source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securityservices.ini @ 5648

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securityservices.ini@5648
Revision 5648, 23.1 KB checked in by pjkersha, 11 years ago (diff)

ndg.security.server.attributeauthority.AttributeAuthority?: added samlAttributeQuery method and new AttributeInterface?.getAttributes plugin class method to enable SAML support as need for ESG.

Line 
1#
2# NERC DataGrid Security
3#
4# Paste configuration for combined Session Manager, Attribute Authority,
5# OpenID Relying Party and Provider services
6#
7# The %(here)s variable will be replaced with the parent directory of this file
8#
9# Author: P J Kershaw
10# date: 26/02/09
11# Copyright: (C) 2009 Science and Technology Facilities Council
12# license: BSD - see LICENSE file in top-level directory
13# Contact: Philip.Kershaw@stfc.ac.uk
14# Revision: $Id$
15
16[DEFAULT]
17portNum = 7443
18hostname = localhost
19scheme = http
20baseURI = %(scheme)s://%(hostname)s:%(portNum)s
21openIDProviderIDBase = /openid
22openIDProviderIDSelectURI = %(baseURI)s%(openIDProviderIDBase)s
23testConfigDir = %(here)s/../../config
24sessionManagerPath = /SessionManager
25sessionManagerURI = %(baseURI)s%(sessionManagerPath)s
26openid.ax.sessionManagerURI.typeURI=urn:ndg:security:openid:sessionManagerURI
27openid.ax.sessionId.typeURI=urn:ndg:security:openid:sessionId
28
29#______________________________________________________________________________
30# Attribute Authority settings
31# 'name' setting MUST agree with map config file 'thisHost' name attribute
32attributeAuthority.name: Site A
33
34# Lifetime is measured in seconds
35attributeAuthority.attCertLifetime: 28800 
36
37# Allow an offset for clock skew between servers running
38# security services. NB, measured in seconds - use a minus sign for time in the
39# past
40attributeAuthority.attCertNotBeforeOff: 0
41
42# All Attribute Certificates issued are recorded in this dir
43attributeAuthority.attCertDir: %(testConfigDir)s/attributeauthority/sitea/attributeCertificateLog
44
45# Files in attCertDir are stored using a rotating file handler
46# attCertFileLogCnt sets the max number of files created before the first is
47# overwritten
48attributeAuthority.attCertFileName: ac.xml
49attributeAuthority.attCertFileLogCnt: 16
50attributeAuthority.dnSeparator:/
51
52# Location of role mapping file
53attributeAuthority.mapConfigFilePath: %(testConfigDir)s/attributeauthority/sitea/siteAMapConfig.xml
54
55# Settings for custom AttributeInterface derived class to get user roles for given
56# user ID
57#attributeAuthority.attributeInterface.modFilePath: %(testConfigDir)s/attributeauthority/sitea
58attributeAuthority.attributeInterface.modName: ndg.security.test.integration.authz.attributeinterface
59attributeAuthority.attributeInterface.className: TestUserRoles
60
61# Config for XML signature of Attribute Certificate
62attributeAuthority.signingPriKeyFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.key
63attributeAuthority.signingCertFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.crt
64attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt
65
66#______________________________________________________________________________
67# Session Manager specific settings - commented out settings will take their
68# default settings.  To override the defaults uncomment and set as required.
69# See ndg.security.server.sessionmanager module for details
70
71# Credential Wallet Settings - global to all user sessions
72#
73# CA certificates for Attribute Certificate signature validation
74sessionManager.credentialWallet.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
75
76# CA certificates for SSL connection peer cert. validation - required if
77# connecting to an Attribute Authority over SSL
78sessionManager.credentialWallet.sslCACertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
79
80# Allow Get Attribute Certificate calls to try to get a mapped certificate
81# from another organisation trusted by the target Attribute Authority
82sessionManager.credentialWallet.mapFromTrustedHosts=True
83sessionManager.credentialWallet.rtnExtAttCertList=True
84
85# Refresh an Attribute Certificate, if an existing one in the wallet has only
86# this length of time left before it expires
87credentialWallet.attCertRefreshElapse=7200
88
89# Pointer to WS-Security settings.  These WS-Security settings are for use
90# by user credential wallets held in user sessions hosted by the Session
91# Manager.  They enable individual wallets to query Attribute Authorities for
92# user Attribute Certificates.  Nb. the difference between these settings and
93# the WS-Security section for handling requests to the Session Manager.
