source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/sessionmanager/session-manager.ini @ 4737

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/config/sessionmanager/session-manager.ini@4737
Revision 4737, 8.3 KB checked in by pjkersha, 11 years ago (diff)

Refactored Session Manager Client unit tests separating out test files into the config dir.

Line 
1#
2# PasteDeploy ini file for Session Manager Unit tests
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 01/10/08
7#
8# Copyright (C) 2008 STFC & NERC
9#
10# This software may be distributed under the terms of the Q Public License,
11# version 1.0 or later.
12
13[DEFAULT]
14# WS-Security settings in THIS file to enable the Signature Handler to verify
15# incoming messages and sign outbound messages. 
16wsseCfgFilePath = %(here)s/session-manager.ini
17wsseCfgFileSection = WS-Security
18
19# Session Manager specific settings - commented out settings will take their
20# default settings.  To override the defaults uncomment and set as required.
21# See ndg.security.server.sessionMgr.SessionMgr class for details
22
23# Flag for SSL - set to something to stipulate http, leave blank to use http
24#sessionManager.useSSL:
25
26# X.509 certificate for SSL connections - ignored if useSSL is blank
27#sessionManager.sslCertFile:
28
29# Private key file for SSL  - ignored if useSSL is blank
30#sessionManager.sslKeyFile:
31
32# Directory containing CA cert.s to verify SSL peer cert against - ignored if
33# useSSL is blank
34#sessionManager.sslCACertDir: $NDGSEC_UNITTEST_CONFIG_DIR/ca
35
36# Credential Wallet Settings - global to all user sessions
37#
38# CA certificates for Attribute Certificate signature validation
39sessionManager.credentialWallet.caCertFilePathList=$NDGSEC_UNITTEST_CONFIG_DIR/ca/ndg-test-ca.crt
40
41# CA certificates for SSL connection peer cert. validation - required if
42# connecting to an Attribute Authority over SSL
43sessionManager.credentialWallet.sslCACertFilePathList=$NDGSEC_UNITTEST_CONFIG_DIR/ca/ndg-test-ca.crt
44
45# Allow Get Attribute Certificate calls to try to get a mapped certificate
46# from another organisation trusted by the target Attribute Authority
47sessionManager.credentialWallet.mapFromTrustedHosts=True
48sessionManager.credentialWallet.rtnExtAttCertList=True
49
50# Refresh an Attribute Certificate, if an existing one in the wallet has only
51# this length of time left before it expires
52credentialWallet.attCertRefreshElapse=7200
53
54# Pointer to WS-Security settings.  These WS-Security settings are for use
55# by user credential wallets held in user sessions hosted by the Session
56# Manager.  They enable individual wallets to query Attribute Authorities for
57# user Attribute Certificates.  Nb. the difference between these settings and
58# the WS-Security section for handling requests to the Session Manager.
59#
60# Settings are identified by a prefix. 
61sessionManager.credentialWallet.wssCfgPrefix=sessionManager.credentialWallet.wssecurity
62
63# ...A section name could also be used.
64#sessionManager.credentialWallet.wssCfgSection=
65
66# SOAP Signature Handler settings for the Credential Wallet's Attribute
67# Authority interface
68#
69# CA Certificates used to verify X.509 certs used in Attribute Certificates.
70# The CA certificates of other NDG trusted sites should go here.  NB, multiple
71# values should be delimited by a space
72sessionManager.credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_UNITTEST_CONFIG_DIR/ca/ndg-test-ca.crt
73
74# Signature of an outbound message
75#
76# Certificate associated with private key used to sign a message.  The sign
77# method will add this to the BinarySecurityToken element of the WSSE header. 
78# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
79# As an alternative, use signingCertChain - see below...
80
81# PEM encoded cert
82sessionManager.credentialWallet.wssecurity.signingCertFilePath: %(here)s/sm.crt
83
84# ... or provide file path to PEM encoded private key file
85sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: %(here)s/sm.key
86
87# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
88# signed message.  See __setReqBinSecTokValType method and binSecTokValType
89# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
90# give full namespace to alternative - see
91# ZSI.wstools.Namespaces.OASIS.X509TOKEN
92#
93# binSecTokValType determines whether signingCert or signingCertChain
94# attributes will be used.
95sessionManager.credentialWallet.wssecurity.reqBinSecTokValType: X509v3
96
97# Add a timestamp element to an outbound message
