source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/sitea/site-a.ini @ 5637

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/sitea/site-a.ini@5637
Revision 5637, 4.9 KB checked in by pjkersha, 11 years ago (diff)

Refactoring Attribute Authority for inclusion of SAML attribute query interface.

Line 
1#
2# PasteDeploy ini file for Attribute Authority Unit tests Site A Server
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 12/09/08
7#
8# Copyright (C) 2009 Science and Technology Facilities Council
9#
10# BSD - See LICENCE file for details
11
12[DEFAULT]
13# WS-Security settings in THIS file
14wsseCfgFilePath = %(here)s/site-a.ini
15wsseCfgFileSection = WS-Security
16
17# Attribute Authority settings
18# 'name' setting MUST agree with map config file 'thisHost' name attribute
19attributeAuthority.name: Site A
20
21# Lifetime is measured in seconds
22attributeAuthority.attCertLifetime: 28800 
23
24# Allow an offset for clock skew between servers running
25# security services. NB, measured in seconds - use a minus sign for time in the
26# past
27attributeAuthority.attCertNotBeforeOff: 0
28
29# All Attribute Certificates issued are recorded in this dir
30attributeAuthority.attCertDir: %(here)s/attributeCertificateLog
31
32# Files in attCertDir are stored using a rotating file handler
33# attCertFileLogCnt sets the max number of files created before the first is
34# overwritten
35attributeAuthority.attCertFileName: ac.xml
36attributeAuthority.attCertFileLogCnt: 16
37attributeAuthority.dnSeparator:/
38
39# Location of role mapping file
40attributeAuthority.mapConfigFilePath: %(here)s/siteAMapConfig.xml
41
42# Settings for custom AttributeInterface derived class to get user roles for given
43# user ID
44attributeAuthority.attributeInterface.modFilePath: %(here)s
45attributeAuthority.attributeInterface.modName: siteAUserRoles
46attributeAuthority.attributeInterface.className: TestUserRoles
47
48# Config for XML signature of Attribute Certificate
49attributeAuthority.signingPriKeyFilePath: %(here)s/siteA-aa.key
50attributeAuthority.signingCertFilePath: %(here)s/siteA-aa.crt
51attributeAuthority.caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
52
53[server:main]
54use = egg:Paste#http
55host = 0.0.0.0
56port = 5000
57
58[app:mainApp]
59paste.app_factory = ndg.security.test.config.attributeauthority.sitea.siteAServerApp:app_factory
60
61# Chain of SOAP Middleware filters
62[pipeline:main]
63pipeline = wsseSignatureVerificationFilter
64                   AttributeAuthorityFilter
65                   wsseSignatureFilter
66                   mainApp
67
68
69[filter:AttributeAuthorityFilter]
70paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware
71ServiceSOAPBindingClass = ndg.security.server.zsi.attributeauthority.AttributeAuthorityWS
72ServiceSOAPBindingPropPrefix = AttributeAuthority
73AttributeAuthority.propPrefix = attributeAuthority
74AttributeAuthority.propFilePath = %(here)s/site-a.ini
75AttributeAuthority.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
76referencedFilters = wsseSignatureVerificationFilter01
77path = /AttributeAuthority
78enableWSDLQuery = True
79charset = utf-8
80
81[filter:wsseSignatureVerificationFilter]
82paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter
83filterID = wsseSignatureVerificationFilter01
84
85[filter:wsseSignatureFilter]
86paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter
87
88# Reference the verification filter in order to be able to apply signature
89# confirmation
90referencedFilters = wsseSignatureVerificationFilter01
91wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
92
93# Last filter in chain SOAP handlers writes the response
94writeResponse = True
95
96
97[WS-Security]
98#
99# OUTBOUND MESSAGE CONFIG
100
101# Signature of an outbound message
102
103# Certificate associated with private key used to sign a message.  The sign
104# method will add this to the BinarySecurityToken element of the WSSE header. 
105signingCertFilePath=%(here)s/siteA-aa.crt
106#signingCertFilePath=%(here)s/java-ca-server.crt
107
108# PEM encoded private key file
109signingPriKeyFilePath=%(here)s/siteA-aa.key
110#signingPriKeyFilePath=%(here)s/java-ca-server.key
111
112# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
113# signed message.  See __setReqBinSecTokValType method and binSecTokValType
114# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
115# give full namespace to alternative - see
116# ZSI.wstools.Namespaces.OASIS.X509TOKEN
117#
118# binSecTokValType determines whether signingCert or signingCertChain
119# attributes will be used.
120reqBinSecTokValType=X509v3
121
122# Add a timestamp element to an outbound message
123addTimestamp=True
124
125# For WSSE 1.1 - service returns signature confirmation containing signature
126# value sent by client
127applySignatureConfirmation=True
128
129#
130# INBOUND MESSAGE CONFIG
131
132# Provide a space separated list of file paths
133caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
134#caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt $NDGSEC_TEST_CONFIG_DIR/ca/java-ca.crt
135
136
137# Logging configuration
138[loggers]
139keys = root, ndg
140
141[handlers]
142keys = console
143
144[formatters]
145keys = generic
146
147[logger_root]
148level = INFO
149handlers = console
150
151[logger_ndg]
152level = DEBUG
153handlers =
154qualname = ndg
155
156[handler_console]
157class = StreamHandler
158args = (sys.stderr,)
159level = NOTSET
160formatter = generic
161
162[formatter_generic]
163format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
164datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.