source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/sessionMgr.cfg @ 4680

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/sessionMgr.cfg@4680
Revision 4680, 5.3 KB checked in by pjkersha, 11 years ago (diff)

Global replace to fix copyright from STFC & NERC to STFC alone because it's not possible to have copyright held by two orgs.

RevLine 
[4294]1# Configuration file for Session Manager Server
2#
3# NERC Data Grid Project
4#
5# P J Kershaw 07/10/08
6#
[4680]7# Copyright (C) 2008 STFC
[4294]8#
9# This software may be distributed under the terms of the Q Public License,
10# version 1.0 or later.
11#
12[DEFAULT]
[4304]13# ALL the settings from this point to the Credential Wallet settings heading
14# are not actually used in these unit tests because the Session Manager is not
15# being run as a service, it's being run as a local instance within the tests.
16# The settings are included to ensure that they're correctly parsed by the
17# config file reader
18
[4294]19# the port number the service is to run on - for convenience only may be
20# ignored by web application server container - e.g. Paste - see ini file
21portNum: 
22
23# Flag for SSL - set to True to stipulate https, leave blank to use http
24useSSL: False
25
[4304]26# X.509 certificate for SSL connections - ignored if useSSL is blank - Nb.
27sslCertFile: $NDGSEC_SM_UNITTEST_DIR/sm.crt
[4294]28
29# Private key file for SSL  - ignored if useSSL is blank
[4304]30sslKeyFile: $NDGSEC_SM_UNITTEST_DIR/sm.key
[4294]31
32# Directory containing CA cert.s to verify SSL peer cert against - ignored if
33# useSSL is blank
[4318]34sslCACertDir: $NDGSEC_SM_UNITTEST_DIR/ca
[4294]35
36# Credential Wallet Settings - global to all user sessions
37#
38# CA certificates for Attribute Certificate signature validation
39credentialWallet.caCertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
40
41# CA certificates for SSL connection peer cert. validation - required if
42# connecting to an Attribute Authority over SSL
43credentialWallet.sslCACertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
44
45# Allow Get Attribute Certificate calls to try to get a mapped certificate
46# from another organisation trusted by the target Attribute Authority
47credentialWallet.mapFromTrustedHosts=True
48credentialWallet.rtnExtAttCertList=True
49
50# Refresh an Attribute Certificate, if an existing one in the wallet has only
51# this length of time left before it expires
[4304]52credentialWallet.attCertRefreshElapse=7200
[4294]53
[4320]54# Pointer to WS-Security settings.  IN this case, they're identified by a
55# prefix. 
[4402]56credentialWallet.wssCfgPrefix=credentialWallet.wssecurity
[4320]57
58# ...A section name could also be used.
59#credentialWallet.wssCfgSection=
60
61# SOAP Signature Handler settings for the Credential Wallet's Attribute
62# Authority interface
[4294]63#
64# CA Certificates used to verify X.509 certs used in Attribute Certificates.
65# The CA certificates of other NDG trusted sites should go here.  NB, multiple
66# values should be delimited by a space
[4401]67credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
[4294]68
69# Signature of an outbound message
[4401]70#
[4294]71# Certificate associated with private key used to sign a message.  The sign
72# method will add this to the BinarySecurityToken element of the WSSE header. 
73# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
74# As an alternative, use signingCertChain - see below...
75
76# PEM encoded cert
[4401]77credentialWallet.wssecurity.signingCertFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.crt
[4294]78
79# ... or provide file path to PEM encoded private key file
[4401]80credentialWallet.wssecurity.signingPriKeyFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.key
[4294]81
82# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
83# signed message.  See __setReqBinSecTokValType method and binSecTokValType
84# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
85# give full namespace to alternative - see
86# ZSI.wstools.Namespaces.OASIS.X509TOKEN
87#
88# binSecTokValType determines whether signingCert or signingCertChain
89# attributes will be used.
[4401]90credentialWallet.wssecurity.reqBinSecTokValType: X509v3
[4294]91
92# Add a timestamp element to an outbound message
[4401]93credentialWallet.wssecurity.addTimestamp: True
[4294]94
95# For WSSE 1.1 - service returns signature confirmation containing signature
96# value sent by client
[4401]97credentialWallet.wssecurity.applySignatureConfirmation: True
[4294]98
[4401]99# Settings for Credential Repository plugin
100# File path to plugin module - may be left blank if module is included in the
101# current PYTHONPATH
102#credentialRepository.modFilePath:
[4294]103
[4401]104#
105# Module name - the default is an empty stub
106credentialRepository.modName: ndg.security.common.credentialwallet
[4294]107
[4401]108# Name of class in module to instantiate
109credentialRepository.className: NullCredentialRepository
[4294]110
[4401]111# Optional Properties file argument to Credential Repository class.  This is
112# include to enable custom settings to be defined from an external
113# configuration file
114credentialRepository.propertiesFile:
[4294]115
[4401]116# Authentication service properties
117authNService.moduleFilePath: 
118authNService.moduleName: ndg.security.server.authnservice.basicauthn
119authNService.className: BasicAuthN
[4294]120
[4401]121# Specific settings for BasicAuthN Session Manager authentication plugin
122# This sets up two test accounts.  Passwords are MD5 encrypted
[4500]123authNService.accounts: testuser:e16b2ab8d12314bf4efbd6203906ea6c ndg-user:e16b2ab8d12314bf4efbd6203906ea6c
[4294]124
[4500]125## Example settings for Database based authentication - requires access to a
126# database; uses SQLAlchemy for Python database bindings
127#authNService.moduleName: ndg.security.server.authnservice.dbauthn
128#authNService.className: DatabaseAuthN
129#authNService.connectionString: postgres://testuser:testpassword@localhost/testUserDb
130## This query must return zero rows for invalid credentials entered
131#authNService.sqlQuery: select username from users where username = '%%(username)s' and md5_passwd = '%%(password)s'
132#authNService.isMD5EncodedPwd: True
[4401]133
Note: See TracBrowser for help on using the repository browser.