source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClientTest.cfg @ 3942

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/attAuthority/attAuthorityClientTest.cfg@3942
Revision 3942, 6.9 KB checked in by pjkersha, 12 years ago (diff)

New release for deployment as egg version 0.9.1:

  • OpenID support in beta stage - this merely authenticates users and doesn't link them to any attributes from the Attribute Authority or Session Manager connection.
  • modular security for ows_server
  • HTTP Proxy support to enable WS client calls via HTTP proxy
  • Browse PDP now also logs access requests for public data - means OpenID based user access is logged.
Line 
1# NERC Data Grid Project
2#
3# P J Kershaw 16/01/07
4#
5# Copyright (C) 2007 CCLRC & NERC
6#
7# This software may be distributed under the terms of the Q Public License,
8# version 1.0 or later.
9
10[setUp]
11# ! SiteBMapConfig.xml trusted site A aaURI setting must agree with this
12# setting for test6GetMappedAttCert
13uri = http://localhost:5010/AttributeAuthority
14#uri = https://localhost:5000/AttributeAuthority
15
16# For https connections only.  !Omit ssl* settings if using http!
17# sslpeercertcn is the expected CommonName of peer cert.  Omit if it's the
18# same as peer hostname.
19sslpeercertcn = AttributeAuthority
20sslcacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
21
22# Site A Attribute Authority X.509 certificate used by WS-Security signature
23# handler to verify signature of messages returned from the Attribute Authority
24# This can normally be omitted because the Attribute Authority returns this
25# certificate in it's response anyway
26#aacertfilepath =
27
28# Set to False to test service without WS-Security signature
29setsignaturehandler = True
30
31# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the
32# one which applies ...
33
34# Specifies token is an X.509 certificate
35#reqbinsectokvaltype = X509
36
37# Stipulate X.509 version 3 format
38reqbinsectokvaltype = X509v3
39
40# Specify multiple certificates in a chain of trust.  Use this setting for
41# proxy certificates where a certificate chain consisting of user certificate
42# and proxy certificate is required to secure trust back to the
43# CA: <- User Certificate <- Proxy Certificate
44#reqbinsectokvaltype = X509PKIPathv1
45
46# Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then
47# This certificate is expected to contain a certificate chain of proxy
48# certificate and user certificate that issued it.  The default is test.crt,
49# a standard certificate.  The certificate returned from the MyProxy unit test
50# could be used in place of it here.
51#
52# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script
53# AttAuthorityClientTest.py to default to the same directory as the script
54clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt
55
56# Client private key
57clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key
58
59# Set password for private key - leave blank if no password is set or comment
60# out to be prompted for it from the command line
61clntprikeypwd = 
62
63# Space separated list of CA certificate files used to verify certificate used
64# in message signature / peer cert in SSL connection
65cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
66
67# Inclusive namespaces for Exclusive C14N
68#wssRefInclNS: xmlns xsi xsd SOAP-ENV wsu wsse ns1
69#wssSignedInfoInclNS: xsi xsd SOAP-ENV ds wsse ec
70wssRefInclNS: 
71wssSignedInfoInclNS: 
72
73[test3GetTrustedHostInfo]
74role = postgrad
75# Set an alternative role here to test no matching role found exception
76#role = blah
77 
78[test5GetAttCert]
79# If clntcertfilepath is a proxy set this cert as the one that issued the
80# proxy.  Comment out if clntcertfilepath is a standard X.509 cert.
81#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/user-cert.pem
82
83# Test with no digital signature applied
84#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/proxy-cert.pem
85# Setup for use by testGetMappedAttCert test
86attCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml
87
88[test6GetAttCertWithUserIdSet]
89userId = system
90# Comment out if SignatureHandler is being used
91#issuingclntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/siteA-aa.crt
92
93[test7GetMappedAttCert]
94# Set to False to test service without WS-Security signature
95setsignaturehandler = True
96
97# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the
98# one which applies ...
99
100# Specifies token is an X.509 certificate
101#reqbinsectokvaltype = X509
102
103# Stipulate X.509 version 3 format
104reqbinsectokvaltype = X509v3
105
106# Specify multiple certificates in a chain of trust.  Use this setting for
107# proxy certificates where a certificate chain consisting of user certificate
108# and proxy certificate is required to secure trust back to the
109# CA: <- User Certificate <- Proxy Certificate
110#reqbinsectokvaltype = X509PKIPathv1
111
112# Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then
113# This certificate is expected to contain a certificate chain of proxy
114# certificate and user certificate that issued it.  The default is test.crt,
115# a standard certificate.  The certificate returned from the MyProxy unit test
116# could be used in place of it here.
117#
118# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script
119# AttAuthorityClientTest.py to default to the same directory as the script
120clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt
121
122# Set password for private key - leave blank if no password is set or comment
123# out to be prompted for it from the command line
124clntprikeypwd = 
125clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key
126
127# Space separated list of CA certificate files used to verify certificate used
128# in message signature
129cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
130
131uri = http://localhost:5010/AttributeAuthority
132# Heath Data Server
133#uri = http://glue.badc.rl.ac.uk/DEWS/HealthDataServer/AttributeAuthority
134# Marine Data Server
135#uri = http://glue.badc.rl.ac.uk/DEWS/MarineDataServer/AttributeAuthority
136userAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml
137
138mappedAttCertFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/mapped-ac.xml
139
140[test8GetMappedAttCertStressTest]
141# Set to False for no signature handling
142setSignatureHandler = True
143
144# ValueType for BinarySecurityToken element of WSSE header.  Uncomment the
145# one which applies ...
146
147# Specifies token is an X.509 certificate
148#reqbinsectokvaltype = X509
149
150# Stipulate X.509 version 3 format
151reqbinsectokvaltype = X509v3
152
153# Specify multiple certificates in a chain of trust.  Use this setting for
154# proxy certificates where a certificate chain consisting of user certificate
155# and proxy certificate is required to secure trust back to the
156# CA: <- User Certificate <- Proxy Certificate
157#reqbinsectokvaltype = X509PKIPathv1
158
159# Client certificate - if "reqbinsectokvaltype = X509PKIPathv1" above then
160# This certificate is expected to contain a certificate chain of proxy
161# certificate and user certificate that issued it.  The default is test.crt,
162# a standard certificate.  The certificate returned from the MyProxy unit test
163# could be used in place of it here.
164#
165# $NDGSEC_AACLNT_UNITTEST_DIR is set by the unit test script
166# AttAuthorityClientTest.py to default to the same directory as the script
167clntcertfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.crt
168
169# Set password for private key - leave blank if no password is set or comment
170# out to be prompted for it from the command line
171clntprikeypwd = 
172clntprikeyfilepath = $NDGSEC_AACLNT_UNITTEST_DIR/test.key
173
174# Space separated list of CA certificate files used to verify certificate used
175# in message signature
176cacertfilepathlist = $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
177
178uri = http://localhost:5010/AttributeAuthority
179userAttCertFilePathList = $NDGSEC_AACLNT_UNITTEST_DIR/ac-clnt.xml
180
181
Note: See TracBrowser for help on using the repository browser.