Context Navigation

source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml @ 4139

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml@4139

Visit:

Revision 4139, 5.8 KB checked in by cbyrom, 13 years ago (diff)
Further standardise property keywords - consolidating caCertFileList into caCertFilePathList.

Line
1	<?xml version="1.0" encoding="utf-8"?>
2	<sessMgrProp>
3	<!-- the port number the service is to run on -->
4	<portNum></portNum>
5	<!--
6	Flag for SSL - set to something to stipulate http, leave blank to use
7	http
8	-->
9	<useSSL>Yes</useSSL>
10	<!-- X.509 certificate for SSL connections - ignored if useSSL is blank-->
11	<sslCertFile>$NDGSEC_DIR/conf/certs/hostcert.pem</sslCertFile>
12	<!-- Private key file for SSL - ignored if useSSL is blank -->
13	<sslKeyFile>$NDGSEC_DIR/conf/certs/hostkey.pem</sslKeyFile>
14	<!--
15	Directory containing CA cert.s to verify SSL peer cert against
16	- ignored if useSSL is blank -->
17	<sslCACertDir>$NDGSEC_DIR/conf/certs/ca</sslCACertDir>
18	<!--
19	PKI settings for WS-Security signature of outbound SOAP messages
20	-->
21	<!-- NB, if no signature handling is required, do not include this element -->
22	<WS-Security>
23	<!-- X.509 certificate included in SOAP header -->
24	<signingCertFilePath>$NDGSEC_DIR/conf/certs/sm-cert.pem</signingCertFilePath>
25	<!-- corresponding private key used to sign the SOAP message -->
26	<signingPriKeyFilePath>$NDGSEC_DIR/conf/certs/sm-key.pem</signingPriKeyFilePath>
27	<!-- Password protecting private key file - leave blank if none set -->
28	<signingPriKeyPwd></signingPriKeyPwd>
29	<!--
30	Inclusive namespace prefixes for reference and SignedInfo sections of
31	WS-Security digital signature
32	-->
33	<refC14nInclNS></refC14nInclNS>
34	<signedInfoC14nInclNS></signedInfoC14nInclNS>
35	<!--
36	CA Certificates used to verify X.509 certs used in peer SOAP messages,
37	and Attribute Certificates.
38
39	The CA certificates of other NDG trusted sites should go here.
40	-->
41	<caCertFilePathList>
42	<caCertFile>$NDGSEC_DIR/conf/certs/ca/cacert.pem</caCertFile>
43	</caCertFilePathList>
44	<!--
45	Set the certificate used to verify the signature of messages from the
46	client. This can usually be left blank since the client is expected to
47	include the cert with the signature in the inbound SOAP message
48	-->
49	<verifyingCertPath></verifyingCertPath>
50	</WS-Security>
51	<!--
52	Following two settings may be left blank. These fields are likely to be
53	removed from a future version
54	-->
55	<sessMgrEncrKey></sessMgrEncrKey>
56	<sessMgrURI></sessMgrURI>
57	<!--
58	Domain defaults to the server host - any more generic setting could be a
59	a security risk. Leave blank to default to the fully qualified domain
60	name of the server.
61	-->
62	<cookieDomain></cookieDomain>
63	<!-- MyProxy Client properties -->
64	<myProxyProp>
65	<!--
66	Delete this element and take setting from MYPROXY_SERVER environment
67	variable if required
68	-->
69	<hostname>localhost</hostname>
70	<!--
71	Delete this element to take default setting 7512 or read
72	MYPROXY_SERVER_PORT setting
73	-->
74	<port>7512</port>
75	<!--
76	Useful if hostname and certificate CN don't match correctly. Globus
77	host DN is set to "host/<fqdn>". Delete this element and set from
78	MYPROXY_SERVER_DN environment variable if prefered
79	<serverDN></serverDN>
80	-->
81	<!--
82	Set "host/" prefix to host cert CN as is default with globus
83	-->
84	<serverCNprefix>host/</serverCNprefix>
85	<!--
86	This directory path is used to locate the OpenSSL configuration file
87
88	The settings are used to set up the defaults for the Distinguished Name of
89	the new proxy cert. issued
90
91	GLOBUS_LOCATION or GRID_SECURITY_DIR environment variables may be used
92	but the settings can be independent of any Globus installation
93	-->
94	<openSSLConfFilePath>$NDGSEC_DIR/conf/openssl.conf</openSSLConfFilePath>
95	<tmpDir>/tmp</tmpDir>
96	<!--
97	Limit on maximum lifetime any proxy certificate can have -
98	specified when a certificate is first created by store() method
99	-->
100	<proxyCertMaxLifetime>43200</proxyCertMaxLifetime> <!-- in seconds -->
101	<!--
102	Life time of a proxy certificate when issued from the Proxy Server
103	with ndg.security.server.MyProxy.getDelegation() method
104	-->
105	<proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds -->
106	<!--
107	CA certificate applied to verify peer certificate against in
108	SSL connection to MyProxy server
109	-->
110	<caCertFile>$NDGSEC_DIR/conf/certs/cacert.pem</caCertFile>
111	</myProxyProp>
112	<!--
113	Properties for a Session Manager client to a Simple CA.
114	Not currently used and likely to be removed from a future release
115	-->
116	<simpleCACltProp>
117	<uri></uri>
118	<xmlSigKeyFile></xmlSigKeyFile>
119	<xmlSigCertFile></xmlSigCertFile>
120	<xmlSigCertPwd></xmlSigCertPwd>
121	</simpleCACltProp>
122	<!--
123	<simpleCASrvProp>
124	<certExpiryDate></certExpiryDate>
125	<certLifetimeDays></certLifetimeDays>
126	<certTmpDir></certTmpDir>
127	<caCertFile></caCertFile>
128	<signExe></signExe>
129	<path></path>
130	</simpleCASrvProp>
131	-->
132	<!--
133	Settings for Credential Repository plugin
134	-->
135	<credReposProp>
136	<!--
137	File path to plugin module - may be left blank if
138	module is included in the current PYTHONPATH
139	-->
140	<modFilePath></modFilePath>
141	<!--
142	Module name - the default is an empty stub
143	-->
144	<modName>ndg.security.common.CredWallet</modName>
145	<!-- Name of class in module to instantiate -->
146	<className>NullCredRepos</className>
147	<!--
148	Optional Properties file argument to Credential
149	Repository class. This is include to enable custom
150	settings to be defined from an external configuration file
151	-->
152	<propFile></propFile>
153	</credReposProp>
154	</sessMgrProp>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: