source: TI12-security/trunk/python/ndg_security_test/ndg/security/test/config/attributeauthority/siteb/site-b.ini @ 5678

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg_security_test/ndg/security/test/config/attributeauthority/siteb/site-b.ini@5678
Revision 5678, 6.3 KB checked in by pjkersha, 11 years ago (diff)

Working WSDL based Attribute Authority Client unit tests with new combined WSDL and SAML interfaces to Attribute Authority.

Line 
1#
2# PasteDeploy ini file for Attribute Authority Unit tests Site A Server
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 12/09/08
7#
8# Copyright (C) 2009 Science and Technology Facilities Council
9#
10# BSD - See LICENCE file for details
11
12[DEFAULT]
13attributeAuthorityEnvironKeyName = attribute-authority
14attributeQueryInterfaceEnvironKeyName = attributeQueryInterface
15
16[server:main]
17use = egg:Paste#http
18host = 0.0.0.0
19port = 5100
20
21[app:mainApp]
22paste.app_factory = ndg.security.test.config.attributeauthority.siteb.siteBServerApp:app_factory
23
24# Chain of SOAP Middleware filters
25[pipeline:main]
26pipeline = AttributeAuthorityFilter
27                   wsseSignatureVerificationFilter
28                   AttributeAuthorityWsdlSoapBindingFilter
29                   wsseSignatureFilter
30                   AttributeAuthoritySamlSoapBindingFilter
31                   mainApp
32
33
34
35[filter:AttributeAuthorityFilter]
36paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthorityMiddleware.filter_app_factory
37prefix = attributeAuthority.
38
39# Key name by which the WSDL SOAP based interface may reference this
40# service
41attributeAuthority.environKeyName = %(attributeAuthorityEnvironKeyName)s
42
43# Key name for the SAML SOAP binding based interface to reference this
44# service's attribute query method
45attributeAuthority.environKeyNameAttributeQueryInterface: %(attributeQueryInterfaceEnvironKeyName)s
46
47# Attribute Authority settings
48# 'name' setting MUST agree with map config file 'thisHost' name attribute
49attributeAuthority.name: Site B
50
51# Lifetime is measured in seconds
52attributeAuthority.attCertLifetime: 28800 
53
54# Allow an offset for clock skew between servers running
55# security services. NB, measured in seconds - use a minus sign for time in the
56# past
57attributeAuthority.attCertNotBeforeOff: 0
58
59# All Attribute Certificates issued are recorded in this dir
60attributeAuthority.attCertDir: %(here)s/attributeCertificateLog
61
62# Files in attCertDir are stored using a rotating file handler
63# attCertFileLogCnt sets the max number of files created before the first is
64# overwritten
65attributeAuthority.attCertFileName: ac.xml
66attributeAuthority.attCertFileLogCnt: 16
67attributeAuthority.dnSeparator:/
68
69# Location of role mapping file
70attributeAuthority.mapConfigFilePath: %(here)s/siteBMapConfig.xml
71
72# Settings for custom AttributeInterface derived class to get user roles for given
73# user ID
74attributeAuthority.attributeInterface.modFilePath: %(here)s
75attributeAuthority.attributeInterface.modName: siteBUserRoles
76attributeAuthority.attributeInterface.className: TestUserRoles
77
78# Config for XML signature of Attribute Certificate
79attributeAuthority.signingPriKeyFilePath: %(here)s/siteB-aa.key
80attributeAuthority.signingCertFilePath: %(here)s/siteB-aa.crt
81attributeAuthority.caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
82
83
84# SOAP WSDL Based Binding to the Attribute Authority
85[filter:AttributeAuthorityWsdlSoapBindingFilter]
86paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthoritySOAPBindingMiddleware.filter_app_factory
87prefix = service.soap.binding.
88attributeAuthoritySOAPBindingPrefix = attributeauthority.service.soap.binding.
89
90service.soap.binding.referencedFilters = wsseSignatureVerificationFilter01
91service.soap.binding.path = /AttributeAuthority
92service.soap.binding.enableWSDLQuery = True
93service.soap.binding.charset = utf-8
94service.soap.binding.serviceSOAPBindingEnvironKeyName = ndg.security.server.wsgi.attributeauthority.AttributeAuthoritySOAPBindingMiddleware
95
96attributeauthority.service.soap.binding.attributeAuthorityEnvironKeyName = %(attributeAuthorityEnvironKeyName)s
97attributeauthority.service.soap.binding.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
98
99
100# SAML SOAP Binding to the Attribute Authority
101[filter:AttributeAuthoritySamlSoapBindingFilter]
102paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPAttributeInterfaceMiddleware.filter_app_factory
103prefix = saml.soapbinding.
104
105saml.soapbinding.pathMatchList = /attributeauthority/saml
106saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s
107
108
109[filter:wsseSignatureVerificationFilter]
110paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter.filter_app_factory
111filterID = wsseSignatureVerificationFilter01
112
113# Settings for WS-Security SignatureHandler class used by this filter
114wsseCfgFilePrefix = wssecurity
115
116# Verify against known CAs - Provide a space separated list of file paths
117wssecurity.caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
118
119[filter:wsseSignatureFilter]
120paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter.filter_app_factory
121
122# Reference the verification filter in order to be able to apply signature
123# confirmation
124referencedFilters = wsseSignatureVerificationFilter01
125wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
126
127# Last filter in chain SOAP handlers writes the response
128writeResponse = True
129
130# Settings for WS-Security SignatureHandler class used by this filter
131wsseCfgFilePrefix = wssecurity
132
133# Certificate associated with private key used to sign a message.  The sign
134# method will add this to the BinarySecurityToken element of the WSSE header. 
135wssecurity.signingCertFilePath=%(here)s/siteB-aa.crt
136
137# PEM encoded private key file
138wssecurity.signingPriKeyFilePath=%(here)s/siteB-aa.key
139
140# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
141# signed message.  See __setReqBinSecTokValType method and binSecTokValType
142# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
143# give full namespace to alternative - see
144# ZSI.wstools.Namespaces.OASIS.X509TOKEN
145#
146# binSecTokValType determines whether signingCert or signingCertChain
147# attributes will be used.
148wssecurity.reqBinSecTokValType=X509v3
149
150# Add a timestamp element to an outbound message
151wssecurity.addTimestamp=True
152
153# For WSSE 1.1 - service returns signature confirmation containing signature
154# value sent by client
155wssecurity.applySignatureConfirmation=True
156
157
158# Logging configuration
159[loggers]
160keys = root, ndg
161
162[handlers]
163keys = console
164
165[formatters]
166keys = generic
167
168[logger_root]
169level = INFO
170handlers = console
171
172[logger_ndg]
173level = DEBUG
174handlers =
175qualname = ndg
176
177[handler_console]
178class = StreamHandler
179args = (sys.stderr,)
180level = NOTSET
181formatter = generic
182
183[formatter_generic]
184format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
185datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.