source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/authz/xacml/saml_ctx_handler.cfg @ 7698

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/authz/xacml/saml_ctx_handler.cfg@7698
Revision 7698, 2.0 KB checked in by pjkersha, 10 years ago (diff)

Integrated SAML ESGF Group/Role? attribute value type into SAML Attribute Authority client unit tests.

Line 
1#
2# NDG Security XACML Context handler configuration file
3#
4# NERC DataGrid
5#
6# Author: P J Kershaw
7#
8# Date: 11/08/10
9#
10# Copyright: STFC 2010
11#
12# Licence: BSD - See top-level LICENCE file for licence details
13#
14# $Id$
15[DEFAULT]
16saml_ctx_handler.policyFilePath = $NDGSEC_TEST_CONFIG_DIR/authorisationservice/policy.xml
17
18# Details for SAML authorisation decision response to a Policy Enforcement Point
19# making a decision query
20saml_ctx_handler.issuerName = O=NDG, OU=Security, CN=localhost
21saml_ctx_handler.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName
22saml_ctx_handler.assertionLifetime = 86400
23
24# Add Earth System Grid custom types and functions to XACML
25saml_ctx_handler.xacmlExtFunc = ndg.security.server.xacml.esgf_ext:addEsgfXacmlSupport
26
27#
28# Policy Information Point interface settings
29#
30# The Context handler is a client to the PIP, passing on attribute queries
31# on behalf of the PDP onwards to the PIP
32
33#
34# Attribute ID -> Attribute Authority mapping file.  The PIP, on receipt of a
35# query from the XACML context handler, checks the attribute(s) being queried
36# for and looks up this mapping to determine which attribute authority to query
37# to find out if the subject has the attribute in their entitlement
38saml_ctx_handler.pip.mappingFilePath = %(here)s/pip-mapping.txt
39
40# The attribute ID of the subject value to extract from the XACML request
41# context and pass in the SAML attribute query
42saml_ctx_handler.pip.subjectAttributeId = urn:esg:openid
43
44# The context handler
45saml_ctx_handler.pip.attributeQuery.issuerName = %(saml_ctx_handler.issuerName)s
46saml_ctx_handler.pip.attributeQuery.issuerFormat = %(saml_ctx_handler.issuerFormat)s
47
48# These settings configure SSL mutual authentication for the query to the SAML Attribute Authority
49saml_ctx_handler.pip.attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.crt
50saml_ctx_handler.pip.attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.key
51saml_ctx_handler.pip.attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca
Note: See TracBrowser for help on using the repository browser.