94#
95# Settings are identified by a prefix. 
96sessionManager.credentialWallet.wssCfgPrefix=sessionManager.credentialWallet.wssecurity
97
98# ...A section name could also be used.
99#sessionManager.credentialWallet.wssCfgSection=
100
101# SOAP Signature Handler settings for the Credential Wallet's Attribute
102# Authority interface
103#
104# CA Certificates used to verify X.509 certs used in Attribute Certificates.
105# The CA certificates of other NDG trusted sites should go here.  NB, multiple
106# values should be delimited by a space
107sessionManager.credentialWallet.wssecurity.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt
108
109# Signature of an outbound message
110#
111# Certificate associated with private key used to sign a message.  The sign
112# method will add this to the BinarySecurityToken element of the WSSE header. 
113# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
114# As an alternative, use signingCertChain - see below...
115
116# PEM encoded cert
117sessionManager.credentialWallet.wssecurity.signingCertFilePath: %(testConfigDir)s/sessionmanager/sm.crt
118
119# ... or provide file path to PEM encoded private key file
120sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: %(testConfigDir)s/sessionmanager/sm.key
121
122# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
123# signed message.  See __setReqBinSecTokValType method and binSecTokValType
124# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
125# give full namespace to alternative - see
126# ZSI.wstools.Namespaces.OASIS.X509TOKEN
127#
128# binSecTokValType determines whether signingCert or signingCertChain
129# attributes will be used.
130sessionManager.credentialWallet.wssecurity.reqBinSecTokValType: X509v3
131
132# Add a timestamp element to an outbound message
133sessionManager.credentialWallet.wssecurity.addTimestamp: True
134
135# For WSSE 1.1 - service returns signature confirmation containing signature
136# value sent by client
137sessionManager.credentialWallet.wssecurity.applySignatureConfirmation: True
138
139# Authentication service properties
140sessionManager.authNService.moduleFilePath: 
141sessionManager.authNService.moduleName: ndg.security.test.config.sessionmanager.userx509certauthn
142sessionManager.authNService.className: UserX509CertAuthN
143
144# Specific settings for UserCertAuthN Session Manager authentication plugin
145# This sets up PKI credentials for a single test account
146sessionManager.authNService.userX509CertFilePath: %(testConfigDir)s/pki/user.crt
147sessionManager.authNService.userPriKeyFilePath: %(testConfigDir)s/pki/user.key
148sessionManager.authNService.userPriKeyPwd: testpassword
149
150[server:main]
151use = egg:Paste#http
152host = 0.0.0.0
153port = %(portNum)s
154
155[filter-app:OpenIDProviderFilterApp]
156use = egg:Paste#httpexceptions
157next = cascade
158
159# Composite for OpenID Provider to enable settings for picking up static
160# content
161[composit:cascade]
162use = egg:Paste#cascade
163app1 = OpenIDProviderStaticContent
164app2 = OpenIDProviderApp
165catch = 404
166
167[app:OpenIDProviderStaticContent]
168use = egg:Paste#static
169document_root = %(here)s/openidprovider
170
171[pipeline:main]
172pipeline = wsseSignatureVerificationFilter
173                   AttributeAuthorityFilter
174           SessionManagerFilter
175           wsseSignatureFilter
176                   SessionMiddlewareFilter
177                   OpenIDRelyingPartyFilter
178                   OpenIDProviderApp
179
180#______________________________________________________________________________
181# Beaker Session Middleware (used by OpenID Provider Filter)
182[filter:SessionMiddlewareFilter]
183paste.filter_app_factory=beaker.middleware:SessionMiddleware
184beaker.session.key = openid
185beaker.session.secret = qKEdQdCr33NE087dRUWX3qUv5r7AsuQU
186# These options enable cookie only type sessions with the cookie content
187# encrypted
188#beaker.session.type = cookie
189#beaker.session.validate_key = 0123456789abcdef
190#beaker.session.encrypt_key = fedcba9876543210
191
192# If you'd like to fine-tune the individual locations of the cache data dirs
193# for the Cache data, or the Session saves, un-comment the desired settings
