source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgr.cfg @ 4294

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgr.cfg@4294
Revision 4294, 6.7 KB checked in by pjkersha, 11 years ago (diff)

Updating Session Manager tests for refactored CredWallet?

Line 
1# Configuration file for Session Manager Server
2#
3# NERC Data Grid Project
4#
5# P J Kershaw 07/10/08
6#
7# Copyright (C) 2008 CCLRC & NERC
8#
9# This software may be distributed under the terms of the Q Public License,
10# version 1.0 or later.
11#
12[DEFAULT]
13# the port number the service is to run on - for convenience only may be
14# ignored by web application server container - e.g. Paste - see ini file
15portNum: 
16
17# Flag for SSL - set to True to stipulate https, leave blank to use http
18useSSL: False
19
20# X.509 certificate for SSL connections - ignored if useSSL is blank
21#sslCertFile: $NDGSEC_SM_UNITTEST_DIR/host.crt
22
23# Private key file for SSL  - ignored if useSSL is blank
24#sslKeyFile: $NDGSEC_SM_UNITTEST_DIR/host.key
25
26# Directory containing CA cert.s to verify SSL peer cert against - ignored if
27# useSSL is blank
28sslCACertDir: $NDGSEC_DIR/conf/certs/ca
29
30# Credential Wallet Settings - global to all user sessions
31#
32# CA certificates for Attribute Certificate signature validation
33credentialWallet.caCertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
34
35# CA certificates for SSL connection peer cert. validation - required if
36# connecting to an Attribute Authority over SSL
37credentialWallet.sslCACertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
38
39# Omit Credential Repository and use default NullCredentialRepository.  This
40# setting is expected to tie up with the Session Manager's Credential
41# Repository settings - see elsewhere in this file
42#credentialWallet.credentialRepository=
43
44# Allow Get Attribute Certificate calls to try to get a mapped certificate
45# from another organisation trusted by the target Attribute Authority
46credentialWallet.mapFromTrustedHosts=True
47credentialWallet.rtnExtAttCertList=True
48
49# Refresh an Attribute Certificate, if an existing one in the wallet has only
50# this length of time left before it expires
51attCertRefreshElapse=7200
52
53#
54# SOAP Signature Handler settings
55# Leave blank for NO SOAP signature
56[WS-Security]
57#
58# OUTBOUND MESSAGE CONFIG
59
60# CA Certificates used to verify X.509 certs used in Attribute Certificates.
61# The CA certificates of other NDG trusted sites should go here.  NB, multiple
62# values should be delimited by a space
63caCertFilePathList: $NDGSEC_DIR/conf/certs/ca/cacert.pem 
64
65# Signature of an outbound message
66
67# Certificate associated with private key used to sign a message.  The sign
68# method will add this to the BinarySecurityToken element of the WSSE header. 
69# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
70# As an alternative, use signingCertChain - see below...
71
72# PEM encoded cert
73signingCertFilePath: $NDGSEC_DIR/conf/certs/sm-cert.pem
74
75# ... or provide file path to PEM encoded private key file
76signingPriKeyFilePath: $NDGSEC_DIR/conf/certs/sm-key.pem
77
78# Password protecting private key.  Leave blank if there is no password.
79signingPriKeyPwd=
80
81# Pass a list of certificates ',' separated PEM encoded certs constituting a
82# chain of trust from the certificate used to verifying the signature backward
83# to the CA cert.  The CA cert need not be included.  To use this option,
84# reqBinSecTokValType must be set to the X509PKIPathv1
85signingCertChain=
86
87# Provide a space separated list of file paths
88caCertFilePathList: $NDGSEC_DIR/conf/certs/ca/cacert.pem
89
90# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
91# signed message.  See __setReqBinSecTokValType method and binSecTokValType
92# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
93# give full namespace to alternative - see
94# ZSI.wstools.Namespaces.OASIS.X509TOKEN
95#
96# binSecTokValType determines whether signingCert or signingCertChain
97# attributes will be used.
98reqBinSecTokValType: X509v3
99
100# Add a timestamp element to an outbound message
101addTimestamp: True
102
103# For WSSE 1.1 - service returns signature confirmation containing signature
104# value sent by client
105applySignatureConfirmation: True
106
107# Inclusive namespace prefixes - for Exclusive Canonicalisation only
108# TODO: include option to set C14N algorithm - C14N currently set to Exclusive
109
110# Inclusive namespace prefixes Canonicalisation of reference elements -
111# space separated list e.g. refC14nInclNS=wsse ds ns1
112refC14nInclNS:
113
114# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element -
115# same format as the above
116signedInfoC14nInclNS:
117
118#
119# INBOUND MESSAGE CONFIG
120
121# X.509 certificate used by verify method to verify a message.  This argument
122# can be omitted if the message to be verified contains the X.509 certificate
123# in the BinarySecurityToken element.  In this case, the cert read from the
124# message will be assigned to the verifyingCert attribute.
125
126# ... or provide file path PEM encode cert here
127verifyingCertFilePath: 
128
129
130# authentication service properties
131[authNServiceProp]
132moduleFilePath: 
133moduleName: ndg.security.server.authenservice.session_mgr_my_proxy_client
134className: SessionMgrMyProxyClient
135propertiesFile:
136# Delete this element and take setting from MYPROXY_SERVER environment
137# variable if required
138
139# hostname: localhost
140#
141# Delete this element to take default setting 7512 or read
142# MYPROXY_SERVER_PORT setting
143port: 7512
144
145# Useful if hostname and certificate CN don't match correctly.  Globus
146# host DN is set to "host/<fqdn: ".  Delete this element and set from
147# MYPROXY_SERVER_DN environment variable if prefered
148serverDN:
149
150# Set "host/" prefix to host cert CN as is default with globus
151serverCNprefix: host/ 
152 
153# This directory path is used to locate the OpenSSL configuration file
154#
155# The settings are used to set up the defaults for the Distinguished Name of
156# the new proxy cert. issued
157#
158# GLOBUS_LOCATION or GRID_SECURITY_DIR environment variables may be used
159# but the settings can be independent of any Globus installation
160openSSLConfFilePath: $NDGSEC_DIR/conf/openssl.conf
161tmpDir: /tmp
162
163# Limit on maximum lifetime any proxy certificate can have -
164# specified when a certificate is first created by store() method
165proxyCertMaxLifetime: 43200 # in seconds
166
167# Life time of a proxy certificate (seconds) when issued from the Proxy Server
168# with ndg.security.server.MyProxy.getDelegation() method
169proxyCertLifetime: 43200
170 
171# CA certificate applied to verify peer certificate against in
172# SSL connection to MyProxy server
173caCertFile: $NDGSEC_DIR/conf/certs/cacert.pem
174
175
176# Settings for Credential Repository plugin
177[credReposProp]
178# File path to plugin module - may be left blank if module is included in the
179# current PYTHONPATH
180#modFilePath:
181
182#
183# Module name - the default is an empty stub
184modName: ndg.security.common.CredWallet
185
186# Name of class in module to instantiate
187className: NullCredRepos
188
189# Optional Properties file argument to Credential Repository class.  This is
190# include to enable custom settings to be defined from an external
191# configuration file
192propFile:
193
Note: See TracBrowser for help on using the repository browser.