source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/authz/pdp/browse/browse.cfg @ 4035

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/authz/pdp/browse/browse.cfg@4035
Revision 4035, 3.3 KB checked in by pjkersha, 12 years ago (diff)

Fixes following update to NOCS deployment.

  • m2CryptoSSLUtility.HTTPSConnection now overrides putrequest in order to ensure that the URL path is string type. unicode type gives an error
  • added a unit test for BrowsePDP - gatekeeper for MOLES/CSML access control.
Line 
1# Configuration file for PEP / PDP controlling access to MOLES/
2# CSML secured with MOLES schema access constraints
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 09/04/08
7#
8# Copyright (C) 2008 CCLRC & NERC
9#
10# This software may be distributed under the terms of the Q Public License,
11# version 1.0 or later.
12#
13[DEFAULT]
14
15#
16# Policy Enforcement Point calls a Policy Decision Point interface:
17
18# File path to Python module containing the PDP class - leave blank if the
19# module is in PYTHONPATH env var
20pdpModFilePath: 
21
22# Name of PDP Python module
23pdpModName: ndg.security.common.authz.pdp.browse
24
25# Name of PDP class used
26pdpClassName: BrowsePDP
27
28# File Path to configuration file used by PDP class (environment variables
29# can be used in this path e.g. $PDP_CONFIG_DIR/pdp.cfg.  Omit this parameter
30# to make the PEP read the PDP settings from THIS config file
31#pdpCfgFilePath:
32
33# Read PDP params from THIS section
34pdpCfgSection: NDG_SECURITY.gatekeeper
35
36#
37# Settings for Policy Decision Point called by the PEP
38
39# Address of Attribute Authority for Data Provider
40#aaURI: http://aa.ceda.rl.ac.uk
41aaURI: http://localhost:5000/AttributeAuthority
42
43# Verify peer cert for SSL connections to Session Manager
44sslCACertFilePathList: ./ndg-test-ca.crt
45
46# Set to file object to dump SOAP message output for debugging
47tracefile: sys.stderr
48
49# CA certificates used to verify the signature of user Attribute Certificates
50# - space delimited list but note that currently only the CA of this site
51# is needed because only mapped Attribute Certificates may be accepted.
52acCACertFilePathList: ./ndg-test-ca.crt
53
54# X.509 Distinguished Name for Attribute Certificate issuer - should match with
55# the issuer element of the users Attribute Certificate submitted in order to
56# gain access
57acIssuer: /CN=AttributeAuthority/O=NDG Security Test/OU=Site A
58#acIssuer: /CN=AttributeAuthority/O=NDG/OU=BADC
59
60# WS-Security signature handler - set a config file with 'wssCfgFilePath'
61# or omit and put the relevant content directly in here under the section name
62# specified by 'wssCfgSection' below
63#wssCfgFilePath: wssecurity.cfg
64
65# Config file section for WS-Security settings - Nb. the gatekeeper shares the
66# same settings as the Single Sign On Service.
67wssCfgSection: wssecurity
68
69[wssecurity]
70
71# Settings for signature of an outbound message ...
72
73# Certificate associated with private key used to sign a message.  The sign
74# method will add this to the BinarySecurityToken element of the WSSE header. 
75# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
76# As an alternative, use 'signingCertChain' parameter
77
78# file path PEM encoded cert
79signingCertFilePath=./clnt.crt
80
81# file path to PEM encoded private key file
82signingPriKeyFilePath=./clnt.key
83
84# Password protecting private key.  Leave blank if there is no password.
85signingPriKeyPwd=
86
87# Provide a space separated list of file paths.  CA Certs should be included
88# for all the sites this installation trusts
89caCertFilePathList=./ndg-test-ca.crt
90
91# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
92# signed message. 
93reqBinSecTokValType=X509v3
94
95# Add a timestamp element to an outbound message
96addTimestamp=True
97
98# For WSSE 1.1 - service returns signature confirmation containing signature
99# value sent by client
100applySignatureConfirmation=False
Note: See TracBrowser for help on using the repository browser.