source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/session-manager.ini @ 4437

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/sessionmanagerclient/wsgi/session-manager.ini@4437
Revision 4437, 8.3 KB checked in by pjkersha, 12 years ago (diff)

Working Session Manager client unit tests for WSGI based Session Manager

  • removed getX509Cert operation from WSDL - no longer needed
  • fix to prefix keyword for ConfigFileParsers? ini file parsing.
Line 
1#
2# PasteDeploy ini file for Session Manager Unit tests
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 01/10/08
7#
8# Copyright (C) 2008 STFC & NERC
9#
10# This software may be distributed under the terms of the Q Public License,
11# version 1.0 or later.
12
13[DEFAULT]
14# WS-Security settings in THIS file to enable the Signature Handler to verify
15# incoming messages and sign outbound messages. 
16wsseCfgFilePath = %(here)s/session-manager.ini
17wsseCfgFileSection = WS-Security
18
19# Session Manager specific settings - commented out settings will take their
20# default settings.  To override the defaults uncomment and set as required.
21# See ndg.security.server.sessionMgr.SessionMgr class for details
22
23# Flag for SSL - set to something to stipulate http, leave blank to use http
24#sessionManager.useSSL:
25
26# X.509 certificate for SSL connections - ignored if useSSL is blank
27#sessionManager.sslCertFile: $NDGSEC_SMCLNT_UNITTEST_DIR/hostcert.pem
28
29# Private key file for SSL  - ignored if useSSL is blank
30#sessionManager.sslKeyFile: $NDGSEC_SMCLNT_UNITTEST_DIR/hostkey.pem
31
32# Directory containing CA cert.s to verify SSL peer cert against - ignored if
33# useSSL is blank
34#sessionManager.sslCACertDir: $NDGSEC_SMCLNT_UNITTEST_DIR/certs/ca
35
36# Credential Wallet Settings - global to all user sessions
37#
38# CA certificates for Attribute Certificate signature validation
39sessionManager.credentialWallet.caCertFilePathList=$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
40
41# CA certificates for SSL connection peer cert. validation - required if
42# connecting to an Attribute Authority over SSL
43sessionManager.credentialWallet.sslCACertFilePathList=$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
44
45# Allow Get Attribute Certificate calls to try to get a mapped certificate
46# from another organisation trusted by the target Attribute Authority
47sessionManager.credentialWallet.mapFromTrustedHosts=True
48sessionManager.credentialWallet.rtnExtAttCertList=True
49
50# Refresh an Attribute Certificate, if an existing one in the wallet has only
51# this length of time left before it expires
52credentialWallet.attCertRefreshElapse=7200
53
54# Pointer to WS-Security settings.  These WS-Security settings are for use
55# by user credential wallets held in user sessions hosted by the Session
56# Manager.  They enable individual wallets to query Attribute Authorities for
57# user Attribute Certificates.  Nb. the difference between these settings and
58# the WS-Security section for handling requests to the Session Manager.
59#
60# Settings are identified by a prefix. 
61sessionManager.credentialWallet.wssCfgPrefix=sessionManager.credentialWallet.wssecurity
62
63# ...A section name could also be used.
64#sessionManager.credentialWallet.wssCfgSection=
65
66# SOAP Signature Handler settings for the Credential Wallet's Attribute
67# Authority interface
68#
69# CA Certificates used to verify X.509 certs used in Attribute Certificates.
70# The CA certificates of other NDG trusted sites should go here.  NB, multiple
71# values should be delimited by a space
72sessionManager.credentialWallet.wssecurity.caCertFilePathList: $NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
73
74# Signature of an outbound message
75#
76# Certificate associated with private key used to sign a message.  The sign
77# method will add this to the BinarySecurityToken element of the WSSE header. 
78# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
79# As an alternative, use signingCertChain - see below...
80
81# PEM encoded cert
82sessionManager.credentialWallet.wssecurity.signingCertFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/sm.crt
83
84# ... or provide file path to PEM encoded private key file
85sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/sm.key
86
87# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
88# signed message.  See __setReqBinSecTokValType method and binSecTokValType
89# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
90# give full namespace to alternative - see
91# ZSI.wstools.Namespaces.OASIS.X509TOKEN
92#
93# binSecTokValType determines whether signingCert or signingCertChain
94# attributes will be used.
95sessionManager.credentialWallet.wssecurity.reqBinSecTokValType: X509v3
