source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/sso.cfg @ 4739

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/sso.cfg@4739
Revision 4739, 4.5 KB checked in by pjkersha, 11 years ago (diff)

Refactored x509, xmlsec, XMLSecDoc and combinedservices unit tests separating out test files into the config dir.

Line 
1# Single Sign On Service Configuration
2
3[DEFAULT]
4# Server address for secure connections
5#sslServer: https://localhost
6#server:    http://localhost:4000
7sslServer: https://localhost/sso
8server:    http://localhost/sso
9layout:         %(server)s/layout/
10icondir:        %(server)s/layout/icons/
11disclaimer:
12
13# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
14tracefile: None
15#tracefile: sys.stderr
16
17# Service addresses
18sessionMgrURI: http://localhost:8000/SessionManager
19
20# If the Attribute Authority URI is commented out the service will try to
21# connect to an Attribute Authority instance in the local WSG stack
22#attributeAuthorityURI: http://localhost:8000/AttributeAuthority
23
24# WS-Security signature handler - set a config file with 'wssCfgFilePath'
25# or omit and put the relevant content directly in here under
26# 'NDG_SECURITY.wssecurity' section
27#wssCfgFilePath: wssecurity.cfg
28
29# SSL Connections
30#
31# Space separated list of CA cert. files.  The peer cert.
32# must verify against at least one of these otherwise the connection is
33# dropped.
34sslCACertFilePathList: $NDGSEC_UNITTEST_CONFIG_DIR/ca/ndg-test-ca.crt
35
36# Web Services HTTP Proxy fine tuning
37#
38# For most situations, these settings can be ignored and instead make use of
39# the http_proxy environment variable.  They allow for the case where specific
40# settings are needed just for the security web services calls
41
42# Overrides the http_proxy environment variable setting - may be omitted
43#httpProxyHost: wwwcache.rl.ac.uk:8080
44
45# Web service clients pick up the http_proxy environment variable setting by
46# default.  Set this flag to True to ignore http_proxy for web service
47# connections.  To use the http_proxy setting, set this parameter to False or
48# remove it completely from this file.
49ignoreHttpProxyEnv: True
50
51# Flag to enable OpenID login
52enableOpenID: True
53
54# Service addresses - connect to a remote service or provide a key to WSGI
55# environ for a service running locally.  See services.ini to get the key
56# names from the filterID options set
57#sessionMgrURI: http://localhost:8000/SessionManager
58sessionManagerEnvironKey = filter:SessionManagerFilter
59
60# If the Attribute Authority URI is commented out the service will try to
61# connect to an Attribute Authority instance in the local WSG stack
62#attributeAuthorityURI: http://localhost:8000/AttributeAuthority
63attributeAuthorityEnvironKey = filter:AttributeAuthorityFilter
64
65
66[WS-Security]
67
68# Settings for signature of an outbound message ...
69
70# Certificate associated with private key used to sign a message.  The sign
71# method will add this to the BinarySecurityToken element of the WSSE header. 
72# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
73# As an alternative, use 'signingCertChain' parameter
74
75# file path PEM encoded cert
76signingCertFilePath=$NDGSEC_UNITTEST_CONFIG_DIR/pki/wsse-clnt.crt
77
78# file path to PEM encoded private key file
79signingPriKeyFilePath=$NDGSEC_UNITTEST_CONFIG_DIR/pki/wsse-clnt.key
80
81# Password protecting private key.  Leave blank if there is no password.
82signingPriKeyPwd=
83
84# Pass a list of certificates ',' separated PEM encoded certs constituting a
85# chain of trust from the certificate used to verifying the signature backward
86# to the CA cert.  The CA cert need not be included.  To use this option,
87# reqBinSecTokValType must be set to the X509PKIPathv1
88signingCertChain=
89
90# Provide a space separated list of file paths.  CA Certs should be included
91# for all the sites this installation trusts
92caCertFilePathList=$NDGSEC_UNITTEST_CONFIG_DIR/ca/ndg-test-ca.crt
93
94# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
95# signed message. 
96reqBinSecTokValType=X509v3
97
98# Add a timestamp element to an outbound message
99addTimestamp=True
100
101# For WSSE 1.1 - service returns signature confirmation containing signature
102# value sent by client
103applySignatureConfirmation=False
104
105tracefile=sys.stderr
106
107[layout]
108###### user customisable:
109localLink:      http://ndg.nerc.ac.uk/
110localImage:     %(layout)sndg_logo_circle.gif
111localAlt:       visit badc
112###### ought to be the end of the customisations
113ndgLink:        http://ndg.nerc.ac.uk/
114ndgImage:       %(layout)sndg_logo_circle.gif
115ndgAlt:         visit ndg
116stfcLink:       http://ceda.stfc.ac.uk/
117stfcImage:      %(layout)sstfc-circle-sm.gif
118key:            %(icondir)spadlock.png
119keyGrey:        %(layout)skeyG.gif
120selectI:        %(layout)stick.png
121Xicon:          %(icondir)sxml.png
122plot:           %(icondir)splot.png
123printer:        %(icondir)sprinter.png
124helpIcon:       %(icondir)shelp.png
125HdrLeftAlt:     %(layout)sNatural Environment Research Council
126HdrLeftLogo:    %(layout)sNERC_Logo.gif
Note: See TracBrowser for help on using the repository browser.