194# here:
195beaker.cache.data_dir = %(here)s/openidprovider/beaker/cache
196beaker.session.data_dir = %(here)s/openidprovider/beaker/sessions
197beaker.session.cookie_expires = True
198
199[filter:OpenIDRelyingPartyFilter]
200paste.filter_app_factory = 
201        ndg.security.server.wsgi.openid.relyingparty:OpenIDRelyingPartyMiddleware.filter_app_factory
202
203openid.relyingparty.sessionKey = beaker.session
204openid.relyingparty.baseURL = %(authkit.openid.baseurl)s
205openid.relyingparty.certFilePath = %(testConfigDir)s/pki/localhost.crt
206openid.relyingparty.priKeyFilePath = %(testConfigDir)s/pki/localhost.key
207openid.relyingparty.priKeyPwd = 
208openid.relyingparty.caCertDirPath = %(testConfigDir)s/ca
209openid.relyingparty.providerWhitelistFilePath =
210#openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.test.integration.openid.openidrelyingparty.signin_interface.CombinedSigninAndLoginInterface
211#openid.relyingparty.signinInterface.templatePackage = ndg.security.test.integration.openid.openidrelyingparty.templates
212openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate
213openid.relyingparty.signinInterface.templatePackage = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.templates
214openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public
215openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s
216openid.relyingparty.signinInterface.initialOpenID = %(openIDProviderIDSelectURI)s
217openid.relyingparty.signinInterface.leftLogo = %(openid.relyingparty.signinInterface.baseURL)s/layout/NERC_Logo.gif
218openid.relyingparty.signinInterface.leftAlt = Natural Environment Research Council
219openid.relyingparty.signinInterface.ndgLink = http://ndg.nerc.ac.uk/
220openid.relyingparty.signinInterface.ndgImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/ndg_logo_circle.gif
221openid.relyingparty.signinInterface.disclaimer = This site is for test purposes only and is under active development.
222openid.relyingparty.signinInterface.stfcLink = http://www.stfc.ac.uk/
223openid.relyingparty.signinInterface.stfcImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/stfc-circle-sm.gif
224openid.relyingparty.signinInterface.helpIcon = %(openid.relyingparty.signinInterface.baseURL)s/layout/icons/help.png
225
226cache_dir = %(here)s/data
227
228# AuthKit Set-up
229authkit.setup.method=openid, cookie
230
231# This cookie name and secret MUST agree with the name used by the
232# Authentication Filter used to secure a given app
233authkit.cookie.name=ndg.security.auth
234authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
235authkit.cookie.signoutpath = /logout
236
237# Disable inclusion of client IP address from cookie signature due to
238# suspected problem with AuthKit setting it when a HTTP Proxy is in place
239authkit.cookie.includeip = False
240
241authkit.openid.path.signedin=/
242authkit.openid.store.type=file
243authkit.openid.store.config=%(here)s/openidrelyingparty/store
244authkit.openid.session.key = authkit_openid
245authkit.openid.session.secret = random string
246
247authkit.openid.baseurl = %(baseURI)s
248
249authkit.openid.ax.typeuri.sessionManagerURI=%(openid.ax.sessionManagerURI.typeURI)s
250authkit.openid.ax.required.sessionManagerURI=True
251authkit.openid.ax.alias.sessionManagerURI=sessionManagerURI
252
253authkit.openid.ax.typeuri.sessionId=%(openid.ax.sessionId.typeURI)s
254authkit.openid.ax.required.sessionId=True
255authkit.openid.ax.alias.sessionId=sessionId
256
257# Template for signin
258#authkit.openid.template.obj =
259
260# Handler for parsing OpenID and creating a session from it
261#authkit.openid.urltouser =
262
263#______________________________________________________________________________
264# OpenID Provider WSGI Settings
265[app:OpenIDProviderApp]
266paste.app_factory=ndg.security.server.wsgi.openid.provider:OpenIDProviderMiddleware.app_factory
267openid.provider.path.openidserver=/OpenID/Provider/server
268openid.provider.path.login=/OpenID/Provider/login
269openid.provider.path.loginsubmit=/OpenID/Provider/loginsubmit
270
271# Yadis based discovery only - the 'id' path is configured to return 404 not
272# found - see ndg.security.server.wsgi.openid.provider.renderinginterface.
