source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthorityclient/siteA/site-a.ini @ 4462

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/attributeauthorityclient/siteA/site-a.ini@4462
Revision 4462, 5.0 KB checked in by pjkersha, 12 years ago (diff)

More re-arranging of Site A/B AA config.

Line 
1#
2# PasteDeploy ini file for Attribute Authority Unit tests Site A Server
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 12/09/08
7#
8# Copyright (C) 2008 STFC & NERC
9#
10# This software may be distributed under the terms of the Q Public License,
11# version 1.0 or later.
12
13[DEFAULT]
14# WS-Security settings in THIS file
15wsseCfgFilePath = %(here)s/site-a.ini
16wsseCfgFileSection = WS-Security
17
18# Attribute Authority settings
19# 'name' setting MUST agree with map config file 'thisHost' name attribute
20attributeAuthority.name: Site A
21
22# Lifetime is measured in seconds
23attributeAuthority.attCertLifetime: 28800 
24
25# Allow an offset for clock skew between servers running
26# security services. NB, measured in seconds - use a minus sign for time in the
27# past
28attributeAuthority.attCertNotBeforeOff: 0
29
30# All Attribute Certificates issued are recorded in this dir
31attributeAuthority.attCertDir: $NDGSEC_AACLNT_UNITTEST_DIR/siteA/attCertLog
32
33# Files in attCertDir are stored using a rotating file handler
34# attCertFileLogCnt sets the max number of files created before the first is
35# overwritten
36attributeAuthority.attCertFileName: ac.xml
37attributeAuthority.attCertFileLogCnt: 16
38attributeAuthority.dnSeparator:/
39
40# Location of role mapping file
41attributeAuthority.mapConfigFile: $NDGSEC_AACLNT_UNITTEST_DIR/siteA/siteAMapConfig.xml
42
43# Settings for custom AAUserRoles derived class to get user roles for given
44# user ID
45attributeAuthority.userRolesModFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA
46attributeAuthority.userRolesModName: siteAUserRoles
47attributeAuthority.userRolesClassName: TestUserRoles
48
49# Config for XML signature of Attribute Certificate
50attributeAuthority.signingPriKeyFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA/siteA-aa.key
51attributeAuthority.signingCertFilePath: $NDGSEC_AACLNT_UNITTEST_DIR/siteA/siteA-aa.crt
52attributeAuthority.caCertFilePathList: $NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
53
54[server:main]
55use = egg:Paste#http
56host = 0.0.0.0
57port = 5000
58
59[app:mainApp]
60paste.app_factory = ndg.security.test.attributeauthorityclient.siteA.siteAServerApp:app_factory
61
62# Chain of SOAP Middleware filters
63[pipeline:main]
64pipeline = wsseSignatureVerificationFilter AttributeAuthorityFilter wsseSignatureFilter mainApp
65
66
67[filter:AttributeAuthorityFilter]
68paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware
69ServiceSOAPBindingClass = ndg.security.server.zsi.attributeauthority.AttributeAuthorityWS
70ServiceSOAPBindingPropPrefix = AttributeAuthority
71AttributeAuthority.propPrefix = attributeAuthority
72AttributeAuthority.propFilePath = $NDGSEC_AACLNT_UNITTEST_DIR/siteA/site-a.ini
73referencedFilters = wsseSignatureVerificationFilter01
74path = /AttributeAuthority
75enableWSDLQuery = True
76charset = utf-8
77
78[filter:wsseSignatureVerificationFilter]
79paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter
80filterID = wsseSignatureVerificationFilter01
81
82[filter:wsseSignatureFilter]
83paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter
84
85# Reference the verification filter in order to be able to apply signature
86# confirmation
87referencedFilters = wsseSignatureVerificationFilter01
88
89# Last filter in chain SOAP handlers writes the response
90writeResponse = True
91
92
93[WS-Security]
94#
95# OUTBOUND MESSAGE CONFIG
96
97# Signature of an outbound message
98
99# Certificate associated with private key used to sign a message.  The sign
100# method will add this to the BinarySecurityToken element of the WSSE header. 
101signingCertFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/siteA/siteA-aa.crt
102#signingCertFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/siteA/java-ca-server.crt
103
104# PEM encoded private key file
105signingPriKeyFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/siteA/siteA-aa.key
106#signingPriKeyFilePath=$NDGSEC_AACLNT_UNITTEST_DIR/siteA/java-ca-server.key
107
108# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
109# signed message.  See __setReqBinSecTokValType method and binSecTokValType
110# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
111# give full namespace to alternative - see
112# ZSI.wstools.Namespaces.OASIS.X509TOKEN
113#
114# binSecTokValType determines whether signingCert or signingCertChain
115# attributes will be used.
116reqBinSecTokValType=X509v3
117
118# Add a timestamp element to an outbound message
119addTimestamp=True
120
121# For WSSE 1.1 - service returns signature confirmation containing signature
122# value sent by client
123applySignatureConfirmation=True
124
125#
126# INBOUND MESSAGE CONFIG
127
128# Provide a space separated list of file paths
129caCertFilePathList=$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
130#caCertFilePathList=$NDGSEC_AACLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_AACLNT_UNITTEST_DIR/ca/java-ca.crt
131
132
133# Logging configuration
134[loggers]
135keys = root, ndg
136
137[handlers]
138keys = console
139
140[formatters]
141keys = generic
142
143[logger_root]
144level = INFO
145handlers = console
146
147[logger_ndg]
148level = DEBUG
149handlers =
150qualname = ndg
151
152[handler_console]
153class = StreamHandler
154args = (sys.stderr,)
155level = NOTSET
156formatter = generic
157
158[formatter_generic]
159format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
160datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.