source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml @ 3652

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionMgr/sessionMgrProperties.xml@3652
Revision 3652, 3.6 KB checked in by pjkersha, 12 years ago (diff)
  • Added sso Pylons project to security stack consisting of LoginService? extracted from the NDG Browse stack
  • Fixes to Attribute Authority, Credential Wallet and Session Manager to enable explicit setting of exclusive namespace settings for WS-Security via config files.
Line 
1<?xml version="1.0" encoding="utf-8"?>
2<sessMgrProp>
3    <portNum>5700</portNum>
4    <useSSL></useSSL> <!-- leave blank to use http -->
5    <!--<useSSL>Yes</useSSL>  leave blank to use http -->
6    <sslCertFile>$NDGSEC_SM_UNITTEST_DIR/sm.crt</sslCertFile>
7    <sslKeyFile>$NDGSEC_SM_UNITTEST_DIR/sm.key</sslKeyFile>
8    <!--
9    Directory containing CA cert.s to verify SSL peer cert against
10     - ignored if useSSL is blank
11    -->
12    <sslCACertDir>$NDGSEC_SM_UNITTEST_DIR/ca</sslCACertDir>
13    <!--
14    WS-Security settings for signature of outbound SOAP messages
15    -->
16    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature -->
17    <!--
18    CA Certificates used to verify X.509 certs used in peer SOAP messages,
19    SSL connections and Attribute Certificates
20    -->
21    <caCertFileList>
22        <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt</caCertFile>
23    </caCertFileList>
24    <certFile>$NDGSEC_SM_UNITTEST_DIR/sm.crt</certFile>
25    <keyFile>$NDGSEC_SM_UNITTEST_DIR/sm.key</keyFile>
26    <keyPwd/>
27        <!--
28        Inclusive namespace prefixes for reference and SignedInfo sections of
29        WS-Security digital signature
30        -->
31        <wssRefInclNS></wssRefInclNS>
32        <wssSignedInfoInclNS></wssSignedInfoInclNS>
33    <!--
34    Set the certificate used to verify the signature of messages from the
35    client.  This can usually be left blank since the client is expected to
36    include the cert with the signature in the inbound SOAP message
37    -->
38    <clntCertFile></clntCertFile>   
39    <sessMgrEncrKey>abcdef0123456789</sessMgrEncrKey>
40    <sessMgrURI>https://localhost:5700/SessionManager</sessMgrURI>
41    <cookieDomain></cookieDomain>
42        <myProxyProp>
43                <!--
44                Delete this element and take setting from MYPROXY_SERVER environment
45                variable if required
46                <hostname>localhost</hostname>
47                -->
48                <!--
49                Delete this element to take default setting 7512 or read
50                MYPROXY_SERVER_PORT setting
51                -->
52                <port>7512</port>
53                <!--
54                Useful if hostname and certificate CN don't match correctly.  Globus
55                host DN is set to "host/<fqdn>".  Delete this element and set from
56                MYPROXY_SERVER_DN environment variable if preferred
57                <serverDN>/O=NDG/OU=BADC/OU=Gabriel/CN=localhost</serverDN>
58                -->
59                <!--
60                Set "host/" prefix to host cert CN as is default with globus otherwise
61                client SSL peer cert check fails
62                -->
63                <serverCNprefix>host/</serverCNprefix> 
64                <!--
65                This directory path is used to locate the OpenSSL configuration file
66               
67                The settings are used to set up the defaults for the Distinguished Name of
68                the new proxy cert. issued
69               
70                GLOBUS_LOCATION or GRID_SECURITY_DIR environment variables may be used
71                but the settings can be independent of any Globus installation
72                -->
73                <openSSLConfFilePath>$NDGSEC_SM_UNITTEST_DIR/openssl.conf</openSSLConfFilePath>
74                <tmpDir>/tmp</tmpDir>
75                <!--
76                        Limit on maximum lifetime any proxy certificate can have -
77                        specified when a certificate is first created by store() method
78                -->
79                <proxyCertMaxLifetime>43200</proxyCertMaxLifetime> <!-- in seconds -->
80                <!--
81                        Life time of a proxy certificate when issued from the Proxy Server
82                        with getDelegation() method
83                        -->
84                <proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds -->
85                <caCertFile>$NDGSEC_SM_UNITTEST_DIR/ndg-test-ca.crt</caCertFile>
86        </myProxyProp>
87        <simpleCACltProp>
88            <uri></uri>
89        <xmlSigKeyFile></xmlSigKeyFile>
90        <xmlSigCertFile></xmlSigCertFile>
91        <xmlSigCertPwd></xmlSigCertPwd>
92    </simpleCACltProp>
93    <credReposProp>
94            <modFilePath></modFilePath>
95            <modName>ndg.security.common.CredWallet</modName>
96            <className>NullCredRepos</className>
97            <propFile></propFile>
98    </credReposProp>
99</sessMgrProp>
Note: See TracBrowser for help on using the repository browser.