source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/sso.cfg @ 4587

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/sso.cfg@4587
Revision 4587, 4.1 KB checked in by pjkersha, 12 years ago (diff)
  • Completed integration work for common WSGI/SOAP client based interfaces (ndg.security.server.wsgi.utils.sessionmanagerclient and ndg.security.server.wsgi.utils.attributeauthorityclient) with Pylons Single Sign On package (ndg.security.server.sso)
  • Integrated Single Sign On service into Combined Services Paste service as a Pylons app. This also includes Session Manager, Attribute Authority, OpenID. SSO Service will eventually be removed replaced with OpenID based SSO.
Line 
1# Single Sign On Service Configuration
2
3[DEFAULT]
4# Server address for secure connections
5#sslServer: https://localhost
6#server:    http://localhost:4000
7sslServer: https://localhost/sso
8server:    http://localhost/sso
9layout:         %(server)s/layout/
10icondir:        %(server)s/layout/icons/
11disclaimer:
12
13# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
14tracefile: None
15#tracefile: sys.stderr
16
17# Service addresses
18#sessionMgrURI: https://gabriel.badc.rl.ac.uk/SessionManager
19sessionMgrURI: http://localhost:8000/SessionManager
20
21# If the Attribute Authority URI is commented out the service will try to
22# connect to an Attribute Authority instance in the local WSG stack
23#attAuthorityURI: http://localhost:8000/AttributeAuthority
24
25# WS-Security signature handler - set a config file with 'wssCfgFilePath'
26# or omit and put the relevant content directly in here under
27# 'NDG_SECURITY.wssecurity' section
28#wssCfgFilePath: wssecurity.cfg
29
30# SSL Connections
31#
32# Space separated list of CA cert. files.  The peer cert.
33# must verify against at least one of these otherwise the connection is
34# dropped.
35sslCACertFilePathList: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/singleSignOnService/certs/ndg-test-ca.crt
36
37# Web Services HTTP Proxy fine tuning
38#
39# For most situations, these settings can be ignored and instead make use of
40# the http_proxy environment variable.  They allow for the case where specific
41# settings are needed just for the security web services calls
42
43# Overrides the http_proxy environment variable setting - may be omitted
44#httpProxyHost: wwwcache.rl.ac.uk:8080
45
46# Web service clients pick up the http_proxy environment variable setting by
47# default.  Set this flag to True to ignore http_proxy for web service
48# connections.  To use the http_proxy setting, set this parameter to False or
49# remove it completely from this file.
50ignoreHttpProxyEnv: True
51
52
53# Flag to enable OpenID login
54enableOpenID: True
55
56[WS-Security]
57
58# Settings for signature of an outbound message ...
59
60# Certificate associated with private key used to sign a message.  The sign
61# method will add this to the BinarySecurityToken element of the WSSE header. 
62# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
63# As an alternative, use 'signingCertChain' parameter
64
65# file path PEM encoded cert
66signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/singleSignOnService/certs/clnt.crt
67
68# file path to PEM encoded private key file
69signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/singleSignOnService/certs/clnt.key
70
71# Password protecting private key.  Leave blank if there is no password.
72signingPriKeyPwd=
73
74# Pass a list of certificates ',' separated PEM encoded certs constituting a
75# chain of trust from the certificate used to verifying the signature backward
76# to the CA cert.  The CA cert need not be included.  To use this option,
77# reqBinSecTokValType must be set to the X509PKIPathv1
78signingCertChain=
79
80# Provide a space separated list of file paths.  CA Certs should be included
81# for all the sites this installation trusts
82caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/singleSignOnService/certs/ndg-test-ca.crt
83
84# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
85# signed message. 
86reqBinSecTokValType=X509v3
87
88# Add a timestamp element to an outbound message
89addTimestamp=True
90
91# For WSSE 1.1 - service returns signature confirmation containing signature
92# value sent by client
93applySignatureConfirmation=False
94
95tracefile=sys.stderr
96
97[layout]
98###### user customisable:
99localLink:      http://ndg.nerc.ac.uk/
100localImage:     %(layout)sndg_logo_circle.gif
101localAlt:       visit badc
102###### ought to be the end of the customisations
103ndgLink:        http://ndg.nerc.ac.uk/
104ndgImage:       %(layout)sndg_logo_circle.gif
105ndgAlt:         visit ndg
106stfcLink:       http://ceda.stfc.ac.uk/
107stfcImage:      %(layout)sstfc-circle-sm.gif
108key:            %(icondir)spadlock.png
109keyGrey:        %(layout)skeyG.gif
110selectI:        %(layout)stick.png
111Xicon:          %(icondir)sxml.png
112plot:           %(icondir)splot.png
113printer:        %(icondir)sprinter.png
114helpIcon:       %(icondir)shelp.png
115HdrLeftAlt:     %(layout)sNatural Environment Research Council
116HdrLeftLogo:    %(layout)sNERC_Logo.gif
Note: See TracBrowser for help on using the repository browser.