source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/sso.cfg @ 4692

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/sso.cfg@4692
Revision 4692, 4.1 KB checked in by pjkersha, 11 years ago (diff)

Refactoring of SSO service to enable use of local AA and SM instances via keys to environ.

Line 
1# Single Sign On Service Configuration
2
3[DEFAULT]
4# Server address for secure connections
5#sslServer: https://localhost
6#server:    http://localhost:4000
7sslServer: https://localhost/sso
8server:    http://localhost/sso
9layout:         %(server)s/layout/
10icondir:        %(server)s/layout/icons/
11disclaimer:
12
13# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
14tracefile: None
15#tracefile: sys.stderr
16
17# Service addresses
18sessionMgrURI: http://localhost:8000/SessionManager
19
20# If the Attribute Authority URI is commented out the service will try to
21# connect to an Attribute Authority instance in the local WSG stack
22#attributeAuthorityURI: http://localhost:8000/AttributeAuthority
23
24# WS-Security signature handler - set a config file with 'wssCfgFilePath'
25# or omit and put the relevant content directly in here under
26# 'NDG_SECURITY.wssecurity' section
27#wssCfgFilePath: wssecurity.cfg
28
29# SSL Connections
30#
31# Space separated list of CA cert. files.  The peer cert.
32# must verify against at least one of these otherwise the connection is
33# dropped.
34sslCACertFilePathList: $NDGSEC_COMBINED_SRVS_UNITTEST_DIR/singleSignOnService/certs/ndg-test-ca.crt
35
36# Web Services HTTP Proxy fine tuning
37#
38# For most situations, these settings can be ignored and instead make use of
39# the http_proxy environment variable.  They allow for the case where specific
40# settings are needed just for the security web services calls
41
42# Overrides the http_proxy environment variable setting - may be omitted
43#httpProxyHost: wwwcache.rl.ac.uk:8080
44
45# Web service clients pick up the http_proxy environment variable setting by
46# default.  Set this flag to True to ignore http_proxy for web service
47# connections.  To use the http_proxy setting, set this parameter to False or
48# remove it completely from this file.
49ignoreHttpProxyEnv: True
50
51
52# Flag to enable OpenID login
53enableOpenID: True
54
55[WS-Security]
56
57# Settings for signature of an outbound message ...
58
59# Certificate associated with private key used to sign a message.  The sign
60# method will add this to the BinarySecurityToken element of the WSSE header. 
61# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
62# As an alternative, use 'signingCertChain' parameter
63
64# file path PEM encoded cert
65signingCertFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/singleSignOnService/certs/clnt.crt
66
67# file path to PEM encoded private key file
68signingPriKeyFilePath=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/singleSignOnService/certs/clnt.key
69
70# Password protecting private key.  Leave blank if there is no password.
71signingPriKeyPwd=
72
73# Pass a list of certificates ',' separated PEM encoded certs constituting a
74# chain of trust from the certificate used to verifying the signature backward
75# to the CA cert.  The CA cert need not be included.  To use this option,
76# reqBinSecTokValType must be set to the X509PKIPathv1
77signingCertChain=
78
79# Provide a space separated list of file paths.  CA Certs should be included
80# for all the sites this installation trusts
81caCertFilePathList=$NDGSEC_COMBINED_SRVS_UNITTEST_DIR/singleSignOnService/certs/ndg-test-ca.crt
82
83# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
84# signed message. 
85reqBinSecTokValType=X509v3
86
87# Add a timestamp element to an outbound message
88addTimestamp=True
89
90# For WSSE 1.1 - service returns signature confirmation containing signature
91# value sent by client
92applySignatureConfirmation=False
93
94tracefile=sys.stderr
95
96[layout]
97###### user customisable:
98localLink:      http://ndg.nerc.ac.uk/
99localImage:     %(layout)sndg_logo_circle.gif
100localAlt:       visit badc
101###### ought to be the end of the customisations
102ndgLink:        http://ndg.nerc.ac.uk/
103ndgImage:       %(layout)sndg_logo_circle.gif
104ndgAlt:         visit ndg
105stfcLink:       http://ceda.stfc.ac.uk/
106stfcImage:      %(layout)sstfc-circle-sm.gif
107key:            %(icondir)spadlock.png
108keyGrey:        %(layout)skeyG.gif
109selectI:        %(layout)stick.png
110Xicon:          %(icondir)sxml.png
111plot:           %(icondir)splot.png
112printer:        %(icondir)sprinter.png
113helpIcon:       %(icondir)shelp.png
114HdrLeftAlt:     %(layout)sNatural Environment Research Council
115HdrLeftLogo:    %(layout)sNERC_Logo.gif
Note: See TracBrowser for help on using the repository browser.