source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml @ 4139

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml@4139
Revision 4139, 5.8 KB checked in by cbyrom, 13 years ago (diff)

Further standardise property keywords - consolidating caCertFileList into
caCertFilePathList.

Line 
1<?xml version="1.0" encoding="utf-8"?>
2<sessMgrProp>
3    <!-- the port number the service is to run on -->
4    <portNum></portNum> 
5    <!--
6    Flag for SSL - set to something to stipulate http, leave blank to use
7    http
8    -->
9    <useSSL>Yes</useSSL>
10    <!-- X.509 certificate for SSL connections - ignored if useSSL is blank--> 
11    <sslCertFile>$NDGSEC_DIR/conf/certs/hostcert.pem</sslCertFile>
12    <!-- Private key file for SSL  - ignored if useSSL is blank -->
13    <sslKeyFile>$NDGSEC_DIR/conf/certs/hostkey.pem</sslKeyFile>
14    <!--
15    Directory containing CA cert.s to verify SSL peer cert against
16     - ignored if useSSL is blank -->
17    <sslCACertDir>$NDGSEC_DIR/conf/certs/ca</sslCACertDir>
18    <!--
19    PKI settings for WS-Security signature of outbound SOAP messages
20    -->
21    <!--  NB, if no signature handling is required, do not include this element -->
22    <WS-Security>
23            <!-- X.509 certificate included in SOAP header -->
24            <signingCertFilePath>$NDGSEC_DIR/conf/certs/sm-cert.pem</signingCertFilePath>
25            <!-- corresponding private key used to sign the SOAP message -->
26            <signingPriKeyFilePath>$NDGSEC_DIR/conf/certs/sm-key.pem</signingPriKeyFilePath>
27            <!-- Password protecting private key file - leave blank if none set -->
28            <signingPriKeyPwd></signingPriKeyPwd>
29            <!--
30            Inclusive namespace prefixes for reference and SignedInfo sections of
31                WS-Security digital signature
32            -->
33        <refC14nInclNS></refC14nInclNS>
34                <signedInfoC14nInclNS></signedInfoC14nInclNS>
35        <!--
36        CA Certificates used to verify X.509 certs used in peer SOAP messages,
37            and Attribute Certificates.
38   
39            The CA certificates of other NDG trusted sites should go here.
40            -->
41        <caCertFilePathList>
42                <caCertFile>$NDGSEC_DIR/conf/certs/ca/cacert.pem</caCertFile>
43        </caCertFilePathList>
44            <!--
45        Set the certificate used to verify the signature of messages from the
46            client.  This can usually be left blank since the client is expected to
47        include the cert with the signature in the inbound SOAP message
48            -->
49            <verifyingCertPath></verifyingCertPath>
50        </WS-Security> 
51    <!--
52    Following two settings may be left blank.  These fields are likely to be
53    removed from a future version
54    -->   
55    <sessMgrEncrKey></sessMgrEncrKey>
56    <sessMgrURI></sessMgrURI>
57    <!--
58    Domain defaults to the server host - any more generic setting could be a
59    a security risk.  Leave blank to default to the fully qualified domain
60    name of the server.
61    -->
62    <cookieDomain></cookieDomain>
63    <!-- MyProxy Client properties -->
64    <myProxyProp>
65        <!--
66        Delete this element and take setting from MYPROXY_SERVER environment
67        variable if required
68        -->
69        <hostname>localhost</hostname>
70        <!--
71        Delete this element to take default setting 7512 or read
72        MYPROXY_SERVER_PORT setting
73        -->
74        <port>7512</port>
75        <!--
76        Useful if hostname and certificate CN don't match correctly.  Globus
77        host DN is set to "host/<fqdn>".  Delete this element and set from
78        MYPROXY_SERVER_DN environment variable if prefered
79        <serverDN></serverDN>
80        -->
81        <!--
82        Set "host/" prefix to host cert CN as is default with globus
83        -->
84        <serverCNprefix>host/</serverCNprefix>   
85        <!--
86        This directory path is used to locate the OpenSSL configuration file
87       
88        The settings are used to set up the defaults for the Distinguished Name of
89        the new proxy cert. issued
90       
91        GLOBUS_LOCATION or GRID_SECURITY_DIR environment variables may be used
92        but the settings can be independent of any Globus installation
93        -->
94        <openSSLConfFilePath>$NDGSEC_DIR/conf/openssl.conf</openSSLConfFilePath>
95        <tmpDir>/tmp</tmpDir>
96        <!--
97            Limit on maximum lifetime any proxy certificate can have -
98            specified when a certificate is first created by store() method
99        -->
100        <proxyCertMaxLifetime>43200</proxyCertMaxLifetime> <!-- in seconds -->
101        <!--
102            Life time of a proxy certificate when issued from the Proxy Server
103            with ndg.security.server.MyProxy.getDelegation() method
104        -->
105        <proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds -->
106        <!--
107        CA certificate applied to verify peer certificate against in
108        SSL connection to MyProxy server
109        -->
110        <caCertFile>$NDGSEC_DIR/conf/certs/cacert.pem</caCertFile>
111    </myProxyProp>
112    <!--
113    Properties for a Session Manager client to a Simple CA.
114    Not currently used and likely to be removed from a future release
115    -->
116    <simpleCACltProp>
117        <uri></uri>
118        <xmlSigKeyFile></xmlSigKeyFile>
119        <xmlSigCertFile></xmlSigCertFile>
120        <xmlSigCertPwd></xmlSigCertPwd>
121    </simpleCACltProp>
122    <!--
123    <simpleCASrvProp>
124        <certExpiryDate></certExpiryDate>
125        <certLifetimeDays></certLifetimeDays>
126        <certTmpDir></certTmpDir>
127        <caCertFile></caCertFile>
128        <signExe></signExe>
129        <path></path>
130    </simpleCASrvProp>
131    -->
132    <!--
133    Settings for Credential Repository plugin
134    -->
135    <credReposProp>
136        <!--
137        File path to plugin module - may be left blank if
138        module is included in the current PYTHONPATH
139        -->
140        <modFilePath></modFilePath>
141        <!--
142        Module name - the default is an empty stub
143        -->
144        <modName>ndg.security.common.CredWallet</modName>
145        <!-- Name of class in module to instantiate -->
146        <className>NullCredRepos</className>
147        <!--
148        Optional Properties file argument to Credential
149        Repository class.  This is include to enable custom
150        settings to be defined from an external configuration file
151        -->
152        <propFile></propFile>
153    </credReposProp>
154</sessMgrProp>
Note: See TracBrowser for help on using the repository browser.