96
97# Add a timestamp element to an outbound message
98sessionManager.credentialWallet.wssecurity.addTimestamp: True
99
100# For WSSE 1.1 - service returns signature confirmation containing signature
101# value sent by client
102sessionManager.credentialWallet.wssecurity.applySignatureConfirmation: True
103
104# Authentication service properties
105sessionManager.authNService.moduleFilePath: 
106sessionManager.authNService.moduleName: ndg.security.test.sessionmanagerclient.usercertauthn
107sessionManager.authNService.className: UserCertAuthN
108
109# Specific settings for UserCertAuthN Session Manager authentication plugin
110# This sets up PKI credentials for a single test account
111sessionManager.authNService.userX509CertFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/user.crt
112sessionManager.authNService.userPriKeyFilePath: $NDGSEC_SMCLNT_UNITTEST_DIR/user.key
113sessionManager.authNService.userPriKeyPwd: testpassword
114
115# Settings for the Credential Repository - NullCredRepos is
116#sessionManager.credentialRepository.modFilePath:
117#sessionManager.credentialRepository.modName: ndg.security.common.CredWallet
118#sessionManager.credentialRepository.className: NullCredRepos
119#sessionManager.credentialRepository.propFile:
120
121[server:main]
122use = egg:Paste#http
123host = 0.0.0.0
124port = 5500
125
126[app:mainApp]
127paste.app_factory = ndg.security.test.sessionmanagerclient.wsgi.sessionManagerServerApp:app_factory
128
129# Chain of SOAP Middleware filters
130[pipeline:main]
131pipeline = wsseSignatureVerificationFilter SessionManagerFilter wsseSignatureFilter mainApp
132
133
134[filter:SessionManagerFilter]
135paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware
136ServiceSOAPBindingClass = ndg.security.server.zsi.sessionmanager.SessionManagerWS
137ServiceSOAPBindingPropPrefix = SessionManager
138SessionManager.propPrefix = sessionManager
139SessionManager.propFilePath = $NDGSEC_SMCLNT_UNITTEST_DIR/wsgi/session-manager.ini
140referencedFilters = wsseSignatureVerificationFilter01
141path = /SessionManager
142enableWSDLQuery = True
143charset = utf-8
144
145[filter:wsseSignatureVerificationFilter]
146paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter
147filterID = wsseSignatureVerificationFilter01
148
149[filter:wsseSignatureFilter]
150paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter
151
152# Reference the verification filter in order to be able to apply signature
153# confirmation
154referencedFilters = wsseSignatureVerificationFilter01
155
156# Last filter in chain SOAP handlers writes the response
157writeResponse = True
158
159
160[WS-Security]
161#
162# OUTBOUND MESSAGE CONFIG
163
164# Signature of an outbound message
165
166# Certificate associated with private key used to sign a message.  The sign
167# method will add this to the BinarySecurityToken element of the WSSE header. 
168signingCertFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/sm.crt
169#signingCertFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/java-ca-server.crt
170
171# PEM encoded private key file
172signingPriKeyFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/sm.key
173#signingPriKeyFilePath=$NDGSEC_SMCLNT_UNITTEST_DIR/java-ca-server.key
174
175# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
176# signed message.  See __setReqBinSecTokValType method and binSecTokValType
177# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
178# give full namespace to alternative - see
179# ZSI.wstools.Namespaces.OASIS.X509TOKEN
180#
181# binSecTokValType determines whether signingCert or signingCertChain
182# attributes will be used.
183reqBinSecTokValType=X509v3
184
185# Add a timestamp element to an outbound message
186addTimestamp=True
187
188# For WSSE 1.1 - service returns signature confirmation containing signature
189# value sent by client
190applySignatureConfirmation=True
191
192#
193# INBOUND MESSAGE CONFIG
194
195# Provide a space separated list of file paths
196caCertFilePathList=$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt
197#caCertFilePathList=$NDGSEC_SMCLNT_UNITTEST_DIR/ca/ndg-test-ca.crt $NDGSEC_SMCLNT_UNITTEST_DIR/ca/java-ca.crt
198
199
200# Logging configuration
201[loggers]
202keys = root, ndg
203
204[handlers]
205keys = console
206
207[formatters]
208keys = generic
209
210[logger_root]
211level = INFO
212handlers = console
213
214[logger_ndg]
215level = DEBUG
216handlers =
217qualname = ndg
218
219[handler_console]
220class = StreamHandler
221args = (sys.stderr,)
222level = NOTSET
223formatter = generic
224
225[formatter_generic]
226format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
227datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.