273# buffet.BuffetRendering class
274openid.provider.path.id=/OpenID/Provider/id/${userIdentifier}
275openid.provider.path.yadis=%(openIDProviderIDBase)s/${userIdentifier}
276
277# Yadis based discovery for idselect mode - this is where the user has entered
278# a URI at the Relying Party which identifies their Provider only and not their
279# full ID URI.  e.g. https://badc.nerc.ac.uk instead of
280# https://badc.nerc.ac.uk/John
281openid.provider.path.serveryadis=%(openIDProviderIDBase)s
282openid.provider.path.allow=/OpenID/Provider/allow
283openid.provider.path.decide=/OpenID/Provider/decide
284openid.provider.path.mainpage=/OpenID/Provider/home
285
286openid.provider.session_middleware=beaker.session
287openid.provider.base_url=%(baseURI)s
288openid.provider.trace=False
289openid.provider.consumer_store_dirpath=%(here)s/openidprovider
290openid.provider.renderingClass=ndg.security.server.wsgi.openid.provider.renderinginterface.buffet.BuffetRendering
291#openid.provider.renderingClass=ndg.security.server.wsgi.openid.provider.DemoRenderingInterface
292
293openid.provider.rendering.templateType = kid
294openid.provider.rendering.templateRoot = ndg.security.server.wsgi.openid.provider.renderinginterface.buffet.templates
295openid.provider.rendering.kid.assume_encoding= utf-8
296openid.provider.rendering.kid.encoding = utf-8
297
298# Layout
299openid.provider.rendering.baseURL = %(openid.provider.base_url)s
300openid.provider.rendering.leftLogo = %(openid.provider.rendering.baseURL)s/layout/NERC_Logo.gif
301openid.provider.rendering.leftAlt = Natural Environment Research Council
302openid.provider.rendering.ndgLink = http://ndg.nerc.ac.uk/
303openid.provider.rendering.ndgImage = %(openid.provider.rendering.baseURL)s/layout/ndg_logo_circle.gif
304openid.provider.rendering.disclaimer = This site is for test purposes only and is under active development.
305openid.provider.rendering.stfcLink = http://www.stfc.ac.uk/
306openid.provider.rendering.stfcImage = %(openid.provider.rendering.baseURL)s/layout/stfc-circle-sm.gif
307openid.provider.rendering.helpIcon = %(openid.provider.rendering.baseURL)s/layout/icons/help.png
308
309
310openid.provider.axResponse.class=ndg.security.server.wsgi.openid.provider.axinterface.sessionmanager.SessionManagerAXInterface
311openid.provider.axResponse.sessionManagerURI=%(sessionManagerURI)s
312openid.provider.axResponse.sessionManagerURITypeURI=%(openid.ax.sessionManagerURI.typeURI)s
313openid.provider.axResponse.sessionIdTypeURI=%(openid.ax.sessionId.typeURI)s
314
315# Basic Authentication interface to demonstrate capabilities
316#openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicAuthNInterface
317#openid.provider.authN.userCreds=pjk:test
318#openid.provider.authN.username2UserIdentifiers=pjk:PhilipKershaw,P.J.Kershaw
319
320# Link Authentication to a Session Manager instance running in the same WSGI
321# stack or on a remote service
322openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.sessionmanager.SessionManagerOpenIDAuthNInterface
323
324# Omit or leave as blank if the Session Manager is accessible locally in the
325# same WSGI stack.
