source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/sitea/site-a.ini @ 5648

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/sitea/site-a.ini@5648
Revision 5648, 4.8 KB checked in by pjkersha, 11 years ago (diff)

ndg.security.server.attributeauthority.AttributeAuthority?: added samlAttributeQuery method and new AttributeInterface?.getAttributes plugin class method to enable SAML support as need for ESG.

Line 
1#
2# PasteDeploy ini file for Attribute Authority Unit tests Site A Server
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 12/09/08
7#
8# Copyright (C) 2009 Science and Technology Facilities Council
9#
10# BSD - See LICENCE file for details
11
12[DEFAULT]
13# WS-Security settings in THIS file
14wsseCfgFilePath = %(here)s/site-a.ini
15wsseCfgFileSection = WS-Security
16
17[server:main]
18use = egg:Paste#http
19host = 0.0.0.0
20port = 5000
21
22[app:mainApp]
23paste.app_factory = ndg.security.test.config.attributeauthority.sitea.siteAServerApp:app_factory
24
25# Chain of SOAP Middleware filters
26[pipeline:main]
27pipeline = wsseSignatureVerificationFilter
28                   AttributeAuthorityFilter
29                   wsseSignatureFilter
30                   mainApp
31
32
33[filter:AttributeAuthorityFilter]
34paste.filter_app_factory = ndg.security.server.wsgi.zsi:SOAPBindingMiddleware
35ServiceSOAPBindingClass = ndg.security.server.zsi.attributeauthority.AttributeAuthorityWS
36ServiceSOAPBindingPropPrefix = attributeAuthority
37attributeAuthority.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
38
39# Attribute Authority settings
40# 'name' setting MUST agree with map config file 'thisHost' name attribute
41attributeAuthority.name: Site A
42
43# Lifetime is measured in seconds
44attributeAuthority.attCertLifetime: 28800 
45
46# Allow an offset for clock skew between servers running
47# security services. NB, measured in seconds - use a minus sign for time in the
48# past
49attributeAuthority.attCertNotBeforeOff: 0
50
51# All Attribute Certificates issued are recorded in this dir
52attributeAuthority.attCertDir: %(here)s/attributeCertificateLog
53
54# Files in attCertDir are stored using a rotating file handler
55# attCertFileLogCnt sets the max number of files created before the first is
56# overwritten
57attributeAuthority.attCertFileName: ac.xml
58attributeAuthority.attCertFileLogCnt: 16
59attributeAuthority.dnSeparator:/
60
61# Location of role mapping file
62attributeAuthority.mapConfigFilePath: %(here)s/siteAMapConfig.xml
63
64# Settings for custom AttributeInterface derived class to get user roles for given
65# user ID
66attributeAuthority.attributeInterface.modFilePath: %(here)s
67attributeAuthority.attributeInterface.modName: siteAUserRoles
68attributeAuthority.attributeInterface.className: TestUserRoles
69
70# Config for XML signature of Attribute Certificate
71attributeAuthority.signingPriKeyFilePath: %(here)s/siteA-aa.key
72attributeAuthority.signingCertFilePath: %(here)s/siteA-aa.crt
73attributeAuthority.caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
74
75referencedFilters = wsseSignatureVerificationFilter01
76path = /AttributeAuthority
77enableWSDLQuery = True
78charset = utf-8
79
80[filter:wsseSignatureVerificationFilter]
81paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter
82filterID = wsseSignatureVerificationFilter01
83
84[filter:wsseSignatureFilter]
85paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter
86
87# Reference the verification filter in order to be able to apply signature
88# confirmation
89referencedFilters = wsseSignatureVerificationFilter01
90wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
91
92# Last filter in chain SOAP handlers writes the response
93writeResponse = True
94
95
96[WS-Security]
97#
98# OUTBOUND MESSAGE CONFIG
99
100# Signature of an outbound message
101
102# Certificate associated with private key used to sign a message.  The sign
103# method will add this to the BinarySecurityToken element of the WSSE header. 
104signingCertFilePath=%(here)s/siteA-aa.crt
105#signingCertFilePath=%(here)s/java-ca-server.crt
106
107# PEM encoded private key file
108signingPriKeyFilePath=%(here)s/siteA-aa.key
109#signingPriKeyFilePath=%(here)s/java-ca-server.key
110
111# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
112# signed message.  See __setReqBinSecTokValType method and binSecTokValType
113# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
114# give full namespace to alternative - see
115# ZSI.wstools.Namespaces.OASIS.X509TOKEN
116#
117# binSecTokValType determines whether signingCert or signingCertChain
118# attributes will be used.
119reqBinSecTokValType=X509v3
120
121# Add a timestamp element to an outbound message
122addTimestamp=True
123
124# For WSSE 1.1 - service returns signature confirmation containing signature
125# value sent by client
126applySignatureConfirmation=True
127
128#
129# INBOUND MESSAGE CONFIG
130
131# Provide a space separated list of file paths
132caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
133#caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt $NDGSEC_TEST_CONFIG_DIR/ca/java-ca.crt
134
135
136# Logging configuration
137[loggers]
138keys = root, ndg
139
140[handlers]
141keys = console
142
143[formatters]
144keys = generic
145
146[logger_root]
147level = INFO
148handlers = console
149
150[logger_ndg]
151level = DEBUG
152handlers =
153qualname = ndg
154
155[handler_console]
156class = StreamHandler
157args = (sys.stderr,)
158level = NOTSET
159formatter = generic
160
161[formatter_generic]
162format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
163datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.