source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/dap/server.ini @ 5315

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/dap/server.ini@5315
Revision 5315, 4.0 KB checked in by pjkersha, 11 years ago (diff)
  • Fix to logout in ndg.security.server.wsgi.authn
  • improved graphics with anti-aliasing to soften edges
  • added README files into integration test packages
Line 
1#
2# NDG Security pyDAP version 3.0 Test configuration
3#
4# NERC DataGrid
5#
6# Author: P J Kershaw
7#
8# Date: 15/05/09
9#
10# Copyright: STFC 2009
11#
12# Licence: BSD - see top level directory for details
13#
14# The %(here)s variable will be replaced with the parent directory of this
15# file
16#
17[server:main]
18use = egg:Paste#http
19# Change to 0.0.0.0 to make public
20host = 127.0.0.1
21port = 8001
22
23# Composite to enable templates to pick up static content
24[composit:cascade]
25use = egg:Paste#cascade
26app1 = staticLayout
27app2 = pydap
28catch = 404
29
30# Layout folder contains stylesheet and graphics for templates
31[app:staticLayout]
32use = egg:Paste#static
33document_root = %(here)s/layout
34
35# pyDAP Application
36[app:pydap]
37use = egg:pydap#server
38root = %(here)s/data
39templates = %(here)s/template
40x-wsgiorg.throw_errors = 0
41
42# Pipeline to with security filters to protect the pyDAP application
43[pipeline:main]
44pipeline = AuthenticationFilter AuthorizationFilter cascade
45
46[filter:AuthenticationFilter]
47paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
48prefix = authN.
49
50# Set redirect for OpenID Relying Party in the Security Services app instance
51#authN.redirectURI = https://localhost/verify
52authN.redirectURI = http://localhost:7443/verify
53
54# Beaker Session set-up
55beaker.session.key = ndg.security.session
56beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
57beaker.cache.data_dir = %(here)s/authn/beaker/pki/cache
58beaker.session.data_dir = %(here)s/authn/beaker/sessions
59beaker.session.cookie_expires = True
60
61# AuthKit Set-up
62authkit.setup.method=cookie
63
64# This cookie name and secret MUST agree with the name used by the security
65# web services app
66authkit.cookie.name=ndg.security.auth
67authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
68authkit.cookie.signoutpath = /logout
69
70# Disable inclusion of client IP address from cookie signature due to
71# suspected problem with AuthKit setting it when a HTTP Proxy is in place
72authkit.cookie.includeip = False
73
74[filter:AuthorizationFilter]
75paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
76prefix = authz.
77policy.filePath = %(here)s/authz/policy.xml
78
79# Settings for Policy Information Point used by the Policy Decision Point to
80# retrieve subject attributes from the Attribute Authority associated with the
81# resource to be accessed
82pip.sslCACertFilePathList=
83
84# List of CA certificates used to verify the signatures of
85# Attribute Certificates retrieved
86pip.caCertFilePathList=%(here)s/pki/ca/ndg-test-ca.crt
87
88#
89# WS-Security Settings for call to Session Manager
90
91# Signature of an outbound message
92
93# Certificate associated with private key used to sign a message.  The sign
94# method will add this to the BinarySecurityToken element of the WSSE header. 
95# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
96# As an alternative, use signingCertChain - see below...
97
98# PEM encode cert
99pip.wssecurity.signingCertFilePath=%(here)s/pki/wsse-server.crt
100
101# PEM encoded private key file
102pip.wssecurity.signingPriKeyFilePath=%(here)s/pki/wsse-server.key
103
104# Password protecting private key.  Leave blank if there is no password.
105pip.wssecurity.signingPriKeyPwd=
106
107# For signature verification.  Provide a space separated list of file paths
108pip.wssecurity.caCertFilePathList=%(here)s/pki/ca/ndg-test-ca.crt
109
110# ValueType for the BinarySecurityToken added to the WSSE header
111pip.wssecurity.reqBinSecTokValType=X509v3
112
113# Add a timestamp element to an outbound message
114pip.wssecurity.addTimestamp=True
115
116# Logging configuration
117[loggers]
118keys = root, ndg
119
120[handlers]
121keys = console,logfile
122
123[formatters]
124keys = generic
125
126[logger_root]
127level = INFO
128handlers = console
129
130[logger_ndg]
131level = DEBUG
132handlers = logfile
133qualname = ndg
134
135[handler_console]
136class = StreamHandler
137args = (sys.stderr,)
138level = NOTSET
139formatter = generic
140
141[handler_logfile]
142class = handlers.RotatingFileHandler
143level=NOTSET
144formatter=generic
145args=(os.path.join('./', 'log', 'server.log'), 'a', 100000, 10)
146
147[formatter_generic]
148format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
149datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.