326#openid.provider.authN.sessionManagerURI=
327
328# environ dictionary key to Session Manager WSGI instance held locally.  The
329# setting below is the default and can be omitted if it matches the filterID
330# set for the Session Manager
331openid.provider.authN.environKeyName=filter:SessionManagerFilter
332
333# Database connection to enable check between username and OpenID identifier
334#openid.provider.authN.connectionString: postgres://postgres:testpassword@%(hostname)s/testUserDb
335#openid.provider.authN.logonSQLQuery: select username from openid where username = '$username' and ident = '$userIdentifier'
336#openid.provider.authN.userIdentifiersSQLQuery: select distinct ident from openid where username = '$username'
337
338## Basic Authentication but linking to a Session Manager
339openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicSessionManagerOpenIDAuthNInterface
340
341# Connect to a Session Manager at a given URI or see next...
342openid.provider.authN.sessionManagerURI=
343
344# environ dictionary key to Session Manager WSGI instance held locally. 
345# The setting below is the default and can be omitted if it matches the
346# filterID set for the Session Manager
347openid.provider.authN.environKeyName=filter:SessionManagerFilter
348
349# Link usernames for login to the OpenID identifiers they correspond to.
350# See openid.provider.path.id with $userIdentifier setting
351openid.provider.authN.username2UserIdentifiers=pjk:PhilipKershaw,P.J.Kershaw another:A.N.Other
352
353# Basic authentication for testing/admin - comma delimited list of
354# <username>:<password> pairs
355#openid.provider.usercreds=pjk:test
356
357#______________________________________________________________________________
358# Attribute Authority WSGI settings
359#
360[filter:AttributeAuthorityFilter]
361# This filter is a container for a binding to a SOAP based interface to the
362# Attribute Authority
363paste.filter_app_factory = ndg.security.server.wsgi.zsi:SOAPBindingMiddleware
364
365# Use this ZSI generated SOAP service interface class to handle i/o for this
366# filter
367ServiceSOAPBindingClass = ndg.security.server.zsi.attributeauthority.AttributeAuthorityWS
368
369# SOAP Binding Class specific keywords are in this section identified by this
370# prefix:
371ServiceSOAPBindingPropPrefix = AttributeAuthority
372
373# The AttributeAuthority class has settings in the default section above
374# identified by this prefix:
375AttributeAuthority.propPrefix = attributeAuthority
376AttributeAuthority.propFilePath = %(here)s/securityservices.ini
377AttributeAuthority.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter
378
379# Provide an identifier for this filter so that main WSGI app
380# CombinedServicesWSGI Session Manager filter can call this Attribute Authority
381# directly
382referencedFilters = filter:wsseSignatureVerificationFilter
383
384# Path from URL for Attribute Authority in this Paste deployment
385path = /AttributeAuthority
386
387# External endpoint for this Attribute Authority - must agree with setting used
388# to invoke this service set in:
389# * serverapp.py
390# * or port in [server:main] if calling with paster serve securityservices.ini
391# * or something else e.g. proxied through Apache?
