source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/siteb/site-b.ini @ 5637

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/siteb/site-b.ini@5637
Revision 5637, 4.8 KB checked in by pjkersha, 11 years ago (diff)

Refactoring Attribute Authority for inclusion of SAML attribute query interface.

Line 
1#
2# PasteDeploy ini file for Attribute Authority Unit tests Site A Server
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 12/09/08
7#
8# Copyright (C) 2009 Science and Technology Facilities Council
9#
10# BSD - See LICENCE file for details
11
12[DEFAULT]
13# WS-Security settings in THIS file
14wsseCfgFilePath = %(here)s/site-b.ini
15wsseCfgFileSection = WS-Security
16
17# Attribute Authority settings
18# 'name' setting MUST agree with map config file 'thisHost' name attribute
19attributeAuthority.name: Site B
20
21# Lifetime is measured in seconds
22attributeAuthority.attCertLifetime: 28800 
23
24# Allow an offset for clock skew between servers running
25# security services. NB, measured in seconds - use a minus sign for time in the
26# past
27attributeAuthority.attCertNotBeforeOff: 0
28
29# All Attribute Certificates issued are recorded in this dir
30attributeAuthority.attCertDir: %(here)s/attributeCertificateLog
31
32# Files in attCertDir are stored using a rotating file handler
33# attCertFileLogCnt sets the max number of files created before the first is
34# overwritten
35attributeAuthority.attCertFileName: ac.xml
36attributeAuthority.attCertFileLogCnt: 16
37attributeAuthority.dnSeparator:/
38
39# Location of role mapping file
40attributeAuthority.mapConfigFilePath: %(here)s/siteBMapConfig.xml
41
42# Settings for custom AttributeInterface derived class to get user roles for given
43# user ID
44attributeAuthority.attributeInterface.modFilePath: %(here)s
45attributeAuthority.attributeInterface.modName: siteBUserRoles
46attributeAuthority.attributeInterface.className: TestUserRoles
47
48# Config for XML signature of Attribute Certificate
49attributeAuthority.signingPriKeyFilePath: %(here)s/siteB-aa.key
50attributeAuthority.signingCertFilePath: %(here)s/siteB-aa.crt
51attributeAuthority.caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
52
53[server:main]
54use = egg:Paste#http
55host = 0.0.0.0
56port = 5100
57
58[app:mainApp]
59paste.app_factory = ndg.security.test.config.attributeauthority.siteb.siteBServerApp:app_factory
60
61# Chain of SOAP Middleware filters
62[pipeline:main]
63pipeline = wsseSignatureVerificationFilter AttributeAuthorityFilter wsseSignatureFilter mainApp
64
65
66[filter:AttributeAuthorityFilter]
67paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware
68ServiceSOAPBindingClass = ndg.security.server.zsi.attributeauthority.AttributeAuthorityWS
69ServiceSOAPBindingPropPrefix = AttributeAuthority
70AttributeAuthority.propPrefix = attributeAuthority
71AttributeAuthority.propFilePath = %(here)s/site-b.ini
72AttributeAuthority.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
73referencedFilters = wsseSignatureVerificationFilter01
74path = /AttributeAuthority
75enableWSDLQuery = True
76charset = utf-8
77
78[filter:wsseSignatureVerificationFilter]
79paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter
80filterID = wsseSignatureVerificationFilter01
81
82[filter:wsseSignatureFilter]
83paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter
84
85# Reference the verification filter in order to be able to apply signature
86# confirmation - not needed if applySignatureConfirmation is set to False - see
87# WS-Security section below...
88#referencedFilters = wsseSignatureVerificationFilter01
89#wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
90
91# Last filter in chain SOAP handlers writes the response
92writeResponse = True
93
94
95[WS-Security]
96#
97# OUTBOUND MESSAGE CONFIG
98
99# Signature of an outbound message
100
101# Certificate associated with private key used to sign a message.  The sign
102# method will add this to the BinarySecurityToken element of the WSSE header. 
103signingCertFilePath=%(here)s/siteB-aa.crt
104
105# PEM encoded private key file
106signingPriKeyFilePath=%(here)s/siteB-aa.key
107
108# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
109# signed message.  See __setReqBinSecTokValType method and binSecTokValType
110# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
111# give full namespace to alternative - see
112# ZSI.wstools.Namespaces.OASIS.X509TOKEN
113#
114# binSecTokValType determines whether signingCert or signingCertChain
115# attributes will be used.
116reqBinSecTokValType=X509v3
117
118# Add a timestamp element to an outbound message
119addTimestamp=True
120
121# For WSSE 1.1 - service returns signature confirmation containing signature
122# value sent by client
123applySignatureConfirmation=False
124
125#
126# INBOUND MESSAGE CONFIG
127
128# Provide a space separated list of file paths
129caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
130
131# Logging configuration
132[loggers]
133keys = root, ndg
134
135[handlers]
136keys = console
137
138[formatters]
139keys = generic
140
141[logger_root]
142level = INFO
143handlers = console
144
145[logger_ndg]
146level = DEBUG
147handlers =
148qualname = ndg
149
150[handler_console]
151class = StreamHandler
152args = (sys.stderr,)
153level = NOTSET
154formatter = generic
155
156[formatter_generic]
157format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
158datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.