source: TI12-security/trunk/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini @ 5667

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini@5667
Revision 5667, 6.3 KB checked in by pjkersha, 11 years ago (diff)

Refactoring SOAPBindingMiddleware to accept a ZSI Service binding input from an upstream middleware component.

Line 
1#
2# PasteDeploy ini file for Attribute Authority Unit tests Site A Server
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 12/09/08
7#
8# Copyright (C) 2009 Science and Technology Facilities Council
9#
10# BSD - See LICENCE file for details
11
12[DEFAULT]
13# WS-Security settings in THIS file
14wsseCfgFilePath = %(here)s/site-a.ini
15wsseCfgFileSection = WS-Security
16attributeAuthorityEnvironKeyName = 'attribute-authority'
17attributeQueryInterfaceEnvironKeyName = 'attributeQueryInterface'
18
19[server:main]
20use = egg:Paste#http
21host = 0.0.0.0
22port = 5000
23
24[app:mainApp]
25paste.app_factory = ndg.security.test.config.attributeauthority.sitea.siteAServerApp:app_factory
26
27# Chain of SOAP Middleware filters - Nb. WS-Security filters apply to the SOAP
28# Binding filter only.
29[pipeline:main]
30pipeline = AttributeAuthorityFilter
31                   wsseSignatureVerificationFilter
32                   AttributeAuthoritySOAPBindingFilter
33                   SOAPServiceBindingFilter
34                   wsseSignatureFilter
35                   AttributeAuthoritySAMLSoapBindingFilter
36                   mainApp
37
38
39[filter:AttributeAuthorityFilter]
40paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthorityMiddleware.filter_app_factory
41prefix = attributeauthority.
42
43# Key name by which the WSDL SOAP based interface may reference this
44# service
45attributeauthority.environKeyName = %(attributeAuthorityEnvironKeyName)s
46
47# Key name for the SAML SOAP binding based interface to reference this
48# service's attribute query method
49attributeAuthority.environKeyNameAttributeQueryInterface: %(attributeQueryInterfaceEnvironKeyName)s
50
51# Attribute Authority settings
52# 'name' setting MUST agree with map config file 'thisHost' name attribute
53attributeAuthority.name: Site A
54
55# Lifetime is measured in seconds
56attributeAuthority.attCertLifetime: 28800 
57
58# Allow an offset for clock skew between servers running
59# security services. NB, measured in seconds - use a minus sign for time in the
60# past
61attributeAuthority.attCertNotBeforeOff: 0
62
63# All Attribute Certificates issued are recorded in this dir
64attributeAuthority.attCertDir: %(here)s/attributeCertificateLog
65
66# Files in attCertDir are stored using a rotating file handler
67# attCertFileLogCnt sets the max number of files created before the first is
68# overwritten
69attributeAuthority.attCertFileName: ac.xml
70attributeAuthority.attCertFileLogCnt: 16
71attributeAuthority.dnSeparator:/
72
73# Location of role mapping file
74attributeAuthority.mapConfigFilePath: %(here)s/siteAMapConfig.xml
75
76# Settings for custom AttributeInterface derived class to get user roles for given
77# user ID
78attributeAuthority.attributeInterface.modFilePath: %(here)s
79attributeAuthority.attributeInterface.modName: siteAUserRoles
80attributeAuthority.attributeInterface.className: TestUserRoles
81
82# Config for XML signature of Attribute Certificate
83attributeAuthority.signingPriKeyFilePath: %(here)s/siteA-aa.key
84attributeAuthority.signingCertFilePath: %(here)s/siteA-aa.crt
85attributeAuthority.caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
86
87
88# SOAP WSDL Based Binding to the Attribute Authority
89[filter:AttributeAuthoritySOAPBindingFilter]
90paste.filter_app_factory = ndg.security.server.wsgi.zsi:SOAPBindingMiddleware
91ServiceSOAPBindingClass = ndg.security.server.wsgi.attributeauthority.AttributeAuthoritySOAPBindingMiddleware.filter_app_factory
92ServiceSOAPBindingPropPrefix = attributeauthority.soapbinding.
93attributeauthority.soapbinding.attributeAuthorityEnvironKeyName = %(attributeAuthorityEnvironKeyName)s
94attributeauthority.soapbinding.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
95
96referencedFilters = wsseSignatureVerificationFilter01
97path = /AttributeAuthority
98enableWSDLQuery = True
99charset = utf-8
100
101
102# SAML SOAP Binding to the Attribute Authority
103[filter:AttributeAuthoritySAMLSoapBindingFilter]
104paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPAttributeInterfaceMiddleware.filter_app_factory
105prefix = saml.soapbinding.
106
107saml.soapbinding.pathMatchList = /attributeauthority/saml
108saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s
109
110
111[filter:wsseSignatureVerificationFilter]
112paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter
113filterID = wsseSignatureVerificationFilter01
114
115[filter:wsseSignatureFilter]
116paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter
117
118# Reference the verification filter in order to be able to apply signature
119# confirmation
120referencedFilters = wsseSignatureVerificationFilter01
121wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
122
123# Last filter in chain SOAP handlers writes the response
124writeResponse = True
125
126
127[WS-Security]
128#
129# OUTBOUND MESSAGE CONFIG
130
131# Signature of an outbound message
132
133# Certificate associated with private key used to sign a message.  The sign
134# method will add this to the BinarySecurityToken element of the WSSE header. 
135signingCertFilePath=%(here)s/siteA-aa.crt
136#signingCertFilePath=%(here)s/java-ca-server.crt
137
138# PEM encoded private key file
139signingPriKeyFilePath=%(here)s/siteA-aa.key
140#signingPriKeyFilePath=%(here)s/java-ca-server.key
141
142# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
143# signed message.  See __setReqBinSecTokValType method and binSecTokValType
144# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
145# give full namespace to alternative - see
146# ZSI.wstools.Namespaces.OASIS.X509TOKEN
147#
148# binSecTokValType determines whether signingCert or signingCertChain
149# attributes will be used.
150reqBinSecTokValType=X509v3
151
152# Add a timestamp element to an outbound message
153addTimestamp=True
154
155# For WSSE 1.1 - service returns signature confirmation containing signature
156# value sent by client
157applySignatureConfirmation=True
158
159#
160# INBOUND MESSAGE CONFIG
161
162# Provide a space separated list of file paths
163caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
164#caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt $NDGSEC_TEST_CONFIG_DIR/ca/java-ca.crt
165
166
167# Logging configuration
168[loggers]
169keys = root, ndg
170
171[handlers]
172keys = console
173
174[formatters]
175keys = generic
176
177[logger_root]
178level = INFO
179handlers = console
180
181[logger_ndg]
182level = DEBUG
183handlers =
184qualname = ndg
185
186[handler_console]
187class = StreamHandler
188args = (sys.stderr,)
189level = NOTSET
190formatter = generic
191
192[formatter_generic]
193format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
194datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.