note: See TracBrowser for help on using the repository browser.