source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/sessionMgr.cfg @ 4680

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanager/sessionMgr.cfg@4680
Revision 4680, 5.3 KB checked in by pjkersha, 11 years ago (diff)

Global replace to fix copyright from STFC & NERC to STFC alone because it's not possible to have copyright held by two orgs.

Line 
1# Configuration file for Session Manager Server
2#
3# NERC Data Grid Project
4#
5# P J Kershaw 07/10/08
6#
7# Copyright (C) 2008 STFC
8#
9# This software may be distributed under the terms of the Q Public License,
10# version 1.0 or later.
11#
12[DEFAULT]
13# ALL the settings from this point to the Credential Wallet settings heading
14# are not actually used in these unit tests because the Session Manager is not
15# being run as a service, it's being run as a local instance within the tests.
16# The settings are included to ensure that they're correctly parsed by the
17# config file reader
18
19# the port number the service is to run on - for convenience only may be
20# ignored by web application server container - e.g. Paste - see ini file
21portNum: 
22
23# Flag for SSL - set to True to stipulate https, leave blank to use http
24useSSL: False
25
26# X.509 certificate for SSL connections - ignored if useSSL is blank - Nb.
27sslCertFile: $NDGSEC_SM_UNITTEST_DIR/sm.crt
28
29# Private key file for SSL  - ignored if useSSL is blank
30sslKeyFile: $NDGSEC_SM_UNITTEST_DIR/sm.key
31
32# Directory containing CA cert.s to verify SSL peer cert against - ignored if
33# useSSL is blank
34sslCACertDir: $NDGSEC_SM_UNITTEST_DIR/ca
35
36# Credential Wallet Settings - global to all user sessions
37#
38# CA certificates for Attribute Certificate signature validation
39credentialWallet.caCertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
40
41# CA certificates for SSL connection peer cert. validation - required if
42# connecting to an Attribute Authority over SSL
43credentialWallet.sslCACertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
44
45# Allow Get Attribute Certificate calls to try to get a mapped certificate
46# from another organisation trusted by the target Attribute Authority
47credentialWallet.mapFromTrustedHosts=True
48credentialWallet.rtnExtAttCertList=True
49
50# Refresh an Attribute Certificate, if an existing one in the wallet has only
51# this length of time left before it expires
52credentialWallet.attCertRefreshElapse=7200
53
54# Pointer to WS-Security settings.  IN this case, they're identified by a
55# prefix. 
56credentialWallet.wssCfgPrefix=credentialWallet.wssecurity
57
58# ...A section name could also be used.
59#credentialWallet.wssCfgSection=
60
61# SOAP Signature Handler settings for the Credential Wallet's Attribute
62# Authority interface
63#
64# CA Certificates used to verify X.509 certs used in Attribute Certificates.
65# The CA certificates of other NDG trusted sites should go here.  NB, multiple
66# values should be delimited by a space
67credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
68
69# Signature of an outbound message
70#
71# Certificate associated with private key used to sign a message.  The sign
72# method will add this to the BinarySecurityToken element of the WSSE header. 
73# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
74# As an alternative, use signingCertChain - see below...
75
76# PEM encoded cert
77credentialWallet.wssecurity.signingCertFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.crt
78
79# ... or provide file path to PEM encoded private key file
80credentialWallet.wssecurity.signingPriKeyFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.key
81
82# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
83# signed message.  See __setReqBinSecTokValType method and binSecTokValType
84# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
85# give full namespace to alternative - see
86# ZSI.wstools.Namespaces.OASIS.X509TOKEN
87#
88# binSecTokValType determines whether signingCert or signingCertChain
89# attributes will be used.
90credentialWallet.wssecurity.reqBinSecTokValType: X509v3
91
92# Add a timestamp element to an outbound message
93credentialWallet.wssecurity.addTimestamp: True
94
95# For WSSE 1.1 - service returns signature confirmation containing signature
96# value sent by client
97credentialWallet.wssecurity.applySignatureConfirmation: True
98
99# Settings for Credential Repository plugin
100# File path to plugin module - may be left blank if module is included in the
101# current PYTHONPATH
102#credentialRepository.modFilePath:
103
104#
105# Module name - the default is an empty stub
106credentialRepository.modName: ndg.security.common.credentialwallet
107
108# Name of class in module to instantiate
109credentialRepository.className: NullCredentialRepository
110
111# Optional Properties file argument to Credential Repository class.  This is
112# include to enable custom settings to be defined from an external
113# configuration file
114credentialRepository.propertiesFile:
115
116# Authentication service properties
117authNService.moduleFilePath: 
118authNService.moduleName: ndg.security.server.authnservice.basicauthn
119authNService.className: BasicAuthN
120
121# Specific settings for BasicAuthN Session Manager authentication plugin
122# This sets up two test accounts.  Passwords are MD5 encrypted
123authNService.accounts: testuser:e16b2ab8d12314bf4efbd6203906ea6c ndg-user:e16b2ab8d12314bf4efbd6203906ea6c
124
125## Example settings for Database based authentication - requires access to a
126# database; uses SQLAlchemy for Python database bindings
127#authNService.moduleName: ndg.security.server.authnservice.dbauthn
128#authNService.className: DatabaseAuthN
129#authNService.connectionString: postgres://testuser:testpassword@localhost/testUserDb
130## This query must return zero rows for invalid credentials entered
131#authNService.sqlQuery: select username from users where username = '%%(username)s' and md5_passwd = '%%(password)s'
132#authNService.isMD5EncodedPwd: True
133
Note: See TracBrowser for help on using the repository browser.