98sessionManager.credentialWallet.wssecurity.addTimestamp: True
99
100# For WSSE 1.1 - service returns signature confirmation containing signature
101# value sent by client
102sessionManager.credentialWallet.wssecurity.applySignatureConfirmation: True
103
104# Authentication service properties
105sessionManager.authNService.moduleFilePath: 
106sessionManager.authNService.moduleName: ndg.security.test.config.sessionmanager.userx509certauthn
107sessionManager.authNService.className: UserX509CertAuthN
108
109# Specific settings for UserCertAuthN Session Manager authentication plugin
110# This sets up PKI credentials for a single test account
111sessionManager.authNService.userX509CertFilePath: %(here)s/user.crt
112sessionManager.authNService.userPriKeyFilePath: %(here)s/user.key
113sessionManager.authNService.userPriKeyPwd: testpassword
114
115# Settings for the Credential Repository - NullCredRepos is
116#sessionManager.credentialRepository.modFilePath:
117#sessionManager.credentialRepository.modName: ndg.security.common.CredWallet
118#sessionManager.credentialRepository.className: NullCredRepos
119#sessionManager.credentialRepository.propFile:
120
121[server:main]
122use = egg:Paste#http
123host = 0.0.0.0
124port = 5500
125
126[app:mainApp]
127paste.app_factory = ndg.security.test.config.sessionmanager.sessionManagerServerApp:app_factory
128
129# Chain of SOAP Middleware filters
130[pipeline:main]
131pipeline = wsseSignatureVerificationFilter
132           SessionManagerFilter
133           wsseSignatureFilter
134           mainApp
135
136
137[filter:SessionManagerFilter]
138paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware
139ServiceSOAPBindingClass = ndg.security.server.zsi.sessionmanager.SessionManagerWS
140ServiceSOAPBindingPropPrefix = SessionManager
141SessionManager.propPrefix = sessionManager
142SessionManager.propFilePath = %(here)s/session-manager.ini
143SessionManager.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
144referencedFilters = wsseSignatureVerificationFilter01
145path = /SessionManager
146enableWSDLQuery = True
147charset = utf-8
148
149[filter:wsseSignatureVerificationFilter]
150paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter
151filterID = wsseSignatureVerificationFilter01
152
153[filter:wsseSignatureFilter]
154paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter
155
156# Reference the verification filter in order to be able to apply signature
157# confirmation
158referencedFilters = wsseSignatureVerificationFilter01
159wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
160
161# Last filter in chain SOAP handlers writes the response
162writeResponse = True
163
164
165[WS-Security]
166#
167# OUTBOUND MESSAGE CONFIG
168
169# Signature of an outbound message
170
171# Certificate associated with private key used to sign a message.  The sign
172# method will add this to the BinarySecurityToken element of the WSSE header. 
173signingCertFilePath=%(here)s/sm.crt
174#signingCertFilePath=%(here)s/java-ca-server.crt
175
176# PEM encoded private key file
177signingPriKeyFilePath=%(here)s/sm.key
178#signingPriKeyFilePath=%(here)s/java-ca-server.key
179
180# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
181# signed message.  See __setReqBinSecTokValType method and binSecTokValType
182# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
183# give full namespace to alternative - see
184# ZSI.wstools.Namespaces.OASIS.X509TOKEN
185#
186# binSecTokValType determines whether signingCert or signingCertChain
187# attributes will be used.
188reqBinSecTokValType=X509v3
189
190# Add a timestamp element to an outbound message
191addTimestamp=True
192
193# For WSSE 1.1 - service returns signature confirmation containing signature
194# value sent by client
195applySignatureConfirmation=True
196
197#
198# INBOUND MESSAGE CONFIG
199
200# Provide a space separated list of file paths
201caCertFilePathList=$NDGSEC_UNITTEST_CONFIG_DIR/ca/ndg-test-ca.crt
202#caCertFilePathList=$NDGSEC_UNITTEST_CONFIG_DIR/ca/ndg-test-ca.crt $NDGSEC_UNITTEST_CONFIG_DIR/ca/java-ca.crt
203
204
205# Logging configuration
206[loggers]
207keys = root, ndg
208
209[handlers]
210keys = console
211
212[formatters]
213keys = generic
214
215[logger_root]
216level = INFO
217handlers = console
218
219[logger_ndg]
220level = DEBUG
221handlers =
222qualname = ndg
223
224[handler_console]
225class = StreamHandler
226args = (sys.stderr,)
227level = NOTSET
228formatter = generic
229
230[formatter_generic]
231format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
232datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.