source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini @ 6584

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini@6584
Revision 6584, 6.7 KB checked in by pjkersha, 11 years ago (diff)
  • Fixes to SAML Attribute Query client.
  • Work query to ESG Authz service
  • fixes for MyProxy? SAML callout
Line 
1#
2# PasteDeploy ini file for Attribute Authority Unit tests Site A Server
3#
4# NERC Data Grid Project
5#
6# P J Kershaw 12/09/08
7#
8# Copyright (C) 2009 Science and Technology Facilities Council
9#
10# BSD - See LICENCE file for details
11
12[DEFAULT]
13attributeAuthorityEnvironKeyName = attribute-authority
14attributeQueryInterfaceEnvironKeyName = attributeQueryInterface
15
16[server:main]
17use = egg:Paste#http
18host = 0.0.0.0
19port = 5000
20
21[app:mainApp]
22paste.app_factory = ndg.security.test.config.attributeauthority.sitea.siteAServerApp:app_factory
23
24# Chain of SOAP Middleware filters - Nb. WS-Security filters apply to the SOAP
25# Binding filter only.
26[pipeline:main]
27pipeline = AttributeAuthorityFilter
28                   wsseSignatureVerificationFilter
29                   AttributeAuthorityWsdlSoapBindingFilter
30                   wsseSignatureFilter
31                   AttributeAuthoritySamlSoapBindingFilter
32                   mainApp
33
34
35[filter:AttributeAuthorityFilter]
36paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthorityMiddleware.filter_app_factory
37prefix = attributeAuthority.
38
39# Key name by which the WSDL SOAP based interface may reference this
40# service
41attributeAuthority.environKeyName = %(attributeAuthorityEnvironKeyName)s
42
43# Key name for the SAML SOAP binding based interface to reference this
44# service's attribute query method
45attributeAuthority.environKeyNameAttributeQueryInterface: %(attributeQueryInterfaceEnvironKeyName)s
46
47# Attribute Authority settings
48# 'name' setting MUST agree with map config file 'thisHost' name attribute
49attributeAuthority.name: Site A
50
51# Lifetime is measured in seconds
52attributeAuthority.attCertLifetime: 28800 
53
54# Allow an offset for clock skew between servers running
55# security services. NB, measured in seconds - use a minus sign for time in the
56# past
57attributeAuthority.attCertNotBeforeOff: 0
58
59# Clock skew for SAML Attribute Queries - allow clockSkew number of seconds
60# tolerance for query issueInstant parameter. Set here to 3 minutes
61attributeAuthority.clockSkew: 180.0
62
63# All Attribute Certificates issued are recorded in this dir
64attributeAuthority.attCertDir: %(here)s/attributeCertificateLog
65
66# Files in attCertDir are stored using a rotating file handler
67# attCertFileLogCnt sets the max number of files created before the first is
68# overwritten
69attributeAuthority.attCertFileName: ac.xml
70attributeAuthority.attCertFileLogCnt: 16
71attributeAuthority.dnSeparator:/
72
73# Location of role mapping file
74attributeAuthority.mapConfigFilePath: %(here)s/siteAMapConfig.xml
75
76# Settings for custom AttributeInterface derived class to get user roles for given
77# user ID
78attributeAuthority.attributeInterface.modFilePath: %(here)s
79attributeAuthority.attributeInterface.modName: siteAUserRoles
80attributeAuthority.attributeInterface.className: TestUserRoles
81
82# Config for XML signature of Attribute Certificate
83attributeAuthority.signingPriKeyFilePath: %(here)s/siteA-aa.key
84attributeAuthority.signingCertFilePath: %(here)s/siteA-aa.crt
85attributeAuthority.caCertFilePathList: $NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
86
87
88# SOAP WSDL Based Binding to the Attribute Authority
89[filter:AttributeAuthorityWsdlSoapBindingFilter]
90paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthoritySOAPBindingMiddleware.filter_app_factory
91prefix = service.soap.binding.
92attributeAuthoritySOAPBindingPrefix = attributeauthority.service.soap.binding.
93
94service.soap.binding.referencedFilters = wsseSignatureVerificationFilter01
95service.soap.binding.path = /AttributeAuthority
96service.soap.binding.enableWSDLQuery = True
97service.soap.binding.charset = utf-8
98service.soap.binding.serviceSOAPBindingEnvironKeyName = ndg.security.server.wsgi.attributeauthority.AttributeAuthoritySOAPBindingMiddleware
99
100attributeauthority.service.soap.binding.attributeAuthorityEnvironKeyName = %(attributeAuthorityEnvironKeyName)s
101attributeauthority.service.soap.binding.wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
102
103
104# SAML SOAP Binding to the Attribute Authority
105[filter:AttributeAuthoritySamlSoapBindingFilter]
106paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPQueryInterfaceMiddleware.filter_app_factory
107prefix = saml.soapbinding.
108
109saml.soapbinding.serialise = saml.xml.etree:ResponseElementTree.toXML
110saml.soapbinding.deserialise = saml.xml.etree:AttributeQueryElementTree.fromXML
111saml.soapbinding.pathMatchList = /AttributeAuthority/saml
112saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s
113
114
115[filter:wsseSignatureVerificationFilter]
116paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter.filter_app_factory
117filterID = wsseSignatureVerificationFilter01
118
119# Settings for WS-Security SignatureHandler class used by this filter
120wsseCfgFilePrefix = wssecurity
121
122# Verify against known CAs - Provide a space separated list of file paths
123wssecurity.caCertFilePathList=$NDGSEC_TEST_CONFIG_DIR/ca/ndg-test-ca.crt
124
125[filter:wsseSignatureFilter]
126paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter.filter_app_factory
127
128# Reference the verification filter in order to be able to apply signature
129# confirmation
130referencedFilters = wsseSignatureVerificationFilter01
131wsseSignatureVerificationFilterID = wsseSignatureVerificationFilter01
132
133# Last filter in chain SOAP handlers writes the response
134writeResponse = True
135
136# Settings for WS-Security SignatureHandler class used by this filter
137wsseCfgFilePrefix = wssecurity
138
139# Certificate associated with private key used to sign a message.  The sign
140# method will add this to the BinarySecurityToken element of the WSSE header. 
141wssecurity.signingCertFilePath=%(here)s/siteA-aa.crt
142
143# PEM encoded private key file
144wssecurity.signingPriKeyFilePath=%(here)s/siteA-aa.key
145
146# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
147# signed message.  See __setReqBinSecTokValType method and binSecTokValType
148# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
149# give full namespace to alternative - see
150# ZSI.wstools.Namespaces.OASIS.X509TOKEN
151#
152# binSecTokValType determines whether signingCert or signingCertChain
153# attributes will be used.
154wssecurity.reqBinSecTokValType=X509v3
155
156# Add a timestamp element to an outbound message
157wssecurity.addTimestamp=True
158
159# For WSSE 1.1 - service returns signature confirmation containing signature
160# value sent by client
161wssecurity.applySignatureConfirmation=True
162
163
164# Logging configuration
165[loggers]
166keys = root, ndg
167
168[handlers]
169keys = console
170
171[formatters]
172keys = generic
173
174[logger_root]
175level = INFO
176handlers = console
177
178[logger_ndg]
179level = DEBUG
180handlers = 
181qualname = ndg
182
183[handler_console]
184class = StreamHandler
185args = (sys.stderr,)
186level = NOTSET
187formatter = generic
188
189[formatter_generic]
190format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
191datefmt = %Y/%m/%d %H:%M:%S
Note: See TracBrowser for help on using the repository browser.