source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/session-manager.ini @ 4406

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/session-manager.ini@4406
Revision 4406, 7.9 KB checked in by pjkersha, 12 years ago (diff)
  • Fix to Session Manager WSDL to allow nillable X.509 cert and ptrivate key return from connect operation
  • working session manager client unit tests up to test 4.
Line 
1#
2# PasteDeploy ini file for Session Manager Unit tests
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 01/10/08
7#
8# Copyright (C) 2008 STFC & NERC
9#
10# This software may be distributed under the terms of the Q Public License,
11# version 1.0 or later.
12
13[DEFAULT]
14# WS-Security settings in THIS file
15wsseCfgFilePath = %(here)s/session-manager.ini
16wsseCfgFileSection = WS-Security
17
18# Session Manager specific settings - commented out settings will take their
19# default settings.  To override the defaults uncomment and set as required.
20# See ndg.security.server.sessionMgr.SessionMgr class for details
21
22# Flag for SSL - set to something to stipulate http, leave blank to use http
23#sessionManager.useSSL:
24
25# X.509 certificate for SSL connections - ignored if useSSL is blank
26#sessionManager.sslCertFile: $NDGSEC_SMCLNT_UNITTEST_DIR/hostcert.pem
27
28# Private key file for SSL  - ignored if useSSL is blank
29#sessionManager.sslKeyFile: $NDGSEC_SMCLNT_UNITTEST_DIR/hostkey.pem
30
31# Directory containing CA cert.s to verify SSL peer cert against - ignored if
32# useSSL is blank
33#sessionManager.sslCACertDir: $NDGSEC_SMCLNT_UNITTEST_DIR/certs/ca
34
35# Credential Wallet Settings - global to all user sessions
36#
37# CA certificates for Attribute Certificate signature validation
38sessionManager.credentialWallet.caCertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
39
40# CA certificates for SSL connection peer cert. validation - required if
41# connecting to an Attribute Authority over SSL
42sessionManager.credentialWallet.sslCACertFilePathList=$NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
43
44# Allow Get Attribute Certificate calls to try to get a mapped certificate
45# from another organisation trusted by the target Attribute Authority
46sessionManager.credentialWallet.mapFromTrustedHosts=True
47sessionManager.credentialWallet.rtnExtAttCertList=True
48
49# Refresh an Attribute Certificate, if an existing one in the wallet has only
50# this length of time left before it expires
51credentialWallet.attCertRefreshElapse=7200
52
53# Pointer to WS-Security settings.  IN this case, they're identified by a
54# prefix. 
55sessionManager.credentialWallet.wssCfgPrefix=sessionManager.credentialWallet.wssecurity
56
57# ...A section name could also be used.
58#sessionManager.credentialWallet.wssCfgSection=
59
60# SOAP Signature Handler settings for the Credential Wallet's Attribute
61# Authority interface
62#
63# CA Certificates used to verify X.509 certs used in Attribute Certificates.
64# The CA certificates of other NDG trusted sites should go here.  NB, multiple
65# values should be delimited by a space
66sessionManager.credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_SM_UNITTEST_DIR/ca/ndg-test-ca.crt
67
68# Signature of an outbound message
69#
70# Certificate associated with private key used to sign a message.  The sign
71# method will add this to the BinarySecurityToken element of the WSSE header. 
72# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
73# As an alternative, use signingCertChain - see below...
74
75# PEM encoded cert
76sessionManager.credentialWallet.wssecurity.signingCertFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.crt
77
78# ... or provide file path to PEM encoded private key file
79sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: $NDGSEC_SM_UNITTEST_DIR/sm.key
80
81# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
82# signed message.  See __setReqBinSecTokValType method and binSecTokValType
83# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
84# give full namespace to alternative - see
85# ZSI.wstools.Namespaces.OASIS.X509TOKEN
86#
87# binSecTokValType determines whether signingCert or signingCertChain
88# attributes will be used.
