source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/sessionMgr.cfg @ 4500

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/sessionMgr.cfg@4500
Revision 4500, 5.4 KB checked in by pjkersha, 11 years ago (diff)

Added and tested dbauthn module to Session Manager authentication interfaces. This uses SQLAlchemy to enable the Session Manager to use database based authentication as an alternative to MyProxy.

  • added optional settings to sessionmanager unit test to enable testing for this - tested vs. a PostGres? db.
Line 
1# Configuration file for Session Manager Server
2#
3# NERC Data Grid Project
4#
5# P J Kershaw 07/10/08
6#
7# Copyright (C) 2008 STFC & NERC
8#
9# This software may be distributed under the terms of the Q Public License,
10# version 1.0 or later.
11#
12[DEFAULT]
13# ALL the settings from this point to the Credential Wallet settings heading
14# are not actually used in these unit tests because the Session Manager is not
15# being run as a service, it's being run as a local instance within the tests.
16# The settings are included to ensure that they're correctly parsed by the
17# config file reader
18
19# the port number the service is to run on - for convenience only may be
20# ignored by web application server container - e.g. Paste - see ini file
21portNum: 
22
23# Flag for SSL - set to True to stipulate https, leave blank to use http
24useSSL: False
25
26# X.509 certificate for SSL connections - ignored if useSSL is blank - Nb.
27sslCertFile: $NDGSEC_SM_UNITTEST_DIR/sm.crt
28
29# Private key file for SSL  - ignored if useSSL is blank
30sslKeyFile: $NDGSEC_SM_UNITTEST_DIR/sm.key
31
32# Directory containing CA cert.s to verify SSL peer cert against - ignored if
33# useSSL is blank
34sslCACertDir: $NDGSEC_SM_UNITTEST_DIR/ca
35
36# Credential Wallet Settings - global to all user sessions
37#
38# CA certificates for Attribute Certificate signature validation
39credentialWallet.caCertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
40
41# CA certificates for SSL connection peer cert. validation - required if
42# connecting to an Attribute Authority over SSL
43credentialWallet.sslCACertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
44
45# Allow Get Attribute Certificate calls to try to get a mapped certificate
46# from another organisation trusted by the target Attribute Authority
47credentialWallet.mapFromTrustedHosts=True
48credentialWallet.rtnExtAttCertList=True
49
50# Refresh an Attribute Certificate, if an existing one in the wallet has only
51# this length of time left before it expires
52credentialWallet.attCertRefreshElapse=7200
53
54# Pointer to WS-Security settings.  IN this case, they're identified by a
55# prefix. 
56credentialWallet.wssCfgPrefix=credentialWallet.wssecurity
57
58# ...A section name could also be used.
59#credentialWallet.wssCfgSection=
60
61# SOAP Signature Handler settings for the Credential Wallet's Attribute
62# Authority interface
63#
64# CA Certificates used to verify X.509 certs used in Attribute Certificates.
65# The CA certificates of other NDG trusted sites should go here.  NB, multiple
66# values should be delimited by a space
67credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
68
69# Signature of an outbound message
70#
71# Certificate associated with private key used to sign a message.  The sign
72# method will add this to the BinarySecurityToken element of the WSSE header. 
73# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
74# As an alternative, use signingCertChain - see below...
75
76# PEM encoded cert
77credentialWallet.wssecurity.signingCertFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.crt
78
79# ... or provide file path to PEM encoded private key file
80credentialWallet.wssecurity.signingPriKeyFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.key
81
82# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
83# signed message.  See __setReqBinSecTokValType method and binSecTokValType
84# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
85# give full namespace to alternative - see
86# ZSI.wstools.Namespaces.OASIS.X509TOKEN
87#
88# binSecTokValType determines whether signingCert or signingCertChain
89# attributes will be used.
90credentialWallet.wssecurity.reqBinSecTokValType: X509v3
91
92# Add a timestamp element to an outbound message
93credentialWallet.wssecurity.addTimestamp: True
94
95# For WSSE 1.1 - service returns signature confirmation containing signature
96# value sent by client
97credentialWallet.wssecurity.applySignatureConfirmation: True
98
99# Settings for Credential Repository plugin
100# File path to plugin module - may be left blank if module is included in the
101# current PYTHONPATH
102#credentialRepository.modFilePath:
103
104#
105# Module name - the default is an empty stub
106credentialRepository.modName: ndg.security.common.credentialwallet
107
108# Name of class in module to instantiate
109credentialRepository.className: NullCredentialRepository
110
111# Optional Properties file argument to Credential Repository class.  This is
112# include to enable custom settings to be defined from an external
113# configuration file
114credentialRepository.propertiesFile:
115
116# Authentication service properties
117authNService.moduleFilePath: 
118authNService.moduleName: ndg.security.server.authnservice.basicauthn
119authNService.className: BasicAuthN
120
121# Specific settings for BasicAuthN Session Manager authentication plugin
122# This sets up two test accounts.  Passwords are MD5 encrypted
123authNService.accounts: testuser:e16b2ab8d12314bf4efbd6203906ea6c ndg-user:e16b2ab8d12314bf4efbd6203906ea6c
124
125## Example settings for Database based authentication - requires access to a
126# database; uses SQLAlchemy for Python database bindings
127#authNService.moduleName: ndg.security.server.authnservice.dbauthn
128#authNService.className: DatabaseAuthN
129#authNService.connectionString: postgres://testuser:testpassword@localhost/testUserDb
130## This query must return zero rows for invalid credentials entered
131#authNService.sqlQuery: select username from users where username = '%%(username)s' and md5_passwd = '%%(password)s'
132#authNService.isMD5EncodedPwd: True
133
Note: See TracBrowser for help on using the repository browser.