392# This setting is used by Attribute Authority clients in this WSGI stack to see
393# if a request is being made to the local service or to another Attribute
394# Authority running elsewhere
395publishedURI = %(baseURI)s%(path)s
396
397# Enable ?wsdl query argument to list the WSDL content
398enableWSDLQuery = True
399charset = utf-8
400filterID = %(__name__)s
401
402#______________________________________________________________________________
403# Session Manager WSGI settings
404#
405[filter:SessionManagerFilter]
406# This filter is a container for a binding to a SOAP based interface to the
407# Session Manager
408paste.filter_app_factory = ndg.security.server.wsgi.zsi:SOAPBindingMiddleware
409
410# Use this ZSI generated SOAP service interface class to handle i/o for this
411# filter
412ServiceSOAPBindingClass = ndg.security.server.zsi.sessionmanager.SessionManagerWS
413
414# SOAP Binding Class specific keywords are in this section identified by this
415# prefix:
416ServiceSOAPBindingPropPrefix = SessionManager
417
418# The SessionManager class has settings in the default section above identified
419# by this prefix:
420SessionManager.propPrefix = sessionManager
421SessionManager.propFilePath = %(here)s/securityservices.ini
422
423# This filter references other filters - a local Attribute Authority (optional)
424# and a WS-Security signature verification filter (required if using signature
425# to authenticate user in requests
426SessionManager.attributeAuthorityFilterID = filter:AttributeAuthorityFilter
427SessionManager.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter
428
429# The SessionManagerWS SOAP interface class needs to know about these other
430# filters
431referencedFilters = filter:wsseSignatureVerificationFilter
432                                        filter:AttributeAuthorityFilter
433
434# Path from URI for Session Manager in this Paste deployment
435path = %(sessionManagerPath)s
436
437# External endpoint for this Session Manager - must agree with setting used to
438# invoke this service set in:
439# * securityservicesapp.py
440# * or port in [server:main] if calling with paster serve securityservices.ini
441# * or something else e.g. proxied through Apache?
442# This setting is used by Session Manager clients in this WSGI stack to see if
443# a request is being made to the local service or to another session manager
444# running elsewhere
445publishedURI = %(sessionManagerURI)s
446
447# Enable ?wsdl query argument to list the WSDL content
448enableWSDLQuery = True
449charset = utf-8
450
451# Provide an identifier for this filter so that main WSGI app
452# CombinedServicesWSGI can call this Session Manager directly
453filterID = %(__name__)s
454
455#______________________________________________________________________________
456# WS-Security Signature Verification
457[filter:wsseSignatureVerificationFilter]
458paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter
459filterID = %(__name__)s
460
461# Settings for WS-Security SignatureHandler class used by this filter
462wsseCfgFilePrefix = wssecurity
463
464# Verify against known CAs - Provide a space separated list of file paths
465wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
466
467#______________________________________________________________________________
468# Apply WS-Security Signature
469[filter:wsseSignatureFilter]
470paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter
471
472# Reference the verification filter in order to be able to apply signature
473# confirmation
474referencedFilters = filter:wsseSignatureVerificationFilter
475wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter
476
477# Last filter in chain of SOAP handlers writes the response
478writeResponse = True
479
480# Settings for WS-Security SignatureHandler class used by this filter
481wsseCfgFilePrefix = wssecurity
482
483# Certificate associated with private key used to sign a message.  The sign
484# method will add this to the BinarySecurityToken element of the WSSE header. 
485wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
486
487# PEM encoded private key file
488wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
489
490# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
491# signed message.  See __setReqBinSecTokValType method and binSecTokValType
492# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
493# give full namespace to alternative - see
494# ZSI.wstools.Namespaces.OASIS.X509TOKEN
495#
496# binSecTokValType determines whether signingCert or signingCertChain
497# attributes will be used.
498wssecurity.reqBinSecTokValType=X509v3
499
500# Add a timestamp element to an outbound message
501wssecurity.addTimestamp=True
502
503# For WSSE 1.1 - service returns signature confirmation containing signature
504# value sent by client
505wssecurity.applySignatureConfirmation=True
506
507# Logging configuration
508[loggers]
509keys = root, ndg
510
511[handlers]
512keys = console
513
514[formatters]
515keys = generic
516
517[logger_root]
518level = INFO
519handlers = console
520
521[logger_ndg]
522level = DEBUG
523handlers =
524qualname = ndg
525
526[handler_console]
527class = StreamHandler
528args = (sys.stderr,)
529level = NOTSET
530formatter = generic
531
532[formatter_generic]
533format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
534datefmt = %H:%M:%S
535
Note: See TracBrowser for help on using the repository browser.