source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/siteb/site-b.ini @ 5648

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/attributeauthority/siteb/site-b.ini@5648
Revision 5648, 4.7 KB checked in by pjkersha, 11 years ago (diff)

ndg.security.server.attributeauthority.AttributeAuthority?: added samlAttributeQuery method and new AttributeInterface?.getAttributes plugin class method to enable SAML support as need for ESG.

Line 
1#
2# PasteDeploy ini file for Attribute Authority Unit tests Site A Server
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 12/09/08
7#
8# Copyright (C) 2009 Science and Technology Facilities Council
9#
10# BSD - See LICENCE file for details
11
12[DEFAULT]
13# WS-Security settings in THIS file
14wsseCfgFilePath = %(here)s/site-b.ini
15wsseCfgFileSection = WS-Security
16
17[server:main]
18use = egg:Paste#http
19host = 0.0.0.0
20port = 5100
21
22[app:mainApp]
23paste.app_factory = ndg.security.test.config.attributeauthority.siteb.siteBServerApp:app_factory
24
25# Chain of SOAP Middleware filters
26[pipeline:main]
27pipeline = wsseSignatureVerificationFilter AttributeAuthorityFilter wsseSignatureFilter mainApp
28
29
30[filter:AttributeAuthorityFilter]
31paste.filter_app_factory = ndg.security.server.wsgi.zsi:SOAPBindingMiddleware
32ServiceSOAPBindingClass = ndg.security.server.zsi.attributeauthority.AttributeAuthorityWS
33ServiceSOAPBindingPropPrefix = attributeAuthority
34attributeAuthority.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
35
36# Attribute Authority settings
37# 'name' setting MUST agree with map config file 'thisHost' name attribute
38attributeAuthority.name: Site B
39
40# Lifetime is measured in seconds
41attributeAuthority.attCertLifetime: 28800 
42
43# Allow an offset for clock skew between servers running
44# security services. NB, measured in seconds - use a minus sign for time in the
45# past
46attributeAuthority.attCertNotBeforeOff: 0
47
48# All Attribute Certificates issued are recorded in this dir
49attributeAuthority.attCertDir: %(here)s/attributeCertificateLog
50
51# Files in attCertDir are stored using a rotating file handler
52# attCertFileLogCnt sets the max number of files created before the first is
53# overwritten
54attributeAuthority.attCertFileName: ac.xml
55attributeAuthority.attCertFileLogCnt: 16
56attributeAuthority.dnSeparator:/
57
58# Location of role mapping file
59attributeAuthority.mapConfigFilePath: %(here)s/siteBMapConfig.xml
60
61# Settings for custom AttributeInterface derived class to get user roles for given
62# user ID
63attributeAuthority.attributeInterface.modFilePath: %(here)s
64attributeAuthority.attributeInterface.modName: siteBUserRoles
65attributeAuthority.attributeInterface.className: TestUserRoles
66
67# Config for XML signature of Attribute Certificate
68attributeAuthority.signingPriKeyFilePath: %(here)s/siteB-aa.key
69attributeAuthority.signingCertFilePath: %(here)s/siteB-aa.crt
70attributeAuthority.caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
71
72referencedFilters = wsseSignatureVerificationFilter01
73path = /AttributeAuthority
74enableWSDLQuery = True
75charset = utf-8
76
77[filter:wsseSignatureVerificationFilter]
78paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter
79filterID = wsseSignatureVerificationFilter01
80
81[filter:wsseSignatureFilter]
82paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter
83
84# Reference the verification filter in order to be able to apply signature
85# confirmation - not needed if applySignatureConfirmation is set to False - see
86# WS-Security section below...
87#referencedFilters = wsseSignatureVerificationFilter01
88#wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
89
90# Last filter in chain SOAP handlers writes the response
91writeResponse = True
92
93
94[WS-Security]
95#
96# OUTBOUND MESSAGE CONFIG
97
98# Signature of an outbound message
99
100# Certificate associated with private key used to sign a message.  The sign
101# method will add this to the BinarySecurityToken element of the WSSE header. 
102signingCertFilePath=%(here)s/siteB-aa.crt
103
104# PEM encoded private key file
105signingPriKeyFilePath=%(here)s/siteB-aa.key
106
107# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
108# signed message.  See __setReqBinSecTokValType method and binSecTokValType
109# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
110# give full namespace to alternative - see
111# ZSI.wstools.Namespaces.OASIS.X509TOKEN
112#
113# binSecTokValType determines whether signingCert or signingCertChain
114# attributes will be used.
115reqBinSecTokValType=X509v3
116
117# Add a timestamp element to an outbound message
118addTimestamp=True
119
120# For WSSE 1.1 - service returns signature confirmation containing signature
121# value sent by client
122applySignatureConfirmation=False
123
124#
125# INBOUND MESSAGE CONFIG
126
127# Provide a space separated list of file paths
128caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
129
130# Logging configuration
131[loggers]
132keys = root, ndg
133
134[handlers]
135keys = console
136
137[formatters]
138keys = generic
139
140[logger_root]
141level = INFO
142handlers = console
143
144[logger_ndg]
145level = DEBUG
146handlers =
147qualname = ndg
148
149[handler_console]
150class = StreamHandler
151args = (sys.stderr,)
152level = NOTSET
153formatter = generic
154
155[formatter_generic]
156format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
157datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.