89sessionManager.credentialWallet.wssecurity.reqBinSecTokValType: X509v3
90
91# Add a timestamp element to an outbound message
92sessionManager.credentialWallet.wssecurity.addTimestamp: True
93
94# For WSSE 1.1 - service returns signature confirmation containing signature
95# value sent by client
96sessionManager.credentialWallet.wssecurity.applySignatureConfirmation: True
97
98# Authentication service properties
99sessionManager.authNService.moduleFilePath: 
100sessionManager.authNService.moduleName: ndg.security.test.sessionmanagerclient.usercertauthn
101sessionManager.authNService.className: UserCertAuthN
102
103# Specific settings for UserCertAuthN Session Manager authentication plugin
104# This sets up PKI credentials for a single test account
105sessionManager.authNService.userX509CertFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/user.crt
106sessionManager.authNService.userPriKeyFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/user.key
107sessionManager.authNService.userPriKeyPwd: testpassword
108
109# Settings for the Credential Repository - NullCredRepos is
110#sessionManager.credentialRepository.modFilePath:
111#sessionManager.credentialRepository.modName: ndg.security.common.CredWallet
112#sessionManager.credentialRepository.className: NullCredRepos
113#sessionManager.credentialRepository.propFile:
114
115[server:main]
116use = egg:Paste#http
117host = 0.0.0.0
118port = 5500
119
120[app:mainApp]
121paste.app_factory = ndg.security.test.sessionmanagerclient.wsgi.sessionManagerServerApp:app_factory
122
123# Chain of SOAP Middleware filters
124[pipeline:main]
125pipeline = wsseSignatureVerificationFilter SessionManagerFilter wsseSignatureFilter mainApp
126
127
128[filter:SessionManagerFilter]
129paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware
130ServiceSOAPBindingClass = ndg.security.server.zsi.sessionmanager.SessionManagerWS
131ServiceSOAPBindingPropPrefix = SessionManager
132SessionManager.propPrefix = sessionManager
133SessionManager.propFilePath = $NDGSEC_SMCLNT_UNITTEST_DIR/wsgi/session-manager.ini
134referencedFilters = wsseSignatureVerificationFilter01
135path = /SessionManager
136enableWSDLQuery = True
137charset = utf-8
138
139[filter:wsseSignatureVerificationFilter]
140paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter
141filterID = wsseSignatureVerificationFilter01
142
143[filter:wsseSignatureFilter]
144paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter
145
146# Reference the verification filter in order to be able to apply signature
147# confirmation
148referencedFilters = wsseSignatureVerificationFilter01
149
150# Last filter in chain SOAP handlers writes the response
151writeResponse = True
152
153
154[WS-Security]
155#
156# OUTBOUND MESSAGE CONFIG
157
158# Signature of an outbound message
159
160# Certificate associated with private key used to sign a message.  The sign
161# method will add this to the BinarySecurityToken element of the WSSE header. 
162signingCertFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/sm.crt
163#signingCertFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/java-ca-server.crt
164
165# PEM encoded private key file
166signingPriKeyFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/sm.key
167#signingPriKeyFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/java-ca-server.key
168
169# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
170# signed message.  See __setReqBinSecTokValType method and binSecTokValType
171# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
172# give full namespace to alternative - see
173# ZSI.wstools.Namespaces.OASIS.X509TOKEN
174#
175# binSecTokValType determines whether signingCert or signingCertChain
176# attributes will be used.
177reqBinSecTokValType=X509v3
178
179# Add a timestamp element to an outbound message
180addTimestamp=True
181
182# For WSSE 1.1 - service returns signature confirmation containing signature
183# value sent by client
184applySignatureConfirmation=True
185
186#
187# INBOUND MESSAGE CONFIG
188
189# Provide a space separated list of file paths
190caCertFilePathList=$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
191#caCertFilePathList=$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_SMCLNT_UNITTEST_DIR/ca/java-ca.crt
192
193
194# Logging configuration
195[loggers]
196keys = root, ndg
197
198[handlers]
199keys = console
200
201[formatters]
202keys = generic
203
204[logger_root]
205level = INFO
206handlers = console
207
208[logger_ndg]
209level = DEBUG
210handlers =
211qualname = ndg
212
213[handler_console]
214class = StreamHandler
215args = (sys.stderr,)
216level = NOTSET
217formatter = generic
218
219[formatter_generic]
